diff options
| author | Luca Deri <deri@ntop.org> | 2019-07-24 23:55:07 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-07-24 23:55:07 +0200 |
| commit | 3369716fc3cafa28ea20cb98a89596e19aec6225 (patch) | |
| tree | e2111dcdd168a82592b983b6bf2a8d20e400fcd9 /example/reader_util.h | |
| parent | 21485683475ab6b3bb4468f142843d5f15f412f8 (diff) | |
Added SPLT (sequence of packet length and time) and BD (byte distribution) with -J
Diffstat (limited to 'example/reader_util.h')
| -rw-r--r-- | example/reader_util.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/example/reader_util.h b/example/reader_util.h index b006fd8d3..c4932118c 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -31,6 +31,7 @@ #include "uthash.h" #include <pcap.h> +#include "ndpi_classify.h" #ifdef USE_DPDK #include <rte_eal.h> @@ -50,6 +51,14 @@ extern int dpdk_port_init(int port, struct rte_mempool *mbuf_pool); #endif +/* ETTA Spec defiintions for feature readiness */ +#define ETTA_MIN_PACKETS 10 +#define ETTA_MIN_OCTETS 4000 +/** maximum line length */ +#define LINEMAX 512 +#define MAX_BYTE_COUNT_ARRAY_LENGTH 256 +#define MAX_NUM_PKTS 100 + #define MAX_NUM_READER_THREADS 16 #define IDLE_SCAN_PERIOD 10 /* msec (use TICK_RESOLUTION = 1000) */ #define MAX_IDLE_TIME 30000 @@ -128,6 +137,7 @@ typedef struct ndpi_flow_info { u_int64_t last_seen; u_int64_t src2dst_bytes, dst2src_bytes; u_int32_t src2dst_packets, dst2src_packets; + u_int32_t src2dst_opackets, dst2src_opackets; u_int32_t has_human_readeable_strings; char human_readeable_string_buffer[32]; @@ -148,6 +158,27 @@ typedef struct ndpi_flow_info { } ssh_ssl; void *src_id, *dst_id; + + // Entropy fields + u_int16_t src2dst_pkt_len[MAX_NUM_PKTS]; /*!< array of packet appdata lengths */ + struct timeval src2dst_pkt_time[MAX_NUM_PKTS]; /*!< array of arrival times */ + u_int16_t dst2src_pkt_len[MAX_NUM_PKTS]; /*!< array of packet appdata lengths */ + struct timeval dst2src_pkt_time[MAX_NUM_PKTS]; /*!< array of arrival times */ + struct timeval src2dst_start; /*!< first packet arrival time */ + struct timeval dst2src_start; /*!< first packet arrival time */ + u_int16_t src2dst_pkt_count; /*!< packet counts */ + u_int16_t dst2src_pkt_count; /*!< packet counts */ + u_int32_t src2dst_l4_bytes; /*!< packet counts */ + u_int32_t dst2src_l4_bytes; /*!< packet counts */ + u_int32_t src2dst_byte_count[256]; /*!< number of occurences of each byte */ + u_int32_t dst2src_byte_count[256]; /*!< number of occurences of each byte */ + u_int32_t src2dst_num_bytes; + u_int32_t dst2src_num_bytes; + double src2dst_bd_mean; + double src2dst_bd_variance; + double dst2src_bd_mean; + double dst2src_bd_variance; + float score; } ndpi_flow_info_t; @@ -245,6 +276,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl u_int32_t ethernet_crc32(const void* data, size_t n_bytes); void ndpi_flow_info_freer(void *node); const char* print_cipher_id(u_int32_t cipher); +float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes); extern int nDPI_LogLevel; |