diff options
| author | Luca Deri <deri@ntop.org> | 2025-05-20 23:14:59 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2025-05-20 23:14:59 +0200 |
| commit | c590dc49551b32f12ebb4850e13a99cacbf90366 (patch) | |
| tree | 00267be44fc76d2f5745d3e4a7575e82965fb814 /example/ndpiReader.c | |
| parent | 34ee4d0b1d2ed080a85a93780a0eaf68136c109f (diff) | |
Added new APi calls
- ndpi_is_master_only_protocol()
- ndpi_normalize_protocol()
These two APi calls are used to normalize mater/app nDPI protocols
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cda1d3507..dbb6b04df 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -68,6 +68,9 @@ #define HEURISTICS_CODE 1 +/* Necessary to make sure protocols are properly defined */ +#define PROTO_DEBUG 1 + /** Client parameters **/ static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interfaces */ @@ -1855,6 +1858,26 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->tunnel_type != ndpi_no_tunnel) fprintf(out, "%s:", ndpi_tunnel2str(flow->tunnel_type)); +#ifdef PROTO_DEBUG + if((flow->detected_protocol.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && + (flow->detected_protocol.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + && (flow->detected_protocol.proto.app_protocol != + flow->detected_protocol.proto.master_protocol)) { + if(ndpi_is_master_only_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.proto.app_protocol)) { + printf("[INTERNAL ERROR] %u/%s [%u.%u/%s] unexpected as application protocol\n", + flow->detected_protocol.proto.app_protocol, + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.proto.app_protocol), + flow->detected_protocol.proto.master_protocol, + flow->detected_protocol.proto.app_protocol, + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol, buf1, sizeof(buf1)) + ); + } + } +#endif + fprintf(out, "%s/%s][IP: %u/%s]", ndpi_protocol2id(flow->detected_protocol, buf, sizeof(buf)), ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, @@ -1880,7 +1903,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->rtp[1 /* srv -> cli */].payload_detected) { if (flow->rtp[0].payload_detected) fprintf(out, " / "); - + fprintf(out, "%s (%u.%u)]", ndpi_rtp_payload_type2str(flow->rtp[1].payload_type, flow->rtp[1].evs_subtype), flow->rtp[1].payload_type, flow->rtp[1].evs_subtype); } else @@ -3774,6 +3797,11 @@ static void printFlowsStats() { #endif for(i=0; i<num_flows; i++) { +#ifdef PROTO_DEBUG + ndpi_normalize_protocol(ndpi_thread_info[all_flows[i].thread_id].workflow->ndpi_struct, + &all_flows[i].flow->detected_protocol.proto); +#endif + #ifndef DIRECTION_BINS if(enable_doh_dot_detection) { /* Discard flows with few packets per direction */ |