ntop
diff --git a/‎doc/protocols.rst
Lines changed: 9 additions & 0 deletions b/‎doc/protocols.rst
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/include/ndpi_protocol_ids.h
Lines changed: 1 addition & 0 deletions b/‎src/include/ndpi_protocol_ids.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/lib/ndpi_main.c
Lines changed: 7 additions & 0 deletions b/‎src/lib/ndpi_main.c
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/lib/ndpi_private.h
Lines changed: 1 addition & 0 deletions b/‎src/lib/ndpi_private.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/lib/protocols/ceph.c
Lines changed: 63 additions & 0 deletions b/‎src/lib/protocols/ceph.c
Lines changed: 63 additions & 0 deletions
diff --git a/‎tests/cfgs/caches_cfg/result/ookla.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/caches_cfg/result/ookla.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/caches_cfg/result/teams.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/caches_cfg/result/teams.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/pcap/ceph.pcap
13.7 KB b/‎tests/cfgs/default/pcap/ceph.pcap
13.7 KB
diff --git a/‎tests/cfgs/default/result/1kxun.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/1kxun.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/443-chrome.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/443-chrome.pcap.out
Lines changed: 1 addition & 1 deletion
@@ -447,3 +447,12 @@ Notes:
 HL7 is a range of global standards for the transfer of clinical and administrative health data between applications.
 
 References: `Main site <https://www.hl7.org/>`_
+
+
+.. _Proto 381:
+
+`NDPI_PROTOCOL_CEPH`
+=========================
+Ceph is a scalable distributed storage system.
+
+References: `Main site <https://ceph.io/en/>`_
@@ -409,6 +409,7 @@ typedef enum {
   NDPI_PROTOCOL_NOMACHINE             = 378,
   NDPI_PROTOCOL_IEC62056              = 379,
   NDPI_PROTOCOL_HL7                   = 380,
+  NDPI_PROTOCOL_CEPH                  = 381,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
 
@@ -2231,6 +2231,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "HL7", NDPI_PROTOCOL_CATEGORY_RPC,
 			  ndpi_build_default_ports(ports_a, 2575, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CEPH,
+			  "Ceph", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
+			  ndpi_build_default_ports(ports_a, 3300, 6789, 0, 0, 0) /* TCP */,
+			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
@@ -5746,6 +5750,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* HL7 */
   init_hl7_dissector(ndpi_str, &a);
 
+  /* Ceph */
+  init_ceph_dissector(ndpi_str, &a);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif
 
@@ -643,6 +643,7 @@ void init_kafka_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 void init_nomachine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_iec62056_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_hl7_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_ceph_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 
 #endif
 
 
@@ -0,0 +1,63 @@
+/*
+ * ceph.c
+ *
+ * Copyright (C) 2023 - ntop.org
+ * Copyright (C) 2023 - V.G <[email protected]>
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ * 
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CEPH
+
+#include "ndpi_api.h"
+#include "ndpi_private.h"
+
+static void ndpi_search_ceph(struct ndpi_detection_module_struct *ndpi_struct,
+                             struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search Ceph\n");
+
+  /* The protocol starts with a handshake, where the client's request and 
+   * the server's response always contain a Ceph version string (ceph v027 
+   * for example). */
+  if (packet->payload_packet_len > NDPI_STATICSTRING_LEN("ceph v") &&
+      memcmp(packet->payload, "ceph v", NDPI_STATICSTRING_LEN("ceph v")) == 0)
+  {
+    NDPI_LOG_INFO(ndpi_struct, "found Ceph\n");
+    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CEPH,
+                               NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+    return;
+  }
+
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+}
+
+void init_ceph_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
+{
+  ndpi_set_bitmask_protocol_detection("Ceph", ndpi_struct, *id,
+				      NDPI_PROTOCOL_CEPH,
+				      ndpi_search_ceph,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+  *id += 1;
+}
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	40	(6.67 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 553 (92.17 diss/flow)
+Num dissector calls: 556 (92.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 80 (flows)
-Num dissector calls: 531 (6.40 diss/flow)
+Num dissector calls: 532 (6.41 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4880 (24.77 diss/flow)
+Num dissector calls: 4883 (24.79 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 137 (137.00 diss/flow)
+Num dissector calls: 138 (138.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)