diff options
| author | Luca Deri <deri@ntop.org> | 2019-08-22 23:42:07 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-08-22 23:42:07 +0200 |
| commit | d2fe21ddffbbae12880b9d5ece1eb2c7d13a09ca (patch) | |
| tree | 02130bea218c4eaf6c1a1af8e7998c47deb49fd0 /example | |
| parent | 2134f83948b629640b4c372dfdfc9f2eaf7b20a2 (diff) | |
Enhanced -P in ndpiReader so that it can now specify additional parameters
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 39 | ||||
| -rw-r--r-- | example/reader_util.c | 33 |
2 files changed, 62 insertions, 10 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 708e330e1..aad1f9eb9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -107,6 +107,9 @@ static time_t capture_until = 0; static u_int32_t num_flows; static struct ndpi_detection_module_struct *ndpi_info_mod = NULL; +extern u_int32_t max_num_packets_per_flow, max_packet_payload_dissection; +extern u_int16_t min_pattern_len, max_pattern_len; + struct flow_info { struct ndpi_flow_info *flow; u_int16_t thread_id; @@ -366,7 +369,12 @@ static void help(u_int long_help) { " -J | Display flow SPLT (sequence of packet length and time)\n" " | and BD (byte distribution). See https://github.com/cisco/joy\n" " -t | Dissect GTP/TZSP tunnels\n" - " -P | Enable payload analysis\n" + " -P <a>:<b>:<c>:<d> | Enable payload analysis:\n" + " | <a> = min pattern len to search\n" + " | <b> = max pattern len to search\n" + " | <c> = max num packets per flow\n" + " | <d> = max packet payload dissection\n" + " | Default: %u:%u:%u:%u\n" " -r | Print nDPI version and git revision\n" " -c <path> | Load custom categories from the specified file\n" " -w <path> | Write test output on the specified file. This is useful for\n" @@ -386,8 +394,9 @@ static void help(u_int long_help) { " -U <num> | Max number of UDP processed packets before giving up [default: %u]\n" , human_readeable_string_len, - max_num_tcp_dissected_pkts, - max_num_udp_dissected_pkts); + min_pattern_len, max_pattern_len, max_num_packets_per_flow, max_packet_payload_dissection, + max_num_tcp_dissected_pkts, max_num_udp_dissected_pkts + ); #ifndef WIN32 printf("\nExcap (wireshark) options:\n" @@ -595,7 +604,7 @@ static void parseOptions(int argc, char **argv) { } #endif - while((opt = getopt_long(argc, argv, "e:c:df:g:i:hp:Pl:s:tv:V:n:j:Jrp:w:q0123:456:7:89:m:b:x:T:U:", + while((opt = getopt_long(argc, argv, "e:c:df:g:i:hp:P:l:s:tv:V:n:j:Jrp:w:q0123:456:7:89:m:b:x:T:U:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); @@ -697,7 +706,24 @@ static void parseOptions(int argc, char **argv) { break; case 'P': - enable_payload_analyzer = 1; + { + int _min_pattern_len, _max_pattern_len, _max_num_packets_per_flow, _max_packet_payload_dissection; + + enable_payload_analyzer = 1; + if(sscanf(optarg, "%d:%d:%d:%d", &_min_pattern_len, &_max_pattern_len, + &_max_num_packets_per_flow, &_max_packet_payload_dissection) == 4) { + min_pattern_len = _min_pattern_len, max_pattern_len = _max_pattern_len; + max_num_packets_per_flow = _max_num_packets_per_flow, max_packet_payload_dissection = _max_packet_payload_dissection; + if(min_pattern_len > max_pattern_len) min_pattern_len = max_pattern_len; + if(min_pattern_len < 2) min_pattern_len = 2; + if(max_pattern_len > 16) max_pattern_len = 16; + if(max_num_packets_per_flow == 0) max_num_packets_per_flow = 1; + if(max_packet_payload_dissection < 4) max_packet_payload_dissection = 4; + } else { + printf("Invalid -P format. Ignored\n"); + help(0); + } + } break; case 'j': @@ -935,7 +961,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa ); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); - + if(enable_payload_analyzer) fprintf(out, "[flowId: %u]", flow->flow_id); + if(enable_joy_stats) { /* Print entropy values for monitored flows. */ flowGetBDMeanandVariance(flow); diff --git a/example/reader_util.c b/example/reader_util.c index b8e21cce8..2e6cec674 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -85,17 +85,23 @@ static u_int32_t flow_id = 0; /* ****************************************************** */ +struct flow_id_stats { + u_int32_t flow_id; + UT_hash_handle hh; /* makes this structure hashable */ +}; + struct payload_stats { u_int8_t *pattern; u_int8_t pattern_len; u_int16_t num_occurrencies; + struct flow_id_stats *flows; UT_hash_handle hh; /* makes this structure hashable */ }; struct payload_stats *pstats = NULL; u_int32_t max_num_packets_per_flow = 32; -u_int32_t max_packet_payload_dissection = 32; /* Full payload */ +u_int32_t max_packet_payload_dissection = 128; u_int16_t min_pattern_len = 4; u_int16_t max_pattern_len = 8; @@ -106,7 +112,8 @@ void ndpi_analyze_payload(struct ndpi_flow_info *flow, u_int16_t payload_len) { struct payload_stats *ret; u_int i; - + struct flow_id_stats *f; + #ifdef DEBUG_PAYLOAD for(i=0; i<payload_len; i++) printf("%c", isprint(payload[i]) ? payload[i] : '.'); @@ -136,6 +143,15 @@ void ndpi_analyze_payload(struct ndpi_flow_info *flow, ret->num_occurrencies++; // printf("==> %u\n", ret->num_occurrencies); } + + HASH_FIND_INT(ret->flows, &flow->flow_id, f); + if(f == NULL) { + if((f = (struct flow_id_stats*)calloc(1, sizeof(struct flow_id_stats))) == NULL) + return; /* OOM */ + + f->flow_id = flow->flow_id; + HASH_ADD_INT(ret->flows, flow_id, f); + } } @@ -181,7 +197,8 @@ static int payload_stats_sort_asc(void *_a, void *_b) { void print_payload_stat(struct payload_stats *p) { u_int i; - + struct flow_id_stats *s, *tmp; + printf("\t["); for(i=0; i<p->pattern_len; i++) { @@ -201,8 +218,16 @@ void print_payload_stat(struct payload_stats *p) { for(; i<16; i++) printf(" "); for(i=p->pattern_len; i<max_pattern_len; i++) printf(" "); - printf("[len: %u][num_occurrencies: %u]\n", + printf("[len: %u][num_occurrencies: %u][flowId: ", p->pattern_len, p->num_occurrencies); + + i = 0; + HASH_ITER(hh, p->flows, s, tmp) { + printf("%s%u", (i > 0) ? " " : "", s->flow_id); + i++; + } + + printf("]\n"); } /* ***************************************************** */ |