Added -x for checking patterns

1 files changed, 84 insertions, 23 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 7f3fa08e5..4ff298db8 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -70,6 +70,7 @@ static char *_customCategoryFilePath= NULL; /**< Custom categories file path  */
 static u_int8_t live_capture = 0;
 static u_int8_t undetected_flows_deleted = 0;
 FILE *csv_fp                 = NULL; /**< for CSV export */
+static char* domain_to_check = NULL;
 /** User preferences **/
 u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0, num_bin_clusters = 0;
 u_int8_t verbose = 0, enable_joy_stats = 0;
@@ -212,6 +213,54 @@ extern void ndpi_report_payload_stats();
 FILE *trace = NULL;
 #endif
 
+/* *********************************************** */
+
+void ndpiCheckHostStringMatch(char *testChar) {
+  ndpi_protocol_match_result match = { NDPI_PROTOCOL_UNKNOWN,
+				       NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED };
+  int  testRes;
+  u_int8_t is_host_match = 1;
+  char appBufStr[64];
+  ndpi_protocol detected_protocol;
+  struct ndpi_detection_module_struct *ndpi_str;
+
+  if(!testChar)
+    return;
+
+  ndpi_str = ndpi_init_detection_module(ndpi_no_prefs);
+  ndpi_finalize_initalization(ndpi_str);
+
+  // Display ALL Host strings ie host_match[] ?
+  // void ac_automata_display (AC_AUTOMATA_t * thiz, char repcast);
+  //
+  // ac_automata_display( module->host_automa.ac_automa, 'n');
+
+  testRes =  ndpi_match_string_subprotocol(ndpi_str,
+					   testChar, strlen(testChar), &match,
+					   is_host_match);
+
+  if(testRes) {
+    memset( &detected_protocol, 0, sizeof(ndpi_protocol) );
+
+    detected_protocol.app_protocol    = match.protocol_id;
+    detected_protocol.master_protocol = 0;
+    detected_protocol.category        = match.protocol_category;
+
+    ndpi_protocol2name( ndpi_str, detected_protocol, appBufStr,
+			sizeof(appBufStr));
+
+    printf("Match Found for string [%s] -> P(%d) B(%d) C(%d) => %s %s %s\n",
+	    testChar, match.protocol_id, match.protocol_breed,
+	    match.protocol_category,
+	    appBufStr,
+	    ndpi_get_proto_breed_name( ndpi_str, match.protocol_breed ),
+	    ndpi_category_get_name( ndpi_str, match.protocol_category));
+  } else
+    printf("Match NOT Found for string: %s\n\n", testChar );
+
+  ndpi_exit_detection_module(ndpi_str);
+}
+
 /********************** FUNCTIONS ********************* */
 
 /**
@@ -344,7 +393,7 @@ static void help(u_int long_help) {
 	 "[-f <filter>][-s <duration>][-m <duration>][-b <num bin clusters>]\n"
 	 "          [-p <protos>][-l <loops> [-q][-d][-J][-h][-e <len>][-t][-v <level>]\n"
 	 "          [-n <threads>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n"
-	 "          [-T <num>][-U <num>]\n\n"
+	 "          [-T <num>][-U <num>] [-x <domain>]\n\n"
 	 "Usage:\n"
 	 "  -i <file.pcap|device>     | Specify a pcap file/playlist to read packets from or a\n"
 	 "                            | device for live capture (comma-separated list)\n"
@@ -390,6 +439,7 @@ static void help(u_int long_help) {
 	 "                            | only the last instance will be considered\n"
 	 "  -T <num>                  | Max number of TCP processed packets before giving up [default: %u]\n"
 	 "  -U <num>                  | Max number of UDP processed packets before giving up [default: %u]\n"
+	 "  -x <domain>               | Check domain name [Test only]\n"
 	 ,
 	 human_readeable_string_len,
 	 min_pattern_len, max_pattern_len, max_num_packets_per_flow, max_packet_payload_dissection,
@@ -665,7 +715,7 @@ static void parseOptions(int argc, char **argv) {
   }
 #endif
 
-  while((opt = getopt_long(argc, argv, "b:e:c:C:df:g:i:hp:P:l:s:tv:V:u:n:Jrp:w:q0123:456:7:89:m:T:U:",
+  while((opt = getopt_long(argc, argv, "b:e:c:C:df:g:i:hp:P:l:s:tu:v:V:n:Jrp:x:w:q0123:456:7:89:m:T:U:",
 			   longopts, &option_idx)) != EOF) {
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : "");
@@ -839,6 +889,10 @@ static void parseOptions(int argc, char **argv) {
       if(max_num_tcp_dissected_pkts < 3) max_num_tcp_dissected_pkts = 3;
       break;
 
