Added new risk NDPI_TCP_ISSUES

author: Luca Deri <deri@ntop.org> 2023-01-24 22:58:17 +0100
committer: Luca Deri <deri@ntop.org> 2023-01-24 22:58:17 +0100
commit: 5849863ef91b9b6a3acc8f1799c6b3642d35f34c (patch)
tree: 93478fb1bcac0de8925b19dfc7f4b75af9343bf4 /example/ndpiReader.c
parent: 5e8c1ebbb7f67033916ed4878cd6c2a662073898 (diff)
1 files changed, 33 insertions, 32 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 4e7d97ab4..d98754db7 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -2119,7 +2119,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port,
 /* *********************************************** */
 
 /* @brief heuristic choice for receiver stats */
-static int acceptable(u_int32_t num_pkts){
+static int acceptable(u_int32_t num_pkts) {
   return num_pkts > 5;
 }
 
@@ -2177,7 +2177,7 @@ static void mergeTables(struct receiver **primary, struct receiver **secondary)
 
   HASH_ITER(hh, *primary, r, tmp) {
     HASH_FIND_INT(*secondary, (int *)&(r->addr), s);
-    if(s == NULL){
+    if(s == NULL) {
       s = (struct receiver *)ndpi_malloc(sizeof(struct receiver));
       if(!s) return;
 
@@ -2208,7 +2208,7 @@ static void deleteReceivers(struct receiver *rcvrs) {
 /* *********************************************** */
 /* implementation of: https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf
  *
- * if(table1.size < max1 || acceptable){
+ * if(table1.size < max1 || acceptable) {
  *    create new element and add to the table1
  *    if(table1.size > max2) {
  *      cut table1 back to max1
@@ -2230,7 +2230,7 @@ static void updateReceivers(struct receiver **rcvrs, u_int32_t dst_addr,
   HASH_FIND_INT(*rcvrs, (int *)&dst_addr, r);
   if(r == NULL) {
     if(((size = HASH_COUNT(*rcvrs)) < MAX_TABLE_SIZE_1)
-       || ((a = acceptable(num_pkts)) != 0)){
+       || ((a = acceptable(num_pkts)) != 0)) {
       r = (struct receiver *)ndpi_malloc(sizeof(struct receiver));
       if(!r) return;
 
@@ -2240,13 +2240,13 @@ static void updateReceivers(struct receiver **rcvrs, u_int32_t dst_addr,
 
       HASH_ADD_INT(*rcvrs, addr, r);
 
-      if((size = HASH_COUNT(*rcvrs)) > MAX_TABLE_SIZE_2){
+      if((size = HASH_COUNT(*rcvrs)) > MAX_TABLE_SIZE_2) {
 
         HASH_SORT(*rcvrs, receivers_sort_asc);
         *rcvrs = cutBackTo(rcvrs, size, MAX_TABLE_SIZE_1);
         mergeTables(rcvrs, topRcvrs);
 
-        if((size = HASH_COUNT(*topRcvrs)) > MAX_TABLE_SIZE_1){
+        if((size = HASH_COUNT(*topRcvrs)) > MAX_TABLE_SIZE_1) {
           HASH_SORT(*topRcvrs, receivers_sort_asc);
           *topRcvrs = cutBackTo(topRcvrs, size, MAX_TABLE_SIZE_1);
         }
@@ -2690,7 +2690,7 @@ static void printRiskStats() {
 /* *********************************************** */
 
 /*function to use in HASH_SORT function in verbose == 4 to order in creasing order to delete host with the leatest occurency*/
-static int hash_stats_sort_to_order(void *_a, void *_b){
+static int hash_stats_sort_to_order(void *_a, void *_b) {
 	struct hash_stats *a = (struct hash_stats*)_a;
 	struct hash_stats *b = (struct hash_stats*)_b;
 	
@@ -2700,7 +2700,7 @@ static int hash_stats_sort_to_order(void *_a, void *_b){
 /* *********************************************** */
 
 /*function to use in HASH_SORT function in verbose == 4 to print in decreasing order*/
-static int hash_stats_sort_to_print(void *_a, void *_b){
+static int hash_stats_sort_to_print(void *_a, void *_b) {
 	struct hash_stats *a = (struct hash_stats*)_a;
 	struct hash_stats *b = (struct hash_stats*)_b;
 	
@@ -2752,12 +2752,12 @@ static void printFlowsStats() {
         ndpi_ja3_fingerprints_host *hostByJA3Found = NULL;
 
         //check if this is a ssh-ssl flow
-        if(all_flows[i].flow->ssh_tls.ja3_client[0] != '\0'){
+        if(all_flows[i].flow->ssh_tls.ja3_client[0] != '\0') {
           //looking if the host is already in the hash table
           HASH_FIND_INT(ja3ByHostsHashT, &(all_flows[i].flow->src_ip), ja3ByHostFound);
 
