diff options
| author | Luca Deri <deri@ntop.org> | 2025-01-24 23:10:04 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2025-01-24 23:10:04 +0100 |
| commit | dac31d8882c329eecacf9132e75bbb32e6c3f252 (patch) | |
| tree | 86137281a143c6072db1985296a2a743f25e2c00 | |
| parent | 2bf8dbf40f2368e14193a6c47d9debb8034f9e66 (diff) | |
Extracted http host and referer metadata (http protocol)
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 14 |
3 files changed, 17 insertions, 5 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index fbab4714f..dd9effa95 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1354,7 +1354,7 @@ struct ndpi_flow_struct { u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ u_int8_t websocket:1, request_header_observed:1, first_payload_after_header_observed:1, is_form:1, _pad:4; u_int16_t response_status_code; /* 200, 404, etc. */ - char *url, *content_type /* response */, *request_content_type /* e.g. for POST */, *user_agent, *server; + char *url, *content_type /* response */, *request_content_type /* e.g. for POST */, *user_agent, *server, *referer, *host; char *detected_os; /* Via HTTP/QUIC User-Agent */ char *nat_ip; /* Via HTTP X-Forwarded-For */ char *filename; /* Via HTTP Content-Disposition */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e95f8a047..df1a62cc8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6708,6 +6708,12 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) { if(flow->http.request_content_type) ndpi_free(flow->http.request_content_type); + if(flow->http.referer) + ndpi_free(flow->http.referer); + + if(flow->http.host) + ndpi_free(flow->http.host); + if(flow->http.user_agent) ndpi_free(flow->http.user_agent); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 1a341797e..9064f7282 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1027,7 +1027,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->authorization_line.ptr != NULL) { const char *a = NULL, *b = NULL; - + NDPI_LOG_DBG2(ndpi_struct, "Authorization line found %.*s\n", packet->authorization_line.len, packet->authorization_line.ptr); @@ -1042,16 +1042,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->authorization_line.len > len) { u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len], packet->authorization_line.len - len, &content_len); - + if(content != NULL) { char *double_dot = strchr((char*)content, ':'); - + if(double_dot) { double_dot[0] = '\0'; flow->http.username = ndpi_strdup((char*)content); flow->http.password = ndpi_strdup(&double_dot[1]); } - + ndpi_free(content); } @@ -1062,6 +1062,12 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } + if((packet->referer_line.ptr != NULL) && (flow->http.referer == NULL)) + flow->http.referer = ndpi_strndup(packet->referer_line.ptr, packet->referer_line.len); + + if((packet->host_line.ptr != NULL) && (flow->http.host == NULL)) + flow->http.host = ndpi_strndup(packet->host_line.ptr, packet->host_line.len); + if(packet->content_line.ptr != NULL) { NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); |