Added DHCP fingerprint

Minor fixes

1 files changed, 13 insertions, 4 deletions

diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index a6bcbac8c..5f5531d08 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -34,6 +34,7 @@ end
 
 local ndpi_proto = Proto("ndpi", "nDPI Protocol Interpreter")
 local tcp_fprint = Proto("ndpi.tcp_fingerprint", "TCP Fingerprint")
+local dhcp_fprint = Proto("ndpi.dhcp_fingerprint", "DHCP Fingerprint")
 
 ndpi_proto.fields = {}
 
@@ -44,6 +45,7 @@ ndpi_fds.network_protocol     = ProtoField.new("nDPI Network Protocol", "ndpi.pr
 ndpi_fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT16, nil, base.DEC)
 ndpi_fds.name                 = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING)
 ndpi_fds.flags                = ProtoField.new("nDPI Flags", "ndpi.flags", ftypes.UINT8, nil, base.HEX)
+
 local dir_types = {
    [0] = "Unknown Direction",
    [1] = "Client to Server Direction",
@@ -160,6 +162,7 @@ ntop_fds.client_nw_rtt    = ProtoField.new("TCP client network RTT (msec)",  "nt
 ntop_fds.server_nw_rtt    = ProtoField.new("TCP server network RTT (msec)",  "ntop.latency.server_rtt", ftypes.FLOAT,  nil, base.NONE)
 ntop_fds.appl_latency_rtt = ProtoField.new("Application Latency RTT (msec)", "ntop.latency.appl_rtt",   ftypes.FLOAT,  nil, base.NONE)
 ntop_fds.tcp_fingerprint  = ProtoField.new("TCP Fingerprint",                "ntop.tcp_fingerprint",    ftypes.STRING, nil, base.NONE)
+ntop_fds.dhcp_fingerprint = ProtoField.new("DHCP Fingerprint",               "ntop.dhcp_fingerprint",   ftypes.STRING, nil, base.NONE)
 
 local f_eth_source        = Field.new("eth.src")
 local f_eth_trailer       = Field.new("eth.trailer")
@@ -1232,6 +1235,11 @@ function dhcp_dissector(tvb, pinfo, tree)
       end
 
       dhcp_fingerprints[srckey] = fingerprint
+
+      if(pinfo.visited == true) then
+	 local dhcp_f_entry = tree:add(ntop_proto, tvb())
+	 dhcp_f_entry:add(ntop_fds.dhcp_fingerprint, fingerprint)
+      end
    end
 end
 
@@ -1424,7 +1432,6 @@ function tcp_fingerprint(tvb, pinfo, tree, ip_version)
 	    f_print = string.upper(num_tcp_flags.."_"..ip_ttl .."_".. tcp_win .."_".. fingerprint)
 	 end
 
-
 	 if(tcp_opt_debug) then tprint("Fingerprint: " .. f_print) end
 	 
 	 local tcp_f_entry = tree:add(ntop_proto, tvb())
@@ -1781,18 +1788,20 @@ function stun_dissector(tvb, pinfo, tree)
 	    stun_flows_table = stun_develop_table(stun_flows_table,key,key2,protocol)
 	 end
 
-	 local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
-
 	 if(protocol ~= ndpi_proto_unknown) then
+	    local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
 	    ndpi_subtree:add(ndpi_fds.name, protocol)
 	    stun_old_id_packet = id_packet
 	 elseif(protocol == ndpi_proto_unknown) then
 	    if stun_flows_table[key] ~= nil then
+	       local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
 	       ndpi_subtree:add(ndpi_fds.name,stun_flows_table[key])
 	    elseif stun_flows_table[key2] ~= nil then
+	       local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
 	       ndpi_subtree:add(ndpi_fds.name,stun_flows_table[key2])
 	    elseif stun_old_id_packet > id_packet then
 	       protocol = stun_processed_packets[key] ~= nil and stun_processed_packets[key] or stun_processed_packets[key2] ~= nil and stun_processed_packets[key2] or ndpi_proto_unknown
+	       local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
 	       ndpi_subtree:add(ndpi_fds.name,protocol)
 	    end
 
@@ -1851,7 +1860,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree)
 	    local ndpikey, srckey, dstkey, flowkey, flow_risk
 	    local flow_risk_tree, flow_risk_info_len, metadata_list_tree, metadata_tree, metadata_list_len
 	    local name
-	    local ndpi_subtree         = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
+	    local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol")
 	    local application_protocol, mlen
 	    local offset = 0