           //host ip -> ja3
-          if(ja3ByHostFound == NULL){
+          if(ja3ByHostFound == NULL) {
             //adding the new host
             ndpi_host_ja3_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja3_fingerprints));
             newHost->host_client_info_hasht = NULL;
@@ -2781,7 +2781,7 @@ static void printFlowsStats() {
             HASH_FIND_STR(ja3ByHostFound->host_client_info_hasht,
                           all_flows[i].flow->ssh_tls.ja3_client, infoFound);
 
-            if(infoFound == NULL){
+            if(infoFound == NULL) {
               ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info));
               newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_client;
               newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher;
@@ -2792,7 +2792,7 @@ static void printFlowsStats() {
 
           //ja3 -> host ip
           HASH_FIND_STR(hostByJA3C_ht, all_flows[i].flow->ssh_tls.ja3_client, hostByJA3Found);
-          if(hostByJA3Found == NULL){
+          if(hostByJA3Found == NULL) {
             ndpi_ip_dns *newHost = ndpi_malloc(sizeof(ndpi_ip_dns));
 
             newHost->ip = all_flows[i].flow->src_ip;
@@ -2810,7 +2810,7 @@ static void printFlowsStats() {
           } else {
             ndpi_ip_dns *innerElement = NULL;
             HASH_FIND_INT(hostByJA3Found->ipToDNS_ht, &(all_flows[i].flow->src_ip), innerElement);
-            if(innerElement == NULL){
+            if(innerElement == NULL) {
               ndpi_ip_dns *newInnerElement = ndpi_malloc(sizeof(ndpi_ip_dns));
               newInnerElement->ip = all_flows[i].flow->src_ip;
               newInnerElement->ip_string = all_flows[i].flow->src_name;
@@ -2820,10 +2820,10 @@ static void printFlowsStats() {
           }
         }
 
-        if(all_flows[i].flow->ssh_tls.ja3_server[0] != '\0'){
+        if(all_flows[i].flow->ssh_tls.ja3_server[0] != '\0') {
           //looking if the host is already in the hash table
           HASH_FIND_INT(ja3ByHostsHashT, &(all_flows[i].flow->dst_ip), ja3ByHostFound);
-          if(ja3ByHostFound == NULL){
+          if(ja3ByHostFound == NULL) {
             //adding the new host in the hash table
             ndpi_host_ja3_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja3_fingerprints));
             newHost->host_client_info_hasht = NULL;
@@ -2845,7 +2845,7 @@ static void printFlowsStats() {
             ndpi_ja3_info *infoFound = NULL;
             HASH_FIND_STR(ja3ByHostFound->host_server_info_hasht,
                           all_flows[i].flow->ssh_tls.ja3_server, infoFound);
-            if(infoFound == NULL){
+            if(infoFound == NULL) {
               ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info));
               newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_server;
               newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher;
@@ -2855,7 +2855,7 @@ static void printFlowsStats() {
           }
 
           HASH_FIND_STR(hostByJA3S_ht, all_flows[i].flow->ssh_tls.ja3_server, hostByJA3Found);
-          if(hostByJA3Found == NULL){
+          if(hostByJA3Found == NULL) {
             ndpi_ip_dns *newHost = ndpi_malloc(sizeof(ndpi_ip_dns));
 
             newHost->ip = all_flows[i].flow->dst_ip;
@@ -2874,7 +2874,7 @@ static void printFlowsStats() {
             ndpi_ip_dns *innerElement = NULL;
 
             HASH_FIND_INT(hostByJA3Found->ipToDNS_ht, &(all_flows[i].flow->dst_ip), innerElement);
-            if(innerElement == NULL){
+            if(innerElement == NULL) {
               ndpi_ip_dns *newInnerElement = ndpi_malloc(sizeof(ndpi_ip_dns));
               newInnerElement->ip = all_flows[i].flow->dst_ip;
               newInnerElement->ip_string = all_flows[i].flow->dst_name;
@@ -3063,7 +3063,7 @@ static void printFlowsStats() {
       }
     }
 
-    if (verbose == 4){
+    if (verbose == 4) {
 		//how long the table could be
 		unsigned int len_table_max = 1000;
 	      	//number of element to delete when the table is full
@@ -3073,9 +3073,9 @@ static void printFlowsStats() {
 		struct hash_stats *tmp = NULL;
 		int len_max = 0;    
 		      
