Skip to content

Commit

Permalink
Mullvad VPN service added (based on entry node IP addresses)
Browse files Browse the repository at this point in the history
  • Loading branch information
snicket2100 committed Jul 28, 2023
1 parent bc91192 commit b42e661
Show file tree
Hide file tree
Showing 8 changed files with 622 additions and 2 deletions.
10 changes: 10 additions & 0 deletions doc/protocols.rst
Original file line number Diff line number Diff line change
Expand Up @@ -90,3 +90,13 @@ References: `Main site <https://www.roblox.com/>`_.
Notes:

- Since Roblox games use a custom version of the RakNet protocol, some Roblox flows might be classified as RakNet.


.. _Proto 347:

`NDPI_PROTOCOL_MULLVAD`
========================
Mullvad is a VPN service operated by Mullvad VPN AB, based in Sweden

References: `Main site https://mullvad.net/`

1 change: 1 addition & 0 deletions src/include/ndpi_protocol_ids.h
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,7 @@ typedef enum {
NDPI_PROTOCOL_PROTONVPN = 344,
NDPI_PROTOCOL_APACHE_THRIFT = 345,
NDPI_PROTOCOL_ROBLOX = 346,
NDPI_PROTOCOL_MULLVAD = 347,

#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
Expand Down
1 change: 1 addition & 0 deletions src/include/ndpi_typedefs.h
Original file line number Diff line number Diff line change
Expand Up @@ -1762,6 +1762,7 @@ typedef enum {
See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf */
ndpi_disable_fully_encrypted_heuristic = (1 << 21),
ndpi_dont_load_protonvpn_exit_nodes_list = (1 << 22),
ndpi_dont_load_mullvad_list = (1 << 23),
} ndpi_prefs;

typedef struct {
Expand Down
567 changes: 567 additions & 0 deletions src/lib/inc_generated/ndpi_mullvad_match.c.inc

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions src/lib/ndpi_content_match.c.inc
Original file line number Diff line number Diff line change
Expand Up @@ -1399,6 +1399,8 @@ static ndpi_protocol_match host_match[] =
{ "roblox.com", "Roblox", NDPI_PROTOCOL_ROBLOX, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "rbxcdn.com", "Roblox", NDPI_PROTOCOL_ROBLOX, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },

{ "mullvad.net", "Mullvad", NDPI_PROTOCOL_MULLVAD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },

/*
ADS/tracking/analytic
*/
Expand Down
11 changes: 9 additions & 2 deletions src/lib/ndpi_main.c
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
#include "inc_generated/ndpi_icloud_private_relay_match.c.inc"
#include "inc_generated/ndpi_protonvpn_in_match.c.inc"
#include "inc_generated/ndpi_protonvpn_out_match.c.inc"
#include "inc_generated/ndpi_mullvad_match.c.inc"
#include "inc_generated/ndpi_asn_telegram.c.inc"
#include "inc_generated/ndpi_asn_apple.c.inc"
#include "inc_generated/ndpi_asn_twitter.c.inc"
Expand Down Expand Up @@ -1303,7 +1304,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Reddit", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WIREGUARD,
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WIREGUARD,
"WireGuard", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 51820, 0, 0, 0, 0) /* UDP */);
Expand Down Expand Up @@ -2147,7 +2148,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Roblox", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);

ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MULLVAD,
"Mullvad", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);

#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_main.c"
Expand Down Expand Up @@ -2879,6 +2883,9 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
if(!(prefs & ndpi_dont_load_protonvpn_list))
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_protonvpn_protocol_list);

if(!(prefs & ndpi_dont_load_mullvad_list))
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_mullvad_protocol_list);

if(!(prefs & ndpi_dont_load_asn_lists)) {
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_telegram_protocol_list);
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_apple_protocol_list);
Expand Down
30 changes: 30 additions & 0 deletions utils/mullvad_ip_addresses_download.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

set -e

cd "$(dirname "${0}")" || exit 1
. ./common.sh || exit 1

DEST=../src/lib/inc_generated/ndpi_mullvad_match.c.inc
TMP=/tmp/mullvad.json
LIST=/tmp/mullvad.list
LIST_MERGED=/tmp/mullvad.list.merged
ORIGIN=https://api-www.mullvad.net/www/relays/all/


echo "(1) Downloading file..."
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
check_http_response "${http_response}"
is_file_empty "${TMP}"

echo "(2) Processing IP addresses..."
jq -r '.[].ipv4_addr_in' $TMP > $LIST # TODO: ipv6
is_file_empty "${LIST}"
./mergeipaddrlist.py $LIST > $LIST_MERGED
./ipaddr2list.py $LIST_MERGED NDPI_PROTOCOL_MULLVAD > $DEST
is_file_empty "${DEST}"

rm -f $TMP $LIST $LIST_MERGED

echo "(3) Mullvad IPs are available in $DEST"
exit 0
2 changes: 2 additions & 0 deletions utils/update_every_lists.sh
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ RETVAL=$(( RETVAL + $? ))

./gambling_sites_download.sh
RETVAL=$(( RETVAL + $? ))
./mullvad_ip_addresses_download.sh
RETVAL=$(( RETVAL + $? ))
./protonvpn_ip_addresses_download.sh
RETVAL=$(( RETVAL + $? ))

Expand Down

0 comments on commit b42e661

Please sign in to comment.