aboutsummaryrefslogtreecommitdiff
path: root/example/ndpiReader.c
diff options
context:
space:
mode:
authorLuca <deri@ntop.org>2019-11-05 12:15:27 +0000
committerLuca <deri@ntop.org>2019-11-05 12:15:27 +0000
commitfb56b042c09f0a0bf9170b1ebe4c592cd5ba3244 (patch)
tree7aef6a5660ae460c27d4ffb61957e955b226fd1b /example/ndpiReader.c
parent6298ecc2718a74a7e5c92e57af464d97c3a60bf9 (diff)
parenta26fe08aa665dbc3fd1abeaeb2563839822374b5 (diff)
Merge branch 'dev' of https://github.com/ntop/nDPI into dev
Diffstat (limited to 'example/ndpiReader.c')
-rw-r--r--example/ndpiReader.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 2f4d41465..d52e4a3a9 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -89,7 +89,7 @@ static u_int8_t stats_flag = 0, bpf_filter_flag = 0;
static u_int8_t file_first_time = 1;
#endif
u_int8_t human_readeable_string_len = 5;
-u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 32 /* due to telnet */;
+u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
static u_int32_t pcap_analysis_duration = (u_int32_t)-1;
static u_int16_t decode_tunnels = 0;
static u_int16_t num_loops = 1;
@@ -602,7 +602,7 @@ void printCSVHeader() {
/* Flow info */
fprintf(csv_fp, "client_info,server_info,");
fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,");
- fprintf(csv_fp, "tls_server_info,ja3s,tls_server_unsafe,");
+ fprintf(csv_fp, "ja3s,tls_server_unsafe,");
fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh");
fprintf(csv_fp, "\n");
}
@@ -998,6 +998,23 @@ static char* is_unsafe_cipher(ndpi_cipher_weakness c) {
/* ********************************** */
+char* printUrlRisk(ndpi_url_risk risk) {
+ switch(risk) {
+ case ndpi_url_no_problem:
+ return("");
+ break;
+ case ndpi_url_possible_xss:
+ return(" ** XSS **");
+ break;
+ case ndpi_url_possible_sql_injection:
+ return(" ** SQL Injection **");
+ break;
+ }
+
+ return("");
+}
+/* ********************************** */
+
/**
* @brief Print the flow
*/
@@ -1011,7 +1028,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
if(csv_fp != NULL) {
float data_ratio = ndpi_data_ratio(flow->src2dst_bytes, flow->dst2src_bytes);
- float f = (float)flow->first_seen, l = (float)flow->last_seen;
+ double f = (double)flow->first_seen, l = (double)flow->last_seen;
/* PLEASE KEEP IN SYNC WITH printCSVHeader() */
@@ -1147,8 +1164,10 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
}
if(flow->http.url[0] != '\0')
- fprintf(out, "[URL: %s][StatusCode: %u][ContentType: %s][UserAgent: %s]",
- flow->http.url, flow->http.response_status_code,
+ fprintf(out, "[URL: %s%s][StatusCode: %u][ContentType: %s][UserAgent: %s]",
+ flow->http.url,
+ printUrlRisk(ndpi_validate_url(flow->http.url)),
+ flow->http.response_status_code,
flow->http.content_type, flow->http.user_agent);
if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version, &known_tls));
@@ -1790,6 +1809,7 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth,
undetected_flows_deleted = 1;
ndpi_free_flow_info_half(flow);
+ ndpi_free_flow_data_analysis(flow);
ndpi_thread_info[thread_id].workflow->stats.ndpi_flow_count--;
/* adding to a queue (we can't delete it from the tree inline ) */