-	      	for (i = 0; i<num_flows; i++){
+	      	for (i = 0; i<num_flows; i++) {
 			
-		if(all_flows[i].flow->host_server_name[0] != '\0'){
+		if(all_flows[i].flow->host_server_name[0] != '\0') {
 		
 			int len = strlen(all_flows[i].flow->host_server_name);
 			len_max = ndpi_max(len,len_max);
@@ -3083,15 +3083,15 @@ static void printFlowsStats() {
 			struct hash_stats *hostFound;
 			HASH_FIND_STR(hostsHashT, all_flows[i].flow->host_server_name, hostFound);
 
-			if(hostFound == NULL){
+			if(hostFound == NULL) {
 				struct hash_stats *newHost = (struct hash_stats*)ndpi_malloc(sizeof(hash_stats));
 			      	newHost->domain_name = all_flows[i].flow->host_server_name;
 				newHost->occurency = 1;
 				if (HASH_COUNT(hostsHashT) == len_table_max) {
 				  int i=0;
-				  while (i<=toDelete){
+				  while (i<=toDelete) {
 					
-				    HASH_ITER(hh, hostsHashT, host_iter, tmp){
+				    HASH_ITER(hh, hostsHashT, host_iter, tmp) {
 				      HASH_DEL(hostsHashT,host_iter);
 				      free(host_iter);
 				      i++;		
@@ -3107,7 +3107,7 @@ static void printFlowsStats() {
 			
 		}
 		
-		if(all_flows[i].flow->ssh_tls.server_info[0] != '\0'){
+		if(all_flows[i].flow->ssh_tls.server_info[0] != '\0') {
 		
 			int len = strlen(all_flows[i].flow->host_server_name);
 			len_max = ndpi_max(len,len_max);
@@ -3115,16 +3115,16 @@ static void printFlowsStats() {
 			struct hash_stats *hostFound;
 		  	HASH_FIND_STR(hostsHashT, all_flows[i].flow->ssh_tls.server_info, hostFound);
 
-		  	if(hostFound == NULL){
+		  	if(hostFound == NULL) {
 		    		struct hash_stats *newHost = (struct hash_stats*)ndpi_malloc(sizeof(hash_stats));
 	      	    		newHost->domain_name = all_flows[i].flow->ssh_tls.server_info;
 		    		newHost->occurency = 1;
 	    
 	    			if ((HASH_COUNT(hostsHashT)) == len_table_max) {
 				  int i=0;
-				  while (i<toDelete){
+				  while (i<toDelete) {
 		
-				    HASH_ITER(hh, hostsHashT, host_iter, tmp){
+				    HASH_ITER(hh, hostsHashT, host_iter, tmp) {
 			 	     HASH_DEL(hostsHashT,host_iter);
 			  	    ndpi_free(host_iter);
 			   	   i++;		
@@ -3150,7 +3150,7 @@ static void printFlowsStats() {
       	
 	//print the element of the hash table
    	int j;
-	HASH_ITER(hh, hostsHashT, host_iter, tmp){
+	HASH_ITER(hh, hostsHashT, host_iter, tmp) {
 		
 		printf("\t%s", host_iter->domain_name);
 		//to print the occurency in aligned column	    	
@@ -3162,7 +3162,7 @@ static void printFlowsStats() {
 	printf("%s", "\n\n");
 
 	//freeing the hash table
-	HASH_ITER(hh, hostsHashT, host_iter, tmp){
+	HASH_ITER(hh, hostsHashT, host_iter, tmp) {
 	   HASH_DEL(hostsHashT, host_iter);
 	   ndpi_free(host_iter);
 	}
@@ -3982,9 +3982,10 @@ static void ndpi_process_packet(u_char *args,
   /* allocate an exact size buffer to check overflows */
   uint8_t *packet_checked = ndpi_malloc(header->caplen);
 
-  if(packet_checked == NULL){
+  if(packet_checked == NULL) {
     return ;
   }
+  
   memcpy(packet_checked, packet, header->caplen);
   p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked, &flow_risk);
 
@@ -4092,7 +4093,7 @@ static void ndpi_process_packet(u_char *args,
     Leave the free as last statement to avoid crashes when ndpi_detection_giveup()
     is called above by printResults()
   */
-  if(packet_checked){
+  if(packet_checked) {
     ndpi_free(packet_checked);
     packet_checked = NULL;
   }
author	Luca Deri <deri@ntop.org>	2023-01-24 22:58:17 +0100
committer	Luca Deri <deri@ntop.org>	2023-01-24 22:58:17 +0100
commit	5849863ef91b9b6a3acc8f1799c6b3642d35f34c (patch)
tree	93478fb1bcac0de8925b19dfc7f4b75af9343bf4 /example/ndpiReader.c
parent	5e8c1ebbb7f67033916ed4878cd6c2a662073898 (diff)