+    case 'x':
+      domain_to_check = optarg;
+      break;
+
     case 'U':
       max_num_udp_dissected_pkts = atoi(optarg);
       if(max_num_udp_dissected_pkts < 3) max_num_udp_dissected_pkts = 3;
@@ -859,20 +913,22 @@ static void parseOptions(int argc, char **argv) {
     extcap_capture();
   }
 
-  if(_pcap_file[0] == NULL)
-    help(0);
+  if(!domain_to_check) {
+    if(_pcap_file[0] == NULL)
+      help(0);
 
-  if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */
-    num_threads = 0;               /* setting number of threads = number of interfaces */
-    __pcap_file = strtok(_pcap_file[0], ",");
-    while(__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) {
-      _pcap_file[num_threads++] = __pcap_file;
-      __pcap_file = strtok(NULL, ",");
+    if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */
+      num_threads = 0;               /* setting number of threads = number of interfaces */
+      __pcap_file = strtok(_pcap_file[0], ",");
+      while(__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) {
+	_pcap_file[num_threads++] = __pcap_file;
+	__pcap_file = strtok(NULL, ",");
+      }
+    } else {
+      if(num_threads > MAX_NUM_READER_THREADS) num_threads = MAX_NUM_READER_THREADS;
+      for(thread_id = 1; thread_id < num_threads; thread_id++)
+	_pcap_file[thread_id] = _pcap_file[0];
     }
-  } else {
-    if(num_threads > MAX_NUM_READER_THREADS) num_threads = MAX_NUM_READER_THREADS;
-    for(thread_id = 1; thread_id < num_threads; thread_id++)
-      _pcap_file[thread_id] = _pcap_file[0];
   }
 
 #ifdef linux
@@ -1021,7 +1077,7 @@ void print_bin(FILE *fout, const char *label, struct ndpi_bin *b) {
     }
   }
 
-  if(label) fprintf(fout, "]");  
+  if(label) fprintf(fout, "]");
 }
 
 /* ********************************** */
@@ -2477,18 +2533,18 @@ static void printFlowsStats() {
 	char buf[64];
 	u_int j;
 	struct ndpi_bin *centroids;
-	
+
 	if((centroids = (struct ndpi_bin*)ndpi_malloc(sizeof(struct ndpi_bin)*num_bin_clusters)) != NULL) {
 	  for(i=0; i<num_bin_clusters; i++)
 	    ndpi_init_bin(&centroids[i], ndpi_bin_family32 /* Use 32 bit to avoid overlaps */,
 			  bins[0].num_bins);
-	  
+
 	  ndpi_cluster_bins(bins, num_flows, num_bin_clusters, cluster_ids, centroids);
 
 	  printf("\n"
 		 "\tBin clusters\n"
 		 "\t------------\n");
-	
+
 	  for(j=0; j<num_bin_clusters; j++) {
 	    u_int16_t num_printed = 0;
 
@@ -2515,17 +2571,17 @@ static void printFlowsStats() {
 
 	      if(all_flows[i].flow->ssh_tls.client_requested_server_name[0] != '\0')
 		fprintf(out, "[%s]", all_flows[i].flow->ssh_tls.client_requested_server_name);
-	      
+
 	      printf("\n");
 	      num_printed++;
 	    }
 
 	    if(num_printed) printf("\n");
 	  }
-	  
+
 	  for(i=0; i<num_bin_clusters; i++)
 	    ndpi_free_bin(&centroids[i]);
-	  
+
 	  ndpi_free(centroids);
 	}
       }
@@ -3252,13 +3308,13 @@ static void binUnitTest() {
   ndpi_free(bins);
 
   /* ************************ */
-  
+
   ndpi_init_bin(&b0, ndpi_bin_family8, 16);
   ndpi_init_bin(&b1, ndpi_bin_family8, 16);
 
   ndpi_set_bin(&b0, 1, 100);
   ndpi_set_bin(&b1, 1, 100);
-  
+
   printf("Similarity: %f\n\n", ndpi_bin_similarity(&b0, &b1, 1));
 
   ndpi_free_bin(&b0), ndpi_free_bin(&b1);
@@ -3534,6 +3590,11 @@ int orginal_main(int argc, char **argv) {
 
     parseOptions(argc, argv);
 
+    if(domain_to_check) {
+      ndpiCheckHostStringMatch(domain_to_check);
+      exit(0);
+    }
+
     if(!quiet_mode) {
       printf("\n-----------------------------------------------------------\n"
 	     "* NOTE: This is demo app to show *some* nDPI features.\n"