diff options
| author | Luca Deri <deri@ntop.org> | 2021-04-27 08:12:14 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-04-27 08:12:14 +0200 |
| commit | 70686249c91d2cd40910fcf136b92474272d5a41 (patch) | |
| tree | efb2b557f8a86ed3c6a50ac10498bc07a1c4a68c | |
| parent | 7b62db81c335d0a826c9e7bb753000c3647e97c8 (diff) | |
Updated code due to https://github.com/ntop/nDPI/pull/1175
| -rw-r--r-- | example/ndpiReader.c | 5 | ||||
| -rw-r--r-- | wireshark/ndpi.lua | 20 |
2 files changed, 13 insertions, 12 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3a88c0aab..851203962 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -174,12 +174,13 @@ struct receiver *receivers = NULL, *topReceivers = NULL; #define WIRESHARK_NTOP_MAGIC 0x19680924 +PACK_ON struct ndpi_packet_trailer { u_int32_t magic; /* WIRESHARK_NTOP_MAGIC */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; ndpi_risk flow_risk; char name[16]; -}; +} PACK_OFF; static pcap_dumper_t *extcap_dumper = NULL; static pcap_t *extcap_fifo_h = NULL; @@ -3285,7 +3286,7 @@ static void ndpi_process_packet(u_char *args, memcpy(extcap_buf, packet, h.caplen); memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(WIRESHARK_NTOP_MAGIC); - trailer->flow_risk = htonl(flow_risk); + trailer->flow_risk = htonll(flow_risk); trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)]; diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index b594c5697..ddda4bcdc 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -26,7 +26,7 @@ local ndpi_fds = ndpi_proto.fields ndpi_fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) ndpi_fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) ndpi_fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) -ndpi_fds.flow_risk = ProtoField.new("nDPI Flow Risk", "ndpi.flow_risk", ftypes.UINT32, nil, base.DEC) +ndpi_fds.flow_risk = ProtoField.new("nDPI Flow Risk", "ndpi.flow_risk", ftypes.UINT64) ndpi_fds.flow_risk_str = ProtoField.new("nDPI Flow Risk String", "ndpi.flow_risk_str", ftypes.STRING) local ntop_proto = Proto("ntop", "ntop Extensions") @@ -977,23 +977,23 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local ndpikey, srckey, dstkey, flowkey local elems = string.split(string.sub(ndpi_trailer, 12), ":") local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") - local network_protocol = tonumber(elems[2]..elems[3], 16) -- 16 = HEX - local application_protocol = tonumber(elems[4]..elems[5], 16) -- 16 = HEX - local str_risk = elems[6]..elems[7]..elems[8]..elems[9] + local str_risk = elems[6]..elems[7]..elems[8]..elems[9]..elems[10]..elems[11]..elems[12]..elems[13] local flow_risk = tonumber(str_risk, 16) -- 16 = HEX + local len = tvb:len() local name = "" - - for i=10,25 do + + for i=14,29 do name = name .. string.char(tonumber(elems[i], 16)) end - ndpi_subtree:add(ndpi_fds.network_protocol, network_protocol) - ndpi_subtree:add(ndpi_fds.application_protocol, application_protocol) - ndpi_subtree:add(ndpi_fds.flow_risk, flow_risk) + ndpi_subtree:add(ndpi_fds.network_protocol, tvb(len-32, 2)) + ndpi_subtree:add(ndpi_fds.application_protocol, tvb(len-30, 2)) + ndpi_subtree:add(ndpi_fds.flow_risk, tvb(len-28, 8)) ndpi_subtree:add(ndpi_fds.flow_risk_str, map_ndpi_risk(flow_risk)) - ndpi_subtree:add(ndpi_fds.name, name) + ndpi_subtree:add(ndpi_fds.name, tvb(len-20, 16)) if(application_protocol ~= 0) then + -- Set protocol name in the wireshark protocol column (if not Unknown) pinfo.cols.protocol = name --print(network_protocol .. "/" .. application_protocol .. "/".. name) |