Updated protocol dissector serialisation code. (#1767)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-10-15 12:58:44 +0200
committer: GitHub <noreply@github.com> 2022-10-15 12:58:44 +0200
commit: 01622c4c63f2968da101bedff0db0e8578b04a9b (patch)
tree: 852c5f5c62875e6f259e1e4f95aac85af3b6c3c4
parent: 2d153fba45325e4fe716ff92a44eb67fe0fcea72 (diff)
3 files changed, 45 insertions, 4 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 4652463ab..f39b2b6bd 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1479,7 +1479,7 @@ struct ndpi_flow_struct {
     } snmp;
 
     struct {
-      char identity_uuid[36];
+      char identity_uuid[37];
       char machine[48];
       char platform[32];
       char services[48];
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 9d5ea70bc..08fc396b0 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1126,6 +1126,9 @@ void ndpi_serialize_proto(struct ndpi_detection_module_struct *ndpi_struct,
   ndpi_serialize_confidence(serializer, confidence);
   ndpi_serialize_string_string(serializer, "proto", ndpi_protocol2name(ndpi_struct, l7_protocol, buf, sizeof(buf)));
   ndpi_serialize_string_string(serializer, "proto_id", ndpi_protocol2id(ndpi_struct, l7_protocol, buf, sizeof(buf)));
+  ndpi_serialize_string_string(serializer, "proto_by_ip", ndpi_get_proto_name(ndpi_struct,
+                                                                              l7_protocol.protocol_by_ip));
+  ndpi_serialize_string_uint32(serializer, "proto_by_ip_id", l7_protocol.protocol_by_ip);
   ndpi_serialize_string_uint32(serializer, "encrypted", ndpi_is_encrypted_proto(ndpi_struct, l7_protocol));
   ndpi_protocol_breed_t breed =
     ndpi_get_proto_breed(ndpi_struct,
@@ -1279,6 +1282,12 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
     }
     break;
 
+  case NDPI_PROTOCOL_COLLECTD:
+    ndpi_serialize_start_of_block(serializer, "collectd");
+    ndpi_serialize_string_string(serializer, "client_username", flow->protos.collectd.client_username);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+
   case NDPI_PROTOCOL_DNS:
     ndpi_serialize_start_of_block(serializer, "dns");
     ndpi_serialize_string_uint32(serializer, "num_queries", flow->protos.dns.num_queries);
@@ -1337,6 +1346,22 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
     ndpi_serialize_end_of_block(serializer);
     break;
 
+  case NDPI_PROTOCOL_RSH:
+    ndpi_serialize_start_of_block(serializer, "rsh");
+    ndpi_serialize_string_string(serializer, "client_username", flow->protos.rsh.client_username);
+    ndpi_serialize_string_string(serializer, "server_username", flow->protos.rsh.server_username);
+    ndpi_serialize_string_string(serializer, "command", flow->protos.rsh.command);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+
+  case NDPI_PROTOCOL_SNMP:
+    ndpi_serialize_start_of_block(serializer, "snmp");
+    ndpi_serialize_string_uint32(serializer, "version", flow->protos.snmp.version);
+    ndpi_serialize_string_uint32(serializer, "primitive", flow->protos.snmp.primitive);
+    ndpi_serialize_string_uint32(serializer, "error_status", flow->protos.snmp.error_status);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+
   case NDPI_PROTOCOL_STUN:
     ndpi_serialize_start_of_block(serializer, "stun");
     ndpi_serialize_string_uint32(serializer, "num_pkts", flow->stun.num_pkts);
@@ -1354,6 +1379,21 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
     ndpi_serialize_end_of_block(serializer);
     break;
 
+  case NDPI_PROTOCOL_TFTP:
+    ndpi_serialize_start_of_block(serializer, "tftp");
+    ndpi_serialize_string_string(serializer, "filename", flow->protos.tftp.filename);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+
+  case NDPI_PROTOCOL_TIVOCONNECT:
+    ndpi_serialize_start_of_block(serializer, "tivoconnect");
+    ndpi_serialize_string_string(serializer, "identity_uuid", flow->protos.tivoconnect.identity_uuid);
+    ndpi_serialize_string_string(serializer, "machine", flow->protos.tivoconnect.machine);
+    ndpi_serialize_string_string(serializer, "platform", flow->protos.tivoconnect.platform);
+    ndpi_serialize_string_string(serializer, "services", flow->protos.tivoconnect.services);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+
   case NDPI_PROTOCOL_HTTP:
   case NDPI_PROTOCOL_HTTP_CONNECT:
   case NDPI_PROTOCOL_HTTP_PROXY:
diff --git a/tests/unit/unit.c b/tests/unit/unit.c
index 5123155e0..f399d924c 100644
--- a/tests/unit/unit.c
+++ b/tests/unit/unit.c
@@ -270,6 +270,7 @@ int serializeProtoUnitTest(void)
 
