Added printf/fprintf replacement for some internal modules.improved/logging_callback_ndpi_printf

 * logging is instead redirected to `ndpi_debug_printf`

Signed-off-by: lns <matzeton@googlemail.com>

19 files changed, 219 insertions, 77 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 9f6643b57..711964695 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -40,6 +40,7 @@
 #else
 #include <unistd.h>
 #include <netinet/in.h>
+#include <netinet/ip.h>
 #include <sys/socket.h>
 #include <sys/mman.h>
 #endif
@@ -612,10 +613,10 @@ static void help(u_int long_help) {
     NDPI_BITMASK_SET_ALL(all);
     ndpi_set_protocol_detection_bitmask2(ndpi_info_mod, &all);
 
-    ndpi_dump_protocols(ndpi_info_mod);
+    ndpi_dump_protocols(ndpi_info_mod, stdout);
 
     printf("\n\nnDPI supported risks:\n");
-    ndpi_dump_risks_score();
+    ndpi_dump_risks_score(stdout);
 
     ndpi_exit_detection_module(ndpi_info_mod);
   }
@@ -977,7 +978,7 @@ static void parseOptions(int argc, char **argv) {
 
     switch (opt) {
     case 'a':
-      ndpi_generate_options(atoi(optarg));
+      ndpi_generate_options(atoi(optarg), stdout);
       exit(0);
 
     case 'A':
diff --git a/example/reader_util.c b/example/reader_util.c
index fff77f139..7f8408466 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -40,6 +40,7 @@
 #else
 #include <unistd.h>
 #include <netinet/in.h>
+#include <netinet/ip.h>
 #endif
 
 #include "reader_util.h"
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index eddad549c..ce710ddf7 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -728,21 +728,22 @@ extern "C" {
    *
    * @par  ndpi_mod = the detection module
    */
-  void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod);
+  void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod, FILE *dump_out);
 
   /**
    * Generate Options list used in OPNsense firewall plugin
    *
    * @par  opt = The Option list to generate
+   * @par  dump_out = Output stream for generated options
    */
-  void ndpi_generate_options(u_int opt);
+  void ndpi_generate_options(u_int opt, FILE *dump_out);
 
   /**
    * Write the list of the scores and their associated risks
    *
-   * @par  ndpi_mod = the detection module
+   * @par  dump_out = Output stream for dumped risk scores
    */
-  void ndpi_dump_risks_score(void);
+  void ndpi_dump_risks_score(FILE *dump_out);
 
   /**
    * Read a file and load the protocols
diff --git a/src/include/ndpi_includes.h b/src/include/ndpi_includes.h
index 27580a45e..ae6230923 100644
--- a/src/include/ndpi_includes.h
+++ b/src/include/ndpi_includes.h
@@ -41,11 +41,14 @@
 #include <sys/param.h>
 #include <arpa/inet.h>
 #include <sys/time.h>
+#include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#ifndef __APPLE__
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
+#endif
 
 #if !defined __APPLE__ && !defined __FreeBSD__ && !defined __NetBSD__ && !defined __OpenBSD__
 #include <endian.h>
diff --git a/src/include/ndpi_patricia_typedefs.h b/src/include/ndpi_patricia_typedefs.h
index f062677bd..41f15e790 100644
--- a/src/include/ndpi_patricia_typedefs.h
+++ b/src/include/ndpi_patricia_typedefs.h
@@ -64,6 +64,10 @@
 #ifndef _NDPI_PATRICIA_TYPEDEF_H_
 #define _NDPI_PATRICIA_TYPEDEF_H_
 
+#ifndef NDPI_CFFI_PREPROCESSING
+#include "ndpi_includes.h"
+#endif
+
 #define UV16_MAX_USER_VALUES  2
 
 struct patricia_uv16 {
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 4d4d22161..690c9daf9 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -25,6 +25,9 @@ E * ndpi_typedefs.h
 #define __NDPI_TYPEDEFS_H__
 
 #include "ndpi_define.h"
+#ifndef NDPI_CFFI_PREPROCESSING
+#include "ndpi_includes.h"
+#endif
 #include "ndpi_protocol_ids.h"
 #include "ndpi_utils.h"
 
@@ -47,6 +50,12 @@ typedef unsigned int u_int;
 #endif
 #endif
 
+#ifdef __APPLE__
+typedef unsigned char u_char;
+typedef unsigned short u_short;
+typedef unsigned int u_int;
+#endif
+
 /* NDPI_LOG_LEVEL */
 typedef enum {
 	      NDPI_LOG_ERROR,
diff --git a/src/include/ndpi_utils.h b/src/include/ndpi_utils.h
index 492b46a47..288cd7a94 100644
--- a/src/include/ndpi_utils.h
+++ b/src/include/ndpi_utils.h
@@ -25,9 +25,14 @@
 #define __NDPI_UTILS_H__
 
