aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2017-04-19 21:55:49 +0200
committerLuca Deri <deri@ntop.org>2017-04-19 21:55:49 +0200
commita9c01ded174ed380a2d135cfb9b903f616b0e175 (patch)
tree96b8692c8191f29ca33bf281f6435f72c4db3bfd
parentcbc08f7e5045c3b0f49eccc1e071663e163bbf91 (diff)
ndpiReader now prints (-v) the flows with the correct direction
-rw-r--r--example/ndpiReader.c28
-rw-r--r--example/ndpi_util.c22
-rw-r--r--example/ndpi_util.h2
3 files changed, 28 insertions, 24 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index b0b21b2b3..ca06e98b8 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -553,17 +553,23 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) {
if(!json_flag) {
fprintf(out, "\t%u", ++num_flows);
- fprintf(out, "\t%s %s%s%s:%u <-> %s%s%s:%u ",
- ipProto2Name(flow->protocol),
- (flow->ip_version == 6) ? "[" : "",
- flow->lower_name,
- (flow->ip_version == 6) ? "]" : "",
- ntohs(flow->lower_port),
- (flow->ip_version == 6) ? "[" : "",
- flow->upper_name,
- (flow->ip_version == 6) ? "]" : "",
- ntohs(flow->upper_port));
-
+ fprintf(out, "\t%s ", ipProto2Name(flow->protocol));
+
+ if(flow->src_to_dst_direction == 1)
+ fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ",
+ (flow->ip_version == 6) ? "[" : "",
+ flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port),
+ (flow->ip_version == 6) ? "[" : "",
+ flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port)
+ );
+ else
+ fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ",
+ (flow->ip_version == 6) ? "[" : "",
+ flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port),
+ (flow->ip_version == 6) ? "[" : "",
+ flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port)
+ );
+
if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id);
if(flow->detected_protocol.master_protocol) {
diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index 783f05c86..445ade1ac 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -260,9 +260,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) {
u_int tcp_len;
+ // tcp
workflow->stats.tcp_count++;
-
- // tcp
*tcph = (struct ndpi_tcphdr *)l4;
*sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest);
@@ -287,12 +286,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len);
*payload = &l4[tcp_len];
*payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff);
-
- // udp
} else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) {
+ // udp
workflow->stats.udp_count++;
-
*udph = (struct ndpi_udphdr *)l4;
*sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest);
*payload = &l4[sizeof(struct ndpi_udphdr)];
@@ -335,7 +332,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
if(ret == NULL) {
if(workflow->stats.ndpi_flow_count == workflow->prefs.max_ndpi_flows) {
- NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, "maximum flow count (%u) has been exceeded\n", workflow->prefs.max_ndpi_flows);
+ NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR,
+ "maximum flow count (%u) has been exceeded\n",
+ workflow->prefs.max_ndpi_flows);
exit(-1);
} else {
struct ndpi_flow_info *newflow = (struct ndpi_flow_info*)malloc(sizeof(struct ndpi_flow_info));
@@ -350,7 +349,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
newflow->lower_ip = lower_ip, newflow->upper_ip = upper_ip;
newflow->lower_port = lower_port, newflow->upper_port = upper_port;
newflow->ip_version = version;
-
+ newflow->src_to_dst_direction = *src_to_dst_direction;
+
if(version == IPVERSION) {
inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name));
inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name));
@@ -520,7 +520,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
struct ndpi_udphdr *udph = NULL;
u_int16_t sport, dport, payload_len;
u_int8_t *payload;
- u_int8_t src_to_dst_direction= 1;
+ u_int8_t src_to_dst_direction = 1;
if(iph)
flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL,
@@ -542,9 +542,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
ndpi_flow = flow->ndpi_flow;
flow->packets++, flow->bytes += rawsize;
flow->last_seen = time;
- } else {
+ } else
return(flow->detected_protocol);
- }
/* Protocol already detected */
if(flow->detection_completed) return(flow->detected_protocol);
@@ -556,8 +555,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN)
|| ((proto == IPPROTO_UDP) && (flow->packets > 8))
|| ((proto == IPPROTO_TCP) && (flow->packets > 10))) {
- /* New protocol detected or give up */
-
+ /* New protocol detected or give up */
flow->detection_completed = 1;
}
diff --git a/example/ndpi_util.h b/example/ndpi_util.h
index a8e21d673..335c94ddf 100644
--- a/example/ndpi_util.h
+++ b/example/ndpi_util.h
@@ -46,7 +46,7 @@ typedef struct ndpi_flow_info {
u_int32_t upper_ip;
u_int16_t lower_port;
u_int16_t upper_port;
- u_int8_t detection_completed, protocol;
+ u_int8_t detection_completed, protocol, src_to_dst_direction;
u_int16_t vlan_id;
struct ndpi_flow_struct *ndpi_flow;
char lower_name[48], upper_name[48];