Added -N option for dumping/restoring the DNS cache (when enabled)

Example ndpiReader -i en0 --cfg=dpi.address_cache_size,32768 -N /tmp/a
author: Luca Deri <deri@ntop.org> 2024-10-10 18:10:03 +0200
committer: Luca Deri <deri@ntop.org> 2024-10-10 18:10:03 +0200
commit: 2e5edd2cc956b420f6b9e2a2ffec7d435694a69a (patch)
tree: 51cafc72126996a24cb821ba5050ca6a9081f5e8 /example
parent: b9348e9d6e0e754c4b17661c643ca258f1540ca1 (diff)
2 files changed, 26 insertions, 7 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index d1e5d9bb1..d60e5769d 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -94,6 +94,7 @@ static u_int8_t ignore_vlanid = 0;
 FILE *fingerprint_fp         = NULL; /**< for flow fingerprint export */
 
 /** User preferences **/
+char *addr_dump_path = NULL;
 u_int8_t enable_realtime_output = 0, enable_protocol_guess = NDPI_GIVEUP_GUESS_BY_PORT | NDPI_GIVEUP_GUESS_BY_IP, enable_payload_analyzer = 0, num_bin_clusters = 0, extcap_exit = 0;
 u_int8_t verbose = 0, enable_flow_stats = 0;
 bool do_load_lists = false;
@@ -468,8 +469,8 @@ static void ndpiCheckIPMatch(char *testChar) {
     ndpi_load_protocols_file(ndpi_str, _protoFilePath);
 
   for(i = 0; i < num_cfgs; i++) {
-    rc = ndpi_set_config(ndpi_str,
-			 cfgs[i].proto, cfgs[i].param, cfgs[i].value);
+    rc = ndpi_set_config(ndpi_str, cfgs[i].proto, cfgs[i].param, cfgs[i].value);
+    
     if (rc != NDPI_CFG_OK) {
       fprintf(stderr, "Error setting config [%s][%s][%s]: %s (%d)\n",
 	      (cfgs[i].proto != NULL ? cfgs[i].proto : ""),
@@ -623,7 +624,7 @@ static void help(u_int long_help) {
 #endif
          "[-f <filter>][-s <duration>][-m <duration>][-b <num bin clusters>]\n"
          "          [-p <protos>][-l <loops> [-q][-d][-h][-H][-D][-e <len>][-E <path>][-t][-v <level>]\n"
-         "          [-n <threads>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n"
+         "          [-n <threads>][-N <path>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n"
          "          [-r <file>][-R][-j <file>][-S <file>][-T <num>][-U <num>] [-x <domain>]\n"
          "          [-a <mode>][-B proto_list]\n\n"
          "Usage:\n"
@@ -636,6 +637,7 @@ static void help(u_int long_help) {
          "  -l <num loops>            | Number of detection loops (test only)\n"
          "  -n <num threads>          | Number of threads. Default: number of interfaces in -i.\n"
          "                            | Ignored with pcap files.\n"
+	 "  -N <path>                 | Address cache dump/restore pathxo.\n"
          "  -b <num bin clusters>     | Number of bin clusters\n"
          "  -k <file>                 | Specify a file to write serialized detection results\n"
          "  -K <format>               | Specify the serialization format for `-k'\n"
@@ -781,6 +783,7 @@ static struct option longopts[] = {
   { "load-categories", required_argument, NULL, 'G'},
   { "loops", required_argument, NULL, 'l'},
   { "num-threads", required_argument, NULL, 'n'},
+  { "address-cache-dump", required_argument, NULL, 'N'},
   { "ignore-vlanid", no_argument, NULL, 'I'},
 
   { "protos", required_argument, NULL, 'p'},
@@ -1094,7 +1097,7 @@ static void parseOptions(int argc, char **argv) {
 #endif
 
   while((opt = getopt_long(argc, argv,
-			   "a:Ab:B:e:E:c:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:Rs:tu:v:V:n:rp:x:X:w:q0123:456:7:89:m:MT:U:",
+			   "a:Ab:B:e:E:c:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:Rs:tu:v:V:n:rp:x:X:w:q0123:456:7:89:m:MN:T:U:",
                            longopts, &option_idx)) != EOF) {
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : "");
@@ -1191,6 +1194,10 @@ static void parseOptions(int argc, char **argv) {
       num_threads = atoi(optarg);
       break;
 