 #include "ndpi_define.h"
+#ifndef NDPI_CFFI_PREPROCESSING
+#include "ndpi_includes.h"
+#endif
 
 #ifndef NDPI_CFFI_PREPROCESSING
-extern u_int8_t ndpi_ends_with(char *str, char *ends);
+struct ndpi_detection_module_struct;
+extern u_int8_t ndpi_ends_with(struct ndpi_detection_module_struct *ndpi_struct,
+                               char *str, char *ends);
 #endif // NDPI_CFFI_PREPROCESSING
 /* **************************************** */
 
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index c4e5880b6..4cfb6283e 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -17,12 +17,12 @@ includedir = @includedir@/ndpi
 ifneq ($(OS),Windows_NT)
 CFLAGS     += -fPIC -DPIC
 endif
-CFLAGS     += -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION @NDPI_CFLAGS@ @GPROF_CFLAGS@ @CUSTOM_NDPI@ @ADDITIONAL_INCS@
+CFLAGS     += -I. -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION @NDPI_CFLAGS@ @GPROF_CFLAGS@ @CUSTOM_NDPI@ @ADDITIONAL_INCS@
 LDFLAGS    += @NDPI_LDFLAGS@
 LIBS       = @ADDITIONAL_LIBS@ @LIBS@ @GPROF_LIBS@
 
 OBJECTS   = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) $(patsubst third_party/src/hll/%.c, third_party/src/hll/%.o, $(wildcard third_party/src/hll/*.c)) $(patsubst ./%.c, ./%.o, $(wildcard ./*.c))
-HEADERS   = $(wildcard ../include/*.h)
+HEADERS   = $(wildcard ../include/*.h) $(wildcard ../include/*.h)
 NDPI_VERSION_MAJOR   = @NDPI_MAJOR@
 NDPI_LIB_STATIC      = libndpi.a
 NDPI_LIB_SHARED_BASE = libndpi.so
diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c
index e9aa99a31..f6d828107 100644
--- a/src/lib/ndpi_analyze.c
+++ b/src/lib/ndpi_analyze.c
@@ -32,6 +32,8 @@
 #include "ndpi_config.h"
 #include "third_party/include/hll.h"
 
+#include "ndpi_replace_printf.h"
+
 /* ********************************************************************************* */
 
 void ndpi_init_data_analysis(struct ndpi_analyze_struct *ret, u_int16_t _max_series_len) {
@@ -726,6 +728,7 @@ int ndpi_cluster_bins(struct ndpi_bin *bins, u_int16_t num_bins,
   float *bin_score;
   u_int16_t num_cluster_elems[MAX_NUM_CLUSTERS] = { 0 };
 
+  (void)out_buf;
   srand(time(NULL));
 
   if(!bins || num_bins == 0 || !cluster_ids || num_clusters == 0)
diff --git a/src/lib/ndpi_classify.c b/src/lib/ndpi_classify.c
index 114982de4..a7937ed08 100644
--- a/src/lib/ndpi_classify.c
+++ b/src/lib/ndpi_classify.c
@@ -51,6 +51,8 @@
 #include "ndpi_classify.h"
 #include "ndpi_includes.h"
 
+#include "ndpi_replace_printf.h"
+
 /** finds the minimum value between to inputs */
 #ifndef min
 #define min(a,b)				\
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 7a50731d6..15f6a6f99 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -26,6 +26,10 @@
 #include <sys/types.h>
 #include <dirent.h>
 
+#ifdef __APPLE__
+#include <netinet/ip.h>
+#endif
+
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN
 
 #include "ndpi_config.h"
@@ -36,7 +40,7 @@
 #ifdef USE_HOST_LIBGCRYPT
 #include <gcrypt.h>
 #else
-#include <gcrypt_light.h>
+#include "gcrypt_light.h"
 #endif
 
 #include <time.h>
@@ -122,11 +126,8 @@
 #include "nbpf.h"
 #endif
 
-/* #define DGA_DEBUG 1 */
 /* #define MATCH_DEBUG 1 */
 
-u_int ndpi_verbose_dga_detection = 0;
-
 /* ****************************************** */
 
 static void *(*_ndpi_flow_malloc)(size_t size);
@@ -2169,7 +2170,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 
 /* ****************************************************** */
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 #define MATCH_DEBUG_INFO(fmt, ...) if(txt->option & AC_FEATURE_DEBUG) printf(fmt, ##__VA_ARGS__)
+#else
+#define MATCH_DEBUG_INFO(fmt, ...)
+#endif
 