     ndpi_protocol ndpi_proto = { .master_protocol = NDPI_PROTOCOL_TLS,
                                  .app_protocol = NDPI_PROTOCOL_FACEBOOK,
+                                 .protocol_by_ip = NDPI_PROTOCOL_FACEBOOK,
                                  .category = NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK };
     ndpi_risk risks = 0;
     NDPI_SET_BIT(risks, NDPI_MALFORMED_PACKET);
@@ -286,7 +287,7 @@ int serializeProtoUnitTest(void)
       buffer_len = 0;
       buffer = ndpi_serializer_get_buffer(&serializer, &buffer_len);
 #ifndef WIN32
-      char const * const expected_json_str = "{\"flow_risk\": {\"6\": {\"risk\":\"Self-signed Cert\",\"severity\":\"High\",\"risk_score\": {\"total\":500,\"client\":450,\"server\":50}},\"7\": {\"risk\":\"Obsolete TLS (v1.1 or older)\",\"severity\":\"High\",\"risk_score\": {\"total\":510,\"client\":455,\"server\":55}},\"8\": {\"risk\":\"Weak TLS Cipher\",\"severity\":\"High\",\"risk_score\": {\"total\":250,\"client\":225,\"server\":25}},\"17\": {\"risk\":\"Malformed Packet\",\"severity\":\"Low\",\"risk_score\": {\"total\":260,\"client\":130,\"server\":130}}},\"confidence\": {\"6\":\"DPI\"},\"proto\":\"TLS.Facebook\",\"proto_id\":\"91.119\",\"encrypted\":1,\"breed\":\"Fun\",\"category_id\":6,\"category\":\"SocialNetwork\",\"float\":340282346638528859811704183484516925440.000000,\"double\":680564693277057719623408366969033850880.000000}";
+      char const * const expected_json_str = "{\"flow_risk\": {\"6\": {\"risk\":\"Self-signed Cert\",\"severity\":\"High\",\"risk_score\": {\"total\":500,\"client\":450,\"server\":50}},\"7\": {\"risk\":\"Obsolete TLS (v1.1 or older)\",\"severity\":\"High\",\"risk_score\": {\"total\":510,\"client\":455,\"server\":55}},\"8\": {\"risk\":\"Weak TLS Cipher\",\"severity\":\"High\",\"risk_score\": {\"total\":250,\"client\":225,\"server\":25}},\"17\": {\"risk\":\"Malformed Packet\",\"severity\":\"Low\",\"risk_score\": {\"total\":260,\"client\":130,\"server\":130}}},\"confidence\": {\"6\":\"DPI\"},\"proto\":\"TLS.Facebook\",\"proto_id\":\"91.119\",\"proto_by_ip\":\"Facebook\",\"proto_by_ip_id\":119,\"encrypted\":1,\"breed\":\"Fun\",\"category_id\":6,\"category\":\"SocialNetwork\",\"float\":340282346638528859811704183484516925440.000000,\"double\":680564693277057719623408366969033850880.000000}";
 
       if (strncmp(buffer, expected_json_str, buffer_len) != 0)
       {
@@ -312,7 +313,7 @@ int serializeProtoUnitTest(void)
       }
     } else if (fmt == ndpi_serialization_format_csv)
     {
-      char const * const expected_csv_hdr_str = "risk,severity,total,client,server,risk,severity,total,client,server,risk,severity,total,client,server,risk,severity,total,client,server,6,proto,proto_id,encrypted,breed,category_id,category,float,double";
+      char const * const expected_csv_hdr_str = "risk,severity,total,client,server,risk,severity,total,client,server,risk,severity,total,client,server,risk,severity,total,client,server,6,proto,proto_id,proto_by_ip,proto_by_ip_id,encrypted,breed,category_id,category,float,double";
       buffer_len = 0;
       buffer = ndpi_serializer_get_header(&serializer, &buffer_len);
       assert(buffer != NULL && buffer_len != 0);
@@ -324,7 +325,7 @@ int serializeProtoUnitTest(void)
         printf("%s: ERROR: got CSV str.....: \"%.*s\"\n", __FUNCTION__, (int)buffer_len, buffer);
       }
 
-      char const * const expected_csv_buf_str = "Self-signed Cert,High,500,450,50,Obsolete TLS (v1.1 or older),High,510,455,55,Weak TLS Cipher,High,250,225,25,Malformed Packet,Low,260,130,130,DPI,TLS.Facebook,91.119,1,Fun,6,SocialNetwork,340282346638528859811704183484516925440.000000,680564693277057719623408366969033850880.000000";
+      char const * const expected_csv_buf_str = "Self-signed Cert,High,500,450,50,Obsolete TLS (v1.1 or older),High,510,455,55,Weak TLS Cipher,High,250,225,25,Malformed Packet,Low,260,130,130,DPI,TLS.Facebook,91.119,Facebook,119,1,Fun,6,SocialNetwork,340282346638528859811704183484516925440.000000,680564693277057719623408366969033850880.000000";
       buffer_len = 0;
       buffer = ndpi_serializer_get_buffer(&serializer, &buffer_len);
       assert(buffer != NULL && buffer_len != 0);
author	Toni <matzeton@googlemail.com>	2022-10-15 12:58:44 +0200
committer	GitHub <noreply@github.com>	2022-10-15 12:58:44 +0200
commit	01622c4c63f2968da101bedff0db0e8578b04a9b (patch)
tree	852c5f5c62875e6f259e1e4f95aac85af3b6c3c4
parent	2d153fba45325e4fe716ff92a44eb67fe0fcea72 (diff)