diff options
| author | Luca Deri <deri@ntop.org> | 2019-08-27 10:44:41 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-08-27 10:44:41 +0200 |
| commit | 6011790d79eb9f6ebb2a21972b13bcde347d80b5 (patch) | |
| tree | 669317508a24b242a444ef9e61fdec7ab52273f4 /example | |
| parent | 2acffb41638233f6576663b77bfdd7574014fd1d (diff) | |
Entropy calculation example
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 3 | ||||
| -rw-r--r-- | example/reader_util.c | 17 | ||||
| -rw-r--r-- | example/reader_util.h | 4 |
3 files changed, 20 insertions, 4 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 22af8cfa7..da7240edd 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -997,6 +997,9 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); + if(flow->entropy.pktlen_c_to_s || flow->entropy.pktlen_s_to_c) + fprintf(out, "[pktlen entropy: %.2f / %.2f]", flow->entropy.pktlen_c_to_s, flow->entropy.pktlen_s_to_c); + if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version)); if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_tls.client_info); if(flow->ssh_tls.client_hassh[0] != '\0') fprintf(out, "[HASSH-C: %s]", flow->ssh_tls.client_hassh); diff --git a/example/reader_util.c b/example/reader_util.c index 820bd9d57..854471e63 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -262,8 +262,6 @@ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { if(flow->ndpi_flow) { ndpi_flow_free(flow->ndpi_flow); flow->ndpi_flow = NULL; } if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } - if(flow->bytes_c_to_s) ndpi_free_data_analysis(flow->bytes_c_to_s); - if(flow->bytes_s_to_c) ndpi_free_data_analysis(flow->bytes_s_to_c); } /* ***************************************************** */ @@ -400,6 +398,13 @@ void ndpi_flow_info_freer(void *node) { struct ndpi_flow_info *flow = (struct ndpi_flow_info*)node; ndpi_free_flow_info_half(flow); + + if(flow->bytes_c_to_s) + ndpi_free_data_analysis(flow->bytes_c_to_s); + + if(flow->bytes_s_to_c) + ndpi_free_data_analysis(flow->bytes_s_to_c); + ndpi_free(flow); } @@ -865,6 +870,10 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); + if(flow->bytes_c_to_s) flow->entropy.pktlen_c_to_s = ndpi_entropy(flow->bytes_c_to_s); + + if(flow->bytes_s_to_c) flow->entropy.pktlen_s_to_c = ndpi_entropy(flow->bytes_s_to_c); + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_DHCP) { snprintf(flow->dhcp_fingerprint, sizeof(flow->dhcp_fingerprint), "%s", flow->ndpi_flow->protos.dhcp.fingerprint); } else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { @@ -985,11 +994,11 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if(src_to_dst_direction) { flow->src2dst_packets++, flow->src2dst_bytes += rawsize; flow->src2dst_l4_bytes += payload_len; - // ndpi_data_add_value(flow->bytes_c_to_s, rawsize); + if(flow->bytes_c_to_s) ndpi_data_add_value(flow->bytes_c_to_s, rawsize); } else { flow->dst2src_packets++, flow->dst2src_bytes += rawsize; flow->dst2src_l4_bytes += payload_len; - // ndpi_data_add_value(flow->bytes_s_to_c, rawsize); + if(flow->bytes_s_to_c) ndpi_data_add_value(flow->bytes_s_to_c, rawsize); } if(enable_payload_analyzer && (payload_len > 0)) diff --git a/example/reader_util.h b/example/reader_util.h index 62001d527..ce06959c5 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -163,6 +163,10 @@ typedef struct ndpi_flow_info { ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; } ssh_tls; + struct { + float pktlen_c_to_s, pktlen_s_to_c; + } entropy; + void *src_id, *dst_id; // Entropy fields |