 /* No static because it is used by fuzzer, too */
 int ac_domain_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) {
@@ -2659,7 +2664,7 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *
   ndpi_vsnprintf(str, sizeof(str) - 1, format, args);
   va_end(args);
 
-  if(ndpi_str != NULL) {
+  if(ndpi_str != NULL || (file_name != NULL && func_name != NULL)) {
     printf("%s:%s:%-3d - [%u]: %s", file_name, func_name, line_number, proto, str);
   } else {
     printf("Proto: %u, %s", proto, str);
@@ -8734,13 +8739,13 @@ int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *ca
 
 /* ****************************************************** */
 
-void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) {
+void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str, FILE *dump_out) {
   int i;
 
-  if(!ndpi_str) return;
+  if(!ndpi_str || !dump_out) return;
 
   for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++)
-    printf("%3d %-22s %-10s %-8s %-12s %s\n",
+    fprintf(dump_out, "%3d %-22s %-10s %-8s %-12s %s\n",
 	   i, ndpi_str->proto_defaults[i].protoName,
 	   ndpi_get_l4_proto_name(ndpi_get_l4_proto_info(ndpi_str, i)),
 	   ndpi_str->proto_defaults[i].isAppProtocol ? "" : "X",
@@ -8752,11 +8757,12 @@ void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) {
 
 /* Helper function used to generate Options fields in OPNsense */
 
-void ndpi_generate_options(u_int opt) {
+void ndpi_generate_options(u_int opt, FILE *options_out) {
   struct ndpi_detection_module_struct *ndpi_str;
   NDPI_PROTOCOL_BITMASK all;
   u_int i;
 
+  if (!options_out) return;
   ndpi_str = ndpi_init_detection_module(ndpi_no_prefs);
 
   NDPI_BITMASK_SET_ALL(all);
@@ -8766,8 +8772,8 @@ void ndpi_generate_options(u_int opt) {
   case 0: /* List known protocols */
     {
       for(i = 1 /* Skip unknown */; i < ndpi_str->ndpi_num_supported_protocols; i++) {
-	printf("            <Option%d value=\"%u\">%s</Option%d>\n",
-	       i, i, ndpi_str->proto_defaults[i].protoName, i);
+        fprintf(options_out, "            <Option%d value=\"%u\">%s</Option%d>\n",
+               i, i, ndpi_str->proto_defaults[i].protoName, i);
       }
     }
     break;
@@ -8778,8 +8784,8 @@ void ndpi_generate_options(u_int opt) {
 	const char *name = ndpi_category_get_name(ndpi_str, i);
 
 	if((name != NULL) && (name[0] != '\0')) {
-	  printf("            <Option%d value=\"%u\">%s</Option%d>\n",
-		 i, i, name, i);
+      fprintf(options_out, "            <Option%d value=\"%u\">%s</Option%d>\n",
+              i, i, name, i);
 	}
       }
     }
@@ -8788,26 +8794,26 @@ void ndpi_generate_options(u_int opt) {
   case 2: /* List known risks */
     {
       for(i = 1 /* Skip no risk */; i < NDPI_MAX_RISK; i++) {
-	ndpi_risk_enum r = (ndpi_risk_enum)i;
+        ndpi_risk_enum r = (ndpi_risk_enum)i;
 
-	printf("            <Option%d value=\"%u\">%s</Option%d>\n",
-	       i, i, ndpi_risk2str(r), i);
+        fprintf(options_out, "            <Option%d value=\"%u\">%s</Option%d>\n",
+                i, i, ndpi_risk2str(r), i);
       }
     }
     break;
 
   default:
-    printf("WARNING: option -a out of range\n");
+    fprintf(options_out, "%s\n", "WARNING: option -a out of range");
     break;
   }
 }
 
 /* ****************************************************** */
 
-void ndpi_dump_risks_score() {
+void ndpi_dump_risks_score(FILE *risk_out) {
   u_int i;
 
-  printf("%3s %-48s %-8s %s %-8s %-8s\n",
+  fprintf(risk_out, "%3s %-48s %-8s %s %-8s %-8s\n",
 	 "Id", "Risk", "Severity", "Score", "CliScore", "SrvScore");
 
   for(i = 1; i < NDPI_MAX_RISK; i++) {
@@ -9645,7 +9651,8 @@ static int enough(int a, int b) {
 
