diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-05-20 15:12:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-20 15:12:14 +0200 |
| commit | 9004d5c2ca71a9821a2041f0a5e16b4144a66ee7 (patch) | |
| tree | cc61e74454eb12f8e34deb660defd2450ade4bb4 | |
| parent | 1ab5318f9c652474db838fc45920dab4a3cd4787 (diff) | |
ndpiReader: fix export of HTTP attributes (#1982)
| -rw-r--r-- | example/reader_util.c | 28 | ||||
| -rw-r--r-- | tests/cfgs/default/pcap/bt-http.pcapng | bin | 0 -> 2360 bytes | |||
| -rw-r--r-- | tests/cfgs/default/result/bt-http.pcapng.out | 25 |
3 files changed, 40 insertions, 13 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 5d0f4f7f3..57b37ec4a 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1237,19 +1237,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl sizeof(flow->kerberos.username), "%s", flow->ndpi_flow->protos.kerberos.username); } - /* HTTP */ - else if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP) - || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_PROXY) - || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_CONNECT)) { - if(flow->ndpi_flow->http.url != NULL) { - ndpi_snprintf(flow->http.url, sizeof(flow->http.url), "%s", flow->ndpi_flow->http.url); - } - flow->http.response_status_code = flow->ndpi_flow->http.response_status_code; - ndpi_snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : ""); - ndpi_snprintf(flow->http.server, sizeof(flow->http.server), "%s", flow->ndpi_flow->http.server ? flow->ndpi_flow->http.server : ""); - ndpi_snprintf(flow->http.request_content_type, sizeof(flow->http.request_content_type), "%s", flow->ndpi_flow->http.request_content_type ? flow->ndpi_flow->http.request_content_type : ""); - ndpi_snprintf(flow->http.nat_ip, sizeof(flow->http.nat_ip), "%s", flow->ndpi_flow->http.nat_ip ? flow->ndpi_flow->http.nat_ip : ""); - } /* RTP */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_RTP)) { flow->info_type = INFO_RTP; @@ -1348,6 +1335,21 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } + /* HTTP metadata are "global" not in `flow->ndpi_flow->protos` union; for example, we can have + HTTP/BitTorrent and in that case we want to export also HTTP attributes */ + if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP) + || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_PROXY) + || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_CONNECT)) { + if(flow->ndpi_flow->http.url != NULL) { + ndpi_snprintf(flow->http.url, sizeof(flow->http.url), "%s", flow->ndpi_flow->http.url); + } + flow->http.response_status_code = flow->ndpi_flow->http.response_status_code; + ndpi_snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : ""); + ndpi_snprintf(flow->http.server, sizeof(flow->http.server), "%s", flow->ndpi_flow->http.server ? flow->ndpi_flow->http.server : ""); + ndpi_snprintf(flow->http.request_content_type, sizeof(flow->http.request_content_type), "%s", flow->ndpi_flow->http.request_content_type ? flow->ndpi_flow->http.request_content_type : ""); + ndpi_snprintf(flow->http.nat_ip, sizeof(flow->http.nat_ip), "%s", flow->ndpi_flow->http.nat_ip ? flow->ndpi_flow->http.nat_ip : ""); + } + ndpi_snprintf(flow->http.user_agent, sizeof(flow->http.user_agent), "%s", (flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : "")); diff --git a/tests/cfgs/default/pcap/bt-http.pcapng b/tests/cfgs/default/pcap/bt-http.pcapng Binary files differnew file mode 100644 index 000000000..cf0476462 --- /dev/null +++ b/tests/cfgs/default/pcap/bt-http.pcapng diff --git a/tests/cfgs/default/result/bt-http.pcapng.out b/tests/cfgs/default/result/bt-http.pcapng.out new file mode 100644 index 000000000..76e43e62c --- /dev/null +++ b/tests/cfgs/default/result/bt-http.pcapng.out @@ -0,0 +1,25 @@ +Guessed flow protos: 0 + +DPI Packets (TCP): 7 (7.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 15 (15.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 5/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 1/0 (search/found) +Automa domain: 1/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 2/0 (search/found) + +BitTorrent 14 1492 1 + + 1 TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |