Add support Yandex Alice (#2633)

Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
ntop · Nov 29, 2024 · 74792e4 · 74792e4
1 parent 3fcd67c
commit 74792e4
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 15 deletions.
diff --git a/doc/protocols.rst b/doc/protocols.rst
@@ -1063,4 +1063,13 @@ References: `Wikipwdia <https://en.wikipedia.org/wiki/DICOM/>`_
 =============================
 Paramount+ (formerly CBS All Access and 10 All Access in Australia until 2021) is an American subscription video on-demand over-the-top streaming service owned by Paramount Global.
 
-References: `Main site <https://www.paramountplus.com/>`_
+References: `Main site <https://www.paramountplus.com/>`_
+
+
+.. _Proto 440:
+
+`NDPI_PROTOCOL_YANDEX_ALICE`
+=============================
+Yandex Alice is a voice assistant developed by Yandex, providing answers, performing tasks, and supporting smart home integration, similar to Alexa or Google Assistant.
+
+References: `Main site <https://yandex.ru/dev/dialogs/alice/doc/ru/protocol/>`_
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
@@ -468,6 +468,7 @@ typedef enum {
   NDPI_PROTOCOL_MIKROTIK              = 437,
   NDPI_PROTOCOL_DICOM                 = 438, /* Hospital Protocol */
   NDPI_PROTOCOL_PARAMOUNTPLUS         = 439,
+  NDPI_PROTOCOL_YANDEX_ALICE          = 440,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"

diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
@@ -1410,7 +1410,12 @@ static ndpi_protocol_match host_match[] =
    { "cloud.yandex.",                    "YandexCloud", NDPI_PROTOCOL_YANDEX_CLOUD, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
    { "metrika.yandex.",                  "YandexMetrika", NDPI_PROTOCOL_YANDEX_METRIKA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
    { "direct.yandex.",                   "YandexDirect", NDPI_PROTOCOL_YANDEX_DIRECT, CUSTOM_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
-
+
+   { "quasar.yandex.ru",                 "YandexAlice", NDPI_PROTOCOL_YANDEX_ALICE, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "scbh.yandex.net",                  "YandexAlice", NDPI_PROTOCOL_YANDEX_ALICE, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "report.appmetrica.yandex.net",     "YandexAlice", NDPI_PROTOCOL_YANDEX_ALICE, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "uniproxy.alice.yandex.net",        "YandexAlice", NDPI_PROTOCOL_YANDEX_ALICE, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+
    { "riotgames.com",                    "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
    { "pvp.net",                          "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
    { "riotcdn.net",                      "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},

diff --git a/tests/cfgs/default/pcap/sites2.pcapng b/tests/cfgs/default/pcap/sites2.pcapng
diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -26,6 +26,6 @@ CustomProtocolC	3	222	1
 
 Acceptable                       8 592           3            
 
-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.446/TLS.CustomProtocolA][IP: 446/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.447/TLS.CustomProtocolA][IP: 447/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 447/CustomProtocolB][IP: 447/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 448/CustomProtocolB][IP: 448/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/sites2.pcapng.out b/tests/cfgs/default/result/sites2.pcapng.out
@@ -1,31 +1,32 @@
-DPI Packets (TCP):	25	(6.25 pkts/flow)
-Confidence DPI              : 4 (flows)
-Num dissector calls: 4 (1.00 diss/flow)
+DPI Packets (TCP):	31	(6.20 pkts/flow)
+Confidence DPI              : 5 (flows)
+Num dissector calls: 19 (3.80 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache fpc_dns:    0/4/0 (insert/search/found)
-Automa host:          4/4 (search/found)
-Automa domain:        4/0 (search/found)
+LRU cache fpc_dns:    0/5/0 (insert/search/found)
+Automa host:          5/5 (search/found)
+Automa domain:        5/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
 Automa common alpns:  6/6 (search/found)
 Patricia risk mask:   0/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   6/2 (search/found)
+Patricia protocols:   7/3 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
 Shein	13	5080	1
 Temu	20	7323	1
 Taobao	15	7085	1
 ParamountPlus	4	797	1
+YandexAlice	10	882	1
 