 /* ******************************************************************** */
 
-u_int8_t ndpi_ends_with(char *str, char *ends) {
+u_int8_t ndpi_ends_with(struct ndpi_detection_module_struct *ndpi_struct,
+                        char *str, char *ends) {
   u_int str_len = str ? strlen(str) : 0;
   u_int8_t ends_len = strlen(ends);
   u_int8_t rc;
@@ -9655,9 +9662,7 @@ u_int8_t ndpi_ends_with(char *str, char *ends) {
 
   rc = (strncmp(&str[str_len-ends_len], ends, ends_len) != 0) ? 0 : 1;
 
-#ifdef DGA_DEBUG
-  printf("[DGA] %s / %s [rc: %u]\n", str, ends, rc);
-#endif
+  NDPI_LOG_DBG2(ndpi_struct, "[DGA] %s / %s [rc: %u]\n", str, ends, rc);
 
   return(rc);
 }
@@ -9714,12 +9719,12 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
     if((!name)
        || (strchr(name, '_') != NULL)
        || (strchr(name, '-') != NULL)
-       || (ndpi_ends_with(name, "in-addr.arpa"))
-       || (ndpi_ends_with(name, "ip6.arpa"))
+       || (ndpi_ends_with(ndpi_str, name, "in-addr.arpa"))
+       || (ndpi_ends_with(ndpi_str, name, "ip6.arpa"))
        /* Ignore TLD .local .lan and .home */
-       || (ndpi_ends_with(name, ".local"))
-       || (ndpi_ends_with(name, ".lan"))
-       || (ndpi_ends_with(name, ".home"))
+       || (ndpi_ends_with(ndpi_str, name, ".local"))
+       || (ndpi_ends_with(ndpi_str, name, ".lan"))
+       || (ndpi_ends_with(ndpi_str, name, ".home"))
        )
       return(0);
 
@@ -9741,8 +9746,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
     if(strncmp(name, "www.", 4) == 0)
       name = &name[4];
 
-    if(ndpi_verbose_dga_detection)
-      printf("[DGA check] %s\n", name);
+    NDPI_LOG_DBG2(ndpi_str, "[DGA] check %s\n", name);
 
     len = strlen(name);
 
@@ -9756,8 +9760,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
       len = ndpi_snprintf(tmp, max_tmp_len, "%s", name);
       if(len < 0) {
 
-	if(ndpi_verbose_dga_detection)
-	  printf("[DGA] Too short");
+	  NDPI_LOG_DBG2(ndpi_str, "[DGA] too short");
 
 	return(0);
       } else
@@ -9826,14 +9829,13 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
       }
 
       if(num_dots == 0) /* Doesn't look like a domain name */
-	return(0);
+        return(0);
 
       if(curr_domain_element_len > max_domain_element_len)
-	max_domain_element_len = curr_domain_element_len;
+        max_domain_element_len = curr_domain_element_len;
 
-      if(ndpi_verbose_dga_detection)
-	printf("[DGA] [max_num_char_repetitions: %u][max_domain_element_len: %u]\n",
-	       max_num_char_repetitions, max_domain_element_len);
+      NDPI_LOG_DBG2(ndpi_str, "[DGA] [max_num_char_repetitions: %u][max_domain_element_len: %u]\n",
+                    max_num_char_repetitions, max_domain_element_len);
 
       if(
 	 (is_hostname
@@ -9855,8 +9857,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 	  ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_DGA_DOMAIN, name);
 	}
 
-	if(ndpi_verbose_dga_detection)
-	  printf("[DGA] Found!");
+	NDPI_LOG_DBG2(ndpi_str, "[DGA] Found!");
 
 	return(1);
       }
@@ -9878,8 +9879,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 
 	if(strlen(word) < 5) continue;
 
-	if(ndpi_verbose_dga_detection)
-	  printf("-> word(%s) [%s][len: %u]\n", word, name, (unsigned int)strlen(word));
+	NDPI_LOG_DBG2(ndpi_str, "[DGA] word(%s) [%s][len: %u]\n", word, name, (unsigned int)strlen(word));
 
 	trigram_char_skip = 0;
 
@@ -9917,12 +9917,10 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 
 	  num_bigram_checks++;
 
-	  if(ndpi_verbose_dga_detection)
-	    printf("-> Checking %c%c\n", word[i], word[i+1]);
+	  NDPI_LOG_DBG2(ndpi_str, "[DGA] checking %c%c\n", word[i], word[i+1]);
 
 	  if(ndpi_match_impossible_bigram(&word[i])) {
-	    if(ndpi_verbose_dga_detection)
-	      printf("IMPOSSIBLE %s\n", &word[i]);
+	    NDPI_LOG_DBG2(ndpi_str, "[DGA] IMPOSSIBLE %s\n", &word[i]);
 
 	    num_impossible++;
 	  } else {
@@ -9935,8 +9933,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 	  }
 
 	  if((num_trigram_dots < 2) && (word[i+2] != '\0')) {
-	    if(ndpi_verbose_dga_detection)
-	      printf("***> %s [trigram_char_skip: %u]\n", &word[i], trigram_char_skip);
+	    NDPI_LOG_DBG2(ndpi_str, "[DGA] %s [trigram_char_skip: %u]\n", &word[i], trigram_char_skip);
 
 	    if(ndpi_is_trigram_char(word[i]) && ndpi_is_trigram_char(word[i+1]) && ndpi_is_trigram_char(word[i+2])) {
 	      if(trigram_char_skip) {
@@ -9946,8 +9943,8 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 
 		if(ndpi_match_trigram(&word[i]))
 		  num_trigram_found++, trigram_char_skip = 2 /* 1 char overlap */;
-		else if(ndpi_verbose_dga_detection)
-		  printf("[NDPI] NO Trigram %c%c%c\n", word[i], word[i+1], word[i+2]);
+		else
+		  NDPI_LOG_DBG2(ndpi_str, "[DGA] NO Trigram %c%c%c\n", word[i], word[i+1], word[i+2]);
 
 		/* Count vowels */
 		num_trigram_vowels += ndpi_is_vowel(word[i]) + ndpi_is_vowel(word[i+1]) + ndpi_is_vowel(word[i+2]);
@@ -9965,11 +9962,9 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 	  max_num_consecutive_digits_first_word = num_consecutive_digits;
       } /* for */
 
-      if(ndpi_verbose_dga_detection)
-	printf("[NDPI] max_num_consecutive_digits_first_word=%u\n", max_num_consecutive_digits_first_word);
+    NDPI_LOG_DBG2(ndpi_str, "[DGA] max_num_consecutive_digits_first_word=%u\n", max_num_consecutive_digits_first_word);
 
-      if(ndpi_verbose_dga_detection)
-	printf("[%s][num_found: %u][num_impossible: %u][num_digits: %u][num_bigram_checks: %u][num_vowels: %u/%u][num_trigram_vowels: %u][num_trigram_found: %u/%u][vowels: %u][rc: %u]\n",
+	NDPI_LOG_DBG2(ndpi_str, "[DGA] [%s][num_found: %u][num_impossible: %u][num_digits: %u][num_bigram_checks: %u][num_vowels: %u/%u][num_trigram_vowels: %u][num_trigram_found: %u/%u][vowels: %u][rc: %u]\n",
 	       name, num_found, num_impossible, num_digits, num_bigram_checks, num_vowels, len, num_trigram_vowels,
 	       num_trigram_checked, num_trigram_found, num_vowels, rc);
 
@@ -10000,17 +9995,14 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 
       /* Skip names whose first word item has at least 3 consecutive digits */
       if(max_num_consecutive_digits_first_word > 2)
-	rc = 0;
+        rc = 0;
 
-      if(ndpi_verbose_dga_detection) {
-	if(rc)
-	  printf("DGA %s [num_found: %u][num_impossible: %u]\n",
-		 name, num_found, num_impossible);
-      }
+      if(rc)
+	    NDPI_LOG_DBG2(ndpi_str, "[DGA] %s [num_found: %u][num_impossible: %u]\n",
+		              name, num_found, num_impossible);
     }
 
-    if(ndpi_verbose_dga_detection)
-      printf("[DGA] Result: %u\n", rc);
+    NDPI_LOG_DBG2(ndpi_str, "[DGA] Result: %u\n", rc);
 
