diff options
| author | mmanoj <manoj_ws@yahoo.com> | 2024-07-22 15:04:07 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-22 11:34:07 +0200 |
| commit | 67f5cdafc0a704275d5f51a86b6a01fa36a69389 (patch) | |
| tree | c4531f3ef566b33f0c51c9cb73d82ec6a1bd4f64 /src/include | |
| parent | 2a3f4dc8b400e078b7fd2ec0f802200dfece8c94 (diff) | |
FPC: add DNS correlation (#2497)
Use DNS information to get a better First Packet Classification.
See: #2322
---------
Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_private.h | 14 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 4 |
2 files changed, 16 insertions, 2 deletions
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 3a43e644b..161a3f1e5 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -168,6 +168,9 @@ struct ndpi_global_context { /* NDPI_PROTOCOL_MSTEAMS */ struct ndpi_lru_cache *msteams_global_cache; + + /* FPC DNS cache */ + struct ndpi_lru_cache *fpc_dns_global_cache; }; #define CFG_MAX_LEN 256 @@ -220,7 +223,10 @@ struct ndpi_detection_module_config_struct { int msteams_cache_num_entries; int msteams_cache_ttl; int msteams_cache_scope; - + int fpc_dns_cache_num_entries; + int fpc_dns_cache_ttl; + int fpc_dns_cache_scope; + /* Protocols */ int tls_certificate_expire_in_x_days; @@ -361,6 +367,9 @@ struct ndpi_detection_module_struct { /* NDPI_PROTOCOL_MSTEAMS */ struct ndpi_lru_cache *msteams_cache; + + /* FPC DNS cache */ + struct ndpi_lru_cache *fpc_dns_cache; /* *** If you add a new LRU cache, please update lru_cache_type above! *** */ @@ -604,6 +613,9 @@ int load_config_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) int load_category_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd, ndpi_protocol_category_t category_id); +u_int64_t fpc_dns_cache_key_from_dns_info(struct ndpi_flow_struct *flow); + + /* TLS */ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t quic_version); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 6a4478af6..cbdc8c2b4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -747,6 +747,7 @@ typedef enum { NDPI_LRUCACHE_TLS_CERT, NDPI_LRUCACHE_MINING, NDPI_LRUCACHE_MSTEAMS, + NDPI_LRUCACHE_FPC_DNS, /* FPC DNS cache */ NDPI_LRUCACHE_MAX /* Last one! */ } lru_cache_type; @@ -1316,7 +1317,8 @@ struct ndpi_flow_struct { union { /* the only fields useful for nDPI and ntopng */ struct { - u_int8_t num_queries, num_answers, reply_code, is_query; + u_int8_t num_queries, num_answers, reply_code; + u_int8_t is_query:1, is_rsp_addr_ipv6:1, pad:6; u_int16_t query_type, query_class, rsp_type, edns0_udp_payload_size; ndpi_ip_addr_t rsp_addr; /* The first address in a DNS response packet (A and AAAA) */ char geolocation_iata_code[4]; |