-Acceptable                      48 19488         3            
+Acceptable                      58 20370         4            
 Fun                              4 797           1            
 
 JA3 Host Stats: 
@@ -36,4 +37,5 @@ JA3 Host Stats:
 	1	TCP 192.168.12.67:47694 <-> 20.15.0.9:443 [proto: 91.435/TLS.Temu][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Shopping/27][10 pkts/1963 bytes <-> 10 pkts/5360 bytes][Goodput ratio: 71/90][0.54 sec][Hostname/SNI: gtm.temu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/49 282/342 86/112][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 196/536 571/1514 206/532][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA3C: 92768199641a57091d8ad9085387a16f][JA4: t13d1712h2_5b57614c22b0_3f5d972527c0][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,0,0,0,25,0,0,0,0,0,0,16,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
 	2	TCP 192.168.12.67:43446 <-> 59.82.122.224:443 [proto: 91.436/TLS.Taobao][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Shopping/27][9 pkts/2792 bytes <-> 6 pkts/4293 bytes][Goodput ratio: 82/92][0.78 sec][Hostname/SNI: umdc.taobao.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.212 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/64 269/253 125/109][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 310/716 1078/1514 359/618][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA3C: 9b02ebd3a43b62d825e1ac605b621dc8][JA4: t13d1713ht_5b57614c22b0_eca864cca44a][ServerNames: *.alibabachengdun.com,*.alibabachengdun.net,umdc.aliapp.org,*.ynuf.aliapp.org,sgynuf.alibaba.com,pum.m.alibaba.com,ynuf.aliapp.org,mum.hzchengdun.com,mum.m.alibaba.com,umdc.alibaba-inc.com,umidiot.aliapp.org,us-mum.alibabachengdun.com,sg-pum.alibabachengdun.com,sg-pum.alibabachengdun.net,umdc.taobao.com,umdc.tmall.com,alibabachengdun.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabachengdun.com][Certificate SHA-1: A4:84:85:BF:7A:3D:54:C0:EE:F2:8B:39:E7:ED:56:FB:74:6B:5E:61][Safari][Validity: 2024-09-11 08:46:01 - 2025-09-04 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	3	TCP 192.168.12.67:46892 <-> 2.23.155.106:443 [proto: 91.434/TLS.Shein][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Shopping/27][7 pkts/1067 bytes <-> 6 pkts/4013 bytes][Goodput ratio: 56/90][0.09 sec][Hostname/SNI: img.shein.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/5 58/19 21/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 152/669 583/1514 178/648][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA3C: f79b6bad2ad0641e1921aef10262856b][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
-	4	TCP 192.168.12.67:39974 <-> 151.101.1.233:443 [proto: 91.439/TLS.ParamountPlus][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.01 sec][Hostname/SNI: vod-gcs-cedexis.cbsaavideo.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA3C: f79b6bad2ad0641e1921aef10262856b][JA4: t13d1513ht_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (cedexis.c)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.0.100:52124 <-> 213.180.193.9:80 [proto: 7.440/HTTP.YandexAlice][IP: 25/Yandex][ClearText][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][6 pkts/532 bytes <-> 4 pkts/350 bytes][Goodput ratio: 24/22][0.02 sec][Hostname/SNI: scbh.yandex.net][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 7/8 3/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/88 194/144 47/33][URL: scbh.yandex.net/generate_204][StatusCode: 204][User-Agent: yandexmini_2/0.270.1.48.2683694502.20241115.199][TCP Fingerprint: 2_64_29200_d853e95bd80f/Linux][PLAIN TEXT (HEAD /generate)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 192.168.12.67:39974 <-> 151.101.1.233:443 [proto: 91.439/TLS.ParamountPlus][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.01 sec][Hostname/SNI: vod-gcs-cedexis.cbsaavideo.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA3C: f79b6bad2ad0641e1921aef10262856b][JA4: t13d1513ht_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (cedexis.c)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]