     if(rc && flow)
       ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_DGA_DOMAIN, name);
diff --git a/src/lib/ndpi_replace_printf.h b/src/lib/ndpi_replace_printf.h
new file mode 100644
index 000000000..73313386c
--- /dev/null
+++ b/src/lib/ndpi_replace_printf.h
@@ -0,0 +1,56 @@
+/*
+ * ndpi_replace_printf.h
+ *
+ * Copyright (C) 2023 - ntop.org and contributors
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+// This file may be included in every *.c file that uses printf(...) except for ndpi_main.c !
+
+#include "ndpi_config.h"
+
+#ifndef NDPI_CFFI_PREPROCESSING
+
+#undef printf
+#undef fprintf
+
+#include "ndpi_typedefs.h"
+
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+
+#define printf(...) ndpi_debug_printf(0, NULL, NDPI_LOG_DEBUG_EXTRA, __FILE__, __func__, __LINE__, __VA_ARGS__)
+
+#ifdef NDPI_REPLACE_FPRINTF
+#define fprintf(stream, ...) ndpi_debug_printf(0, NULL, NDPI_LOG_ERROR, __FILE__, __func__, __LINE__, __VA_ARGS__)
+#endif
+
+#else
+
+#define printf(...) do {} while(0);
+
+#ifdef NDPI_REPLACE_FPRINTF
+#define fprintf(stream, ...) do {} while(0);
+#endif
+
+#endif
+
+void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level,
+                       const char *file_name, const char *func_name, int line_number, const char *format, ...);
+
+#endif
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 3bf819025..25d7e2cc6 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -54,6 +54,8 @@
 #include "third_party/include/uthash.h"
 #include "third_party/include/rce_injection.h"
 
+#include "ndpi_replace_printf.h"
+
 #define NDPI_CONST_GENERIC_PROTOCOL_NAME  "GenericProtocol"
 
 // #define MATCH_DEBUG 1
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 271409057..2828202dd 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -62,7 +62,7 @@ static void ndpi_set_binary_application_transfer(struct ndpi_detection_module_st
   /*
     Check known exceptions
   */
-  if(ndpi_ends_with((char*)flow->host_server_name, ".windowsupdate.com"))
+  if(ndpi_ends_with(ndpi_struct, (char*)flow->host_server_name, ".windowsupdate.com"))
     ;
   else
     ndpi_set_risk(ndpi_struct, flow, NDPI_BINARY_APPLICATION_TRANSFER, msg);
diff --git a/src/lib/third_party/include/roaring.h b/src/lib/third_party/include/roaring.h
index 117f861b4..500ba9cb9 100644
--- a/src/lib/third_party/include/roaring.h
+++ b/src/lib/third_party/include/roaring.h
@@ -259,10 +259,13 @@ static inline void roaring_bitmap_set_copy_on_write(roaring_bitmap_t* r,
 
 roaring_bitmap_t *roaring_bitmap_add_offset(const roaring_bitmap_t *bm,
                                             int64_t offset);
+
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /**
  * Describe the inner structure of the bitmap.
  */
 void roaring_bitmap_printf_describe(const roaring_bitmap_t *r);
+#endif
 
 /**
  * Creates a new bitmap from a list of uint32_t integers
@@ -286,10 +289,12 @@ roaring_bitmap_t *roaring_bitmap_copy(const roaring_bitmap_t *r);
 bool roaring_bitmap_overwrite(roaring_bitmap_t *dest,
                               const roaring_bitmap_t *src);
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /**
  * Print the content of the bitmap.
  */
 void roaring_bitmap_printf(const roaring_bitmap_t *r);
+#endif
 
 /**
  * Computes the intersection between two bitmaps and returns new bitmap. The
diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c
index cade82bab..12bc422ac 100644
--- a/src/lib/third_party/src/ahocorasick.c
+++ b/src/lib/third_party/src/ahocorasick.c
@@ -43,6 +43,8 @@ typedef __kernel_size_t size_t;
 #include "ndpi_api.h"
 #include "ahocorasick.h"
 
+#include "../../ndpi_replace_printf.h"
+
 /* TODO: For different depth of node, number of outgoing edges differs
    considerably, It is efficient to use different chunk size for 
    different depths */
@@ -482,6 +484,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz,
               if(match->match_map) {
                   match->match_counter++; /* we have a matching */
 #ifndef __KERNEL__
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
                   if(debug) {
                       int i;
                       AC_PATTERN_t *patterns = curr->matched_patterns->patterns;
@@ -495,6 +498,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz,
                       }
                   }
 #endif
+#endif
                   if(thiz->match_handler) {
                       /* We check 'next' to find out if we came here after a alphabet
                        * transition or due to a fail. in second case we should not report
@@ -521,6 +525,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz,
       if(txt->match.matched[i]) {
             *param = (txt->match.matched[i])->rep;
 #ifndef __KERNEL__
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
             if(debug) {
                 AC_PATTERN_t *pattern = txt->match.matched[i];
                 printf("best match: %c%.*s%c [%u]\n",
@@ -530,6 +535,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz,
                           pattern->rep.number);
             }
 #endif
+#endif
             thiz->stats.n_found++;
             return 1;
       }
diff --git a/src/lib/third_party/src/roaring.c b/src/lib/third_party/src/roaring.c
index f8ee417da..a207b06bf 100644
--- a/src/lib/third_party/src/roaring.c
+++ b/src/lib/third_party/src/roaring.c
@@ -1912,6 +1912,7 @@ int array_container_to_uint32_array(void *vout, const array_container_t *cont,
 /* Compute the number of runs */
 int32_t array_container_number_of_runs(const array_container_t *ac);
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /*
  * Print this container using printf (useful for debugging).
  */
@@ -1923,6 +1924,7 @@ void array_container_printf(const array_container_t *v);
  */
 void array_container_printf_as_uint32_array(const array_container_t *v,
                                             uint32_t base);
+#endif
 
