Added ethernet checksum reforging and nDPI protocol export in nDPI-extcap reader

3 files changed, 62 insertions, 6 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index b32650871..9eab4500f 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -81,7 +81,13 @@ static time_t capture_for = 0;
 static time_t capture_until = 0;
 static u_int32_t num_flows;
 
+struct ndpi_packet_trailer {
+	u_int32_t magic; /* 0x19682017 */
+	u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */;
+};
+
 static pcap_dumper_t *extcap_dumper = NULL;
+static char extcap_buf[2048];
 static char *extcap_capture_fifo    = NULL;
 static u_int16_t extcap_packet_filter = (u_int16_t)-1;
 
@@ -422,7 +428,7 @@ static void parseOptions(int argc, char **argv) {
     case '9':
       extcap_packet_filter = atoi(optarg);
       break;
-      
+
     default:
       help(0);
       break;
@@ -1383,12 +1389,22 @@ static void pcap_packet_callback_checked(u_char *args,
 	 )
      ) {
     struct pcap_pkthdr *h = (struct pcap_pkthdr*)header;
-    
+    uint32_t *crc, delta = sizeof(struct ndpi_packet_trailer) + 4 /* ethernet trailer */;
+    struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen];
+
+    memcpy(extcap_buf, packet, h->caplen);
+    trailer->magic = 0x19682017;
+    trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol;
+    crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)];
+    *crc = 0;
+    ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc);
+    h->caplen += delta,  h->len += delta;
+
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen);
 #endif
-    // h->caplen += 8,  h->len += 8;
-    pcap_dump((u_char*)extcap_dumper, h, packet);
+
+    pcap_dump((u_char*)extcap_dumper, h, (const u_char *)extcap_buf);
   }
 
   /* check for buffer changes */
@@ -1503,7 +1519,7 @@ void test_lib() {
       exit(-1);
     }
   }
-  
+
   gettimeofday(&end, NULL);
   tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
 
diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index 8fe80111a..cd3c8a1e3 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -909,3 +909,43 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow,
   return(packet_processing(workflow, time, vlan_id, iph, iph6,
 			   ip_offset, header->len - ip_offset, header->len));
 }
+
+/* ********************************************************** */
+/*       http://home.thep.lu.se/~bjorn/crc/crc32_fast.c       */
+/* ********************************************************** */
+
+static uint32_t crc32_for_byte(uint32_t r) {
+	for(int j = 0; j < 8; ++j)
+		r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1;
+	return r ^ (uint32_t)0xFF000000L;
+}
+
+/* Any unsigned integer type with at least 32 bits may be used as
+ * accumulator type for fast crc32-calulation, but unsigned long is
+ * probably the optimal choice for most systems. */
+typedef unsigned long accum_t;
+
+static void init_tables(uint32_t* table, uint32_t* wtable) {
+	for(size_t i = 0; i < 0x100; ++i)
+		table[i] = crc32_for_byte(i);
+	for(size_t k = 0; k < sizeof(accum_t); ++k)
+		for(size_t w, i = 0; i < 0x100; ++i) {
+			for(size_t j = w = 0; j < sizeof(accum_t); ++j)
+				w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8;
+			wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0);
+		}
+}
+
+void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) {
+	static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)];
+	size_t n_accum = n_bytes/sizeof(accum_t);
+	if(!*table)
+		init_tables(table, wtable);
+	for(size_t i = 0; i < n_accum; ++i) {
+		accum_t a = *crc ^ ((accum_t*)data)[i];
+		for(size_t j = *crc = 0; j < sizeof(accum_t); ++j)
+			*crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)];
+	}
+	for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i)
+		*crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8;
+}
diff --git a/example/ndpi_util.h b/example/ndpi_util.h
index 4895cdcb1..a8e21d673 100644
--- a/example/ndpi_util.h
+++ b/example/ndpi_util.h
@@ -160,5 +160,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow *
  /* compare two nodes in workflow */
 int ndpi_workflow_node_cmp(const void *a, const void *b);
 void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow);
-
+void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc);
 #endif