aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuca <deri@ntop.org>2022-05-30 17:54:09 +0200
committerLuca <deri@ntop.org>2022-05-30 17:54:30 +0200
commit34ede63c1590684919ec101efd4116b46edefac3 (patch)
treea2676c548f85773edd7dec279abf3a2a719767bb
parent48065d80e989bdf708f7b87283e0625b490f1f19 (diff)
Added ability to return risk info in JSON format in ndpi_get_flow_risk_info()
-rw-r--r--example/reader_util.c2
-rw-r--r--src/include/ndpi_api.h.in3
-rw-r--r--src/include/ndpi_typedefs.h6
-rw-r--r--src/lib/ndpi_main.c2
-rw-r--r--src/lib/ndpi_serializer.c4
-rw-r--r--src/lib/ndpi_utils.c67
6 files changed, 59 insertions, 25 deletions
diff --git a/example/reader_util.c b/example/reader_util.c
index 9f908efb4..c3c18764d 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1044,7 +1044,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
flow->info_type = INFO_INVALID;
- s = ndpi_get_flow_risk_info(flow->ndpi_flow, out, sizeof(out));
+ s = ndpi_get_flow_risk_info(flow->ndpi_flow, out, sizeof(out), 0 /* text */);
if(s != NULL)
flow->risk_str = ndpi_strdup(s);
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 01c55b9d0..36d592b8d 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -1736,7 +1736,8 @@ extern "C" {
/* ******************************* */
char* ndpi_get_flow_risk_info(struct ndpi_flow_struct *flow,
- char *out, u_int out_len);
+ char *out, u_int out_len,
+ u_int8_t use_json);
#ifdef __cplusplus
}
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 58a4d231f..3004ef523 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1136,6 +1136,10 @@ struct tls_heuristics {
u_int8_t is_safari_tls:1, is_firefox_tls:1, is_chrome_tls:1, notused:5;
};
+struct ndpi_risk_info {
+ ndpi_risk_enum id;
+ char *info;
+};
struct ndpi_flow_struct {
u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
@@ -1198,7 +1202,7 @@ struct ndpi_flow_struct {
u_int8_t risk_checked:1, ip_risk_mask_evaluated:1, host_risk_mask_evaluated:1, tree_risk_checked:1, _notused:4;
ndpi_risk risk_mask; /* Stores the flow risk mask for flow peers */
ndpi_risk risk; /* Issues found with this flow [bitmask of ndpi_risk] */
- char *risk_infos[MAX_NUM_RISK_INFOS]; /* String that contains information about the risks found */
+ struct ndpi_risk_info risk_infos[MAX_NUM_RISK_INFOS]; /* String that contains information about the risks found */
u_int8_t num_risk_infos;
/*
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 68c2bd244..b2030ca6b 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4716,7 +4716,7 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) {
u_int i;
for(i=0; i<flow->num_risk_infos; i++)
- ndpi_free(flow->risk_infos[i]);
+ ndpi_free(flow->risk_infos[i].info);
}
if(flow->http.url)
diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index d560e5b9e..7843ace60 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -209,8 +209,8 @@ static int ndpi_init_serializer_buffer(ndpi_private_serializer_buffer *buffer, u
/* ********************************** */
int ndpi_init_serializer_ll(ndpi_serializer *_serializer,
- ndpi_serialization_format fmt,
- u_int32_t buffer_size) {
+ ndpi_serialization_format fmt,
+ u_int32_t buffer_size) {
ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer;
memset(serializer, 0, sizeof(ndpi_private_serializer));
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index c4ab36238..e20dca6f3 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1132,8 +1132,7 @@ void ndpi_serialize_risk(ndpi_serializer *serializer,
/* ********************************** */
void ndpi_serialize_risk_score(ndpi_serializer *serializer,
- ndpi_risk_enum risk)
-{
+ ndpi_risk_enum risk) {
u_int16_t rs, rs_client = 0, rs_server = 0;
if(risk == NDPI_NO_RISK) {
@@ -2255,7 +2254,9 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
char *s = ndpi_strdup(risk_message);
if(s != NULL) {
- flow->risk_infos[flow->num_risk_infos++] = s;
+ flow->risk_infos[flow->num_risk_infos].id = r;
+ flow->risk_infos[flow->num_risk_infos].info = s;
+ flow->num_risk_infos++;
}
}
}
@@ -2523,28 +2524,56 @@ int ndpi_snprintf(char * str, size_t size, char const * format, ...) {
/* ******************************************* */
char* ndpi_get_flow_risk_info(struct ndpi_flow_struct *flow,
- char *out, u_int out_len) {
+ char *out, u_int out_len,
+ u_int8_t use_json) {
u_int i, offset = 0;
if((out == NULL) || (flow->num_risk_infos == 0))
return(NULL);
-
- out[0] = '\0', out_len--;
- for(i=0; (i<flow->num_risk_infos) && (out_len > offset); i++) {
- int rc = snprintf(&out[offset], out_len-offset, "%s%s",
- (i == 0) ? "" : " / ",
- flow->risk_infos[i]);
+ if(use_json) {
+ ndpi_serializer serializer;
+ u_int32_t buffer_len;
+ char *buffer;
+
+ if(ndpi_init_serializer(&serializer, ndpi_serialization_format_json) == -1)
+ return(NULL);
- if(rc <= 0)
- break;
- else
- offset += rc;
- }
+ for(i=0; i<flow->num_risk_infos; i++)
+ ndpi_serialize_uint32_string(&serializer,
+ flow->risk_infos[i].id,
+ flow->risk_infos[i].info);
+
+ buffer = ndpi_serializer_get_buffer(&serializer, &buffer_len);
- if(offset > out_len) offset = out_len;
-
- out[offset] = '\0';
+ if(buffer && (buffer_len > 0)) {
+ u_int l = ndpi_min(out_len-1, buffer_len);
+
+ strncpy(out, buffer, l);
+ out[l] = '\0';
+ }
+
+ ndpi_term_serializer(&serializer);
- return(out[0] == '\0' ? NULL : out);
+ return(out);
+ } else {
+ out[0] = '\0', out_len--;
+
+ for(i=0; (i<flow->num_risk_infos) && (out_len > offset); i++) {
+ int rc = snprintf(&out[offset], out_len-offset, "%s%s",
+ (i == 0) ? "" : " / ",
+ flow->risk_infos[i].info);
+
+ if(rc <= 0)
+ break;
+ else
+ offset += rc;
+ }
+
+ if(offset > out_len) offset = out_len;
+
+ out[offset] = '\0';
+
+ return(out[0] == '\0' ? NULL : out);
+ }
}