 /**
  * Return the serialized size in bytes of a container having cardinality "card".
@@ -2631,6 +2633,7 @@ int bitset_container_to_uint32_array(uint32_t *out,
                                      const bitset_container_t *bc,
                                      uint32_t base);
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /*
  * Print this container using printf (useful for debugging).
  */
@@ -2642,6 +2645,7 @@ void bitset_container_printf(const bitset_container_t *v);
  */
 void bitset_container_printf_as_uint32_array(const bitset_container_t *v,
                                              uint32_t base);
+#endif
 
 /**
  * Return the serialized size in bytes of a container.
@@ -3154,6 +3158,7 @@ void run_container_xor(const run_container_t *src_1,
 int run_container_to_uint32_array(void *vout, const run_container_t *cont,
                                   uint32_t base);
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /*
  * Print this container using printf (useful for debugging).
  */
@@ -3165,6 +3170,7 @@ void run_container_printf(const run_container_t *v);
  */
 void run_container_printf_as_uint32_array(const run_container_t *v,
                                           uint32_t base);
+#endif
 
 /**
  * Return the serialized size in bytes of a container having "num_runs" runs.
@@ -4290,6 +4296,11 @@ int run_run_container_ixor(
 #include <stdbool.h>
 #include <stdio.h>
 
+#include "ndpi_config.h"
+
+#define NDPI_REPLACE_FPRINTF
+#include "../../ndpi_replace_printf.h"
+
 
 #ifdef __cplusplus
 extern "C" { namespace roaring { namespace internal {
@@ -4696,6 +4707,7 @@ static inline int32_t container_size_in_bytes(
     return 0;  // unreached
 }
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /**
  * print the container (useful for debugging), requires a  typecode
  */
@@ -4707,6 +4719,7 @@ void container_printf(const container_t *container, uint8_t typecode);
  */
 void container_printf_as_uint32_array(const container_t *container,
                                       uint8_t typecode, uint32_t base);
+#endif
 
 /**
  * Checks whether a container is not empty, requires a  typecode
@@ -10423,6 +10436,7 @@ int array_container_to_uint32_array(void *vout, const array_container_t *cont,
     return outpos;
 }
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 void array_container_printf(const array_container_t *v) {
   int i;
     if (v->cardinality == 0) {
@@ -10449,6 +10463,7 @@ void array_container_printf_as_uint32_array(const array_container_t *v,
         printf(",%u", v->array[i] + base);
     }
 }
+#endif
 
 /* Compute the number of runs */
 int32_t array_container_number_of_runs(const array_container_t *ac) {
@@ -11243,6 +11258,7 @@ int bitset_container_to_uint32_array(
 #endif
 }
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /*
  * Print this container using printf (useful for debugging).
  */
@@ -11292,6 +11308,7 @@ void bitset_container_printf_as_uint32_array(const bitset_container_t * v, uint3
 		base += 64;
 	}
 }
+#endif
 
 
 // TODO: use the fast lower bound, also
@@ -11561,6 +11578,11 @@ void container_free(container_t *c, uint8_t type) {
     }
 }
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+void run_container_printf(const run_container_t *cont);
+void run_container_printf_as_uint32_array(const run_container_t *cont,
+                                          uint32_t base);
+
 void container_printf(const container_t *c, uint8_t type) {
     c = container_unwrap_shared(c, &type);
     switch (type) {
@@ -11600,6 +11622,7 @@ void container_printf_as_uint32_array(
             __builtin_unreachable();
     }
 }
+#endif
 
 extern inline bool container_nonzero_cardinality(
         const container_t *c, uint8_t typecode);
@@ -14901,6 +14924,7 @@ int run_container_to_uint32_array(void *vout, const run_container_t *cont,
     return outpos;
 }
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 /*
  * Print this container using printf (useful for debugging).
  */
@@ -14931,6 +14955,7 @@ void run_container_printf_as_uint32_array(const run_container_t *cont,
         uint32_t j;for ( j = 0; j <= le; ++j) printf(",%u", run_start + j);
     }
 }
+#endif
 