+    case 'N':
+      addr_dump_path = optarg;
+      break;
+
     case 'p':
       _protoFilePath = optarg;
       break;
@@ -2901,8 +2908,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle,
 
   memset(&ndpi_thread_info[thread_id], 0, sizeof(ndpi_thread_info[thread_id]));
   ndpi_thread_info[thread_id].workflow = ndpi_workflow_init(&prefs, pcap_handle, 1,
-                                                            serialization_format,
-							    g_ctx);
+                                                            serialization_format, g_ctx);
 
   /* Protocols to enable/disable. Default: everything is enabled */
   NDPI_BITMASK_SET_ALL(enabled_bitmask);
@@ -2970,6 +2976,9 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle,
   if(enable_doh_dot_detection)
     ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "tls", "application_blocks_tracking", "enable");
 
+  if(addr_dump_path != NULL)
+    ndpi_cache_address_restore(ndpi_thread_info[thread_id].workflow->ndpi_struct, addr_dump_path, 0);  
+  
   ret = ndpi_finalize_initialization(ndpi_thread_info[thread_id].workflow->ndpi_struct);
   if(ret != 0) {
     fprintf(stderr, "Error ndpi_finalize_initialization: %d\n", ret);
diff --git a/example/reader_util.c b/example/reader_util.c
index 5ddb9f000..8ed32cad4 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -80,7 +80,7 @@ extern u_int8_t verbose, human_readeable_string_len;
 extern u_int8_t max_num_udp_dissected_pkts /* 24 */, max_num_tcp_dissected_pkts /* 80 */;
 static u_int32_t flow_id = 0;
 extern FILE *fingerprint_fp;
-
+extern char *addr_dump_path;
 u_int8_t enable_doh_dot_detection = 0;
 extern bool do_load_lists;
 extern int malloc_size_stats;
@@ -404,6 +404,7 @@ int parse_proto_name_list(char *str, NDPI_PROTOCOL_BITMASK *bitmask, int inverte
     else
       NDPI_BITMASK_DEL(*bitmask,proto);
   }
+
   ndpi_exit_detection_module(module);
   return 0;
 }
@@ -456,6 +457,7 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref
 
   if(do_init_flows_root) {
     workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *));
+
     if(!workflow->ndpi_flows_root) {
       ndpi_exit_detection_module(module);
       ndpi_free(workflow);
@@ -592,6 +594,9 @@ void ndpi_workflow_free(struct ndpi_workflow * workflow) {
   for(i=0; i<workflow->prefs.num_roots; i++)
     ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer);
 
+  if(addr_dump_path != NULL)
+    ndpi_cache_address_dump(workflow->ndpi_struct, addr_dump_path, 0);
+  
   ndpi_exit_detection_module(workflow->ndpi_struct);
   ndpi_free(workflow->ndpi_flows_root);
   ndpi_free(workflow);
@@ -2020,6 +2025,11 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
   *flow_risk = 0 /* NDPI_NO_RISK */;
   *flow = NULL;
 
+  if((addr_dump_path != NULL) && (workflow->stats.raw_packet_count == 0)) {
+    /* At the first packet flush expired cached addresses */
+    ndpi_cache_address_flush_expired(workflow->ndpi_struct, header->ts.tv_sec);
+  }
+  
   /* Increment raw packet counter */
   workflow->stats.raw_packet_count++;
author	Luca Deri <deri@ntop.org>	2024-10-10 18:10:03 +0200
committer	Luca Deri <deri@ntop.org>	2024-10-10 18:10:03 +0200
commit	2e5edd2cc956b420f6b9e2a2ffec7d435694a69a (patch)
tree	51cafc72126996a24cb821ba5050ca6a9081f5e8 /example
parent	b9348e9d6e0e754c4b17661c643ca258f1540ca1 (diff)