alakesh / opendpi

Automatically exported from code.google.com/p/opendpi
GNU Lesser General Public License v3.0
0 stars 0 forks source link

[PATCH] OpenDPI Battlefield2 detection #11

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Setup OpenDPI netfilter rule to match the battlefield protocol
2. run "watch -n0 iptables -nvL" and monitor the matched packet count
3. Run BF2 and join a server

What is the expected output? What do you see instead?
  Expect to see packets match the rule but non match at all

What version of the product are you using? On what operating system?
  1.2.0 on Debian Linux 6.0 (Squeeze)

Please provide any additional information below.
  The battlefield protocol match patterns seem to search for the string "battlefield2" and a few other things. By using tcpdump and wireshark I have not been able to locate either of these patterns for battlefield 2.

I have reversed the server information packet that is sent to the client on 
each connection to the server and modified the battlefield.c source, this works 
great and I am able to reliably detect BF2 connections.

I have attached the patch to fix this, but it needs review as BF2 matching may 
need to be broken out from BF1942 since this packet is sent only once and the 
BF1942 code is designed to sample every N ms.

Original issue reported on code.google.com by ge...@spacevs.com on 25 Mar 2011 at 3:44

Attachments:

GoogleCodeExporter commented 8 years ago
It sames like that opendpi forget qqlive protocol.

Original comment by hdh122...@126.com on 27 Apr 2011 at 2:11