 int32_t run_container_write(const run_container_t *container, char *buf) {
     uint16_t cast_16 = container->n_runs;
@@ -15561,6 +15586,7 @@ void roaring_bitmap_remove_range_closed(roaring_bitmap_t *r, uint32_t min, uint3
 extern inline void roaring_bitmap_add_range(roaring_bitmap_t *r, uint64_t min, uint64_t max);
 extern inline void roaring_bitmap_remove_range(roaring_bitmap_t *r, uint64_t min, uint64_t max);
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 void roaring_bitmap_printf(const roaring_bitmap_t *r) {
     const roaring_array_t *ra = &r->high_low_container;
 
@@ -15596,6 +15622,7 @@ void roaring_bitmap_printf_describe(const roaring_bitmap_t *r) {
     }
     printf("}");
 }
+#endif
 
 typedef struct min_max_sum_s {
     uint32_t min;
diff --git a/tests/dga/dga_evaluate.c b/tests/dga/dga_evaluate.c
index 98cc6a2b1..6f4d187f8 100644
--- a/tests/dga/dga_evaluate.c
+++ b/tests/dga/dga_evaluate.c
@@ -36,10 +36,32 @@ void help() {
   exit(0);
 }
 
-
 /* *********************************************** */
 
-extern int ndpi_verbose_dga_detection;
+static int verbose_dga_detection = 0;
+
+static void ndpi_dbg_fn(u_int32_t protocol,
+                        struct ndpi_detection_module_struct *module_struct,
+                        ndpi_log_level_t log_level, const char *file,
+                        const char *func, unsigned line,
+                        const char *format, ...)
+{
+  assert(protocol == NDPI_PROTOCOL_UNKNOWN);
+  assert(module_struct != NULL);
+  assert(log_level == NDPI_LOG_DEBUG_EXTRA);
+
+  (void)file;
+  (void)func;
+  (void)line;
+
+  if (verbose_dga_detection) {
+    va_list vl;
+
+    va_start(vl, format);
+    vprintf(format, vl);
+    va_end(vl);
+  }
+}
 
 int main(int argc, char **argv) {
   FILE *fd;
@@ -59,7 +81,7 @@ int main(int argc, char **argv) {
     verbose = 1;
     
     if(argv[3] != NULL)
-      ndpi_verbose_dga_detection = 1;
+      verbose_dga_detection = 1;
   }
   
   if (ndpi_get_api_version() != NDPI_API_VERSION) {
@@ -73,6 +95,8 @@ int main(int argc, char **argv) {
   assert(ndpi_str != NULL);
   NDPI_BITMASK_SET_ALL(all);
   ndpi_set_protocol_detection_bitmask2(ndpi_str, &all);
+  ndpi_set_log_level(ndpi_str, NDPI_LOG_DEBUG_EXTRA);
+  set_ndpi_debug_function(ndpi_str, ndpi_dbg_fn);
   ndpi_finalize_initialization(ndpi_str);
   assert(ndpi_str != NULL);
 
diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj
index 38e549980..ba74076cb 100644
--- a/windows/nDPI.vcxproj
+++ b/windows/nDPI.vcxproj
@@ -63,7 +63,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>$(ProjectDir)src\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(ProjectDir)src\;$(ProjectDir)src\lib\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>NDPI_LIB_COMPILATION;WIN32;_WIN64;_DEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>Default</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -91,7 +91,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug-ndpiReader|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>$(ProjectDir)src\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;$(ProjectDir)..\windows\WpdPack\Include\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(ProjectDir)src\;$(ProjectDir)src\lib\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;$(ProjectDir)..\windows\WpdPack\Include\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>PTW32_STATIC_LIB;STATIC_GETOPT;NDPI_LIB_COMPILATION;HAVE_STRUCT_TIMESPEC;WIN32;_WIN64;_DEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>Default</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -352,6 +352,7 @@
     <ClInclude Include="..\src\include\ndpi_main.h" />
     <ClInclude Include="..\src\include\ndpi_patricia_typedefs.h" />
     <ClInclude Include="..\src\include\ndpi_utils.h" />
+    <ClInclude Include="..\src\lib\ndpi_replace_printf.h" />
     <ClInclude Include="..\src\lib\protocols\btlib.h" />
     <ClInclude Include="..\src\lib\third_party\include\ahocorasick.h" />
     <ClInclude Include="..\src\include\ndpi_includes.h" />