diff options
| author | Toni <matzeton@googlemail.com> | 2022-02-25 14:26:04 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-25 14:26:04 +0100 |
| commit | f14dcb8344f1cbb1197cdc4f341a6fe4fdcc0cf6 (patch) | |
| tree | d45f44ec6b5d806e23588acf50c54626bb0959b1 /src/lib/ndpi_utils.c | |
| parent | 34e020ac35a40b9b9440d0064dcd9dcf64fe0cbe (diff) | |
Provide some API functions for convenience. (#1456)
* Extended JSON serializsation: risk, risk score, confidence
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/ndpi_utils.c')
| -rw-r--r-- | src/lib/ndpi_utils.c | 54 |
1 files changed, 49 insertions, 5 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 29cb94695..8cbc2e2df 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1109,7 +1109,7 @@ void ndpi_serialize_risk(ndpi_serializer *serializer, ndpi_risk risk) { u_int32_t i; - if (risk == NDPI_NO_RISK) { + if (risk == 0) { return; } @@ -1117,24 +1117,68 @@ void ndpi_serialize_risk(ndpi_serializer *serializer, for(i = 0; i < NDPI_MAX_RISK; i++) { ndpi_risk_enum r = (ndpi_risk_enum)i; - if(NDPI_ISSET_BIT(risk, r)) - ndpi_serialize_uint32_string(serializer, i, ndpi_risk2str(r)); + if(NDPI_ISSET_BIT(risk, r)) { + ndpi_risk_info const * const risk_info = ndpi_risk2severity(r); + if (risk_info == NULL) + continue; + + ndpi_serialize_start_of_block_uint32(serializer, i); + ndpi_serialize_string_string(serializer, "risk", ndpi_risk2str(risk_info->risk)); + ndpi_serialize_string_string(serializer, "severity", ndpi_severity2str(risk_info->severity)); + ndpi_serialize_risk_score(serializer, r); + ndpi_serialize_end_of_block(serializer); + } } ndpi_serialize_end_of_block(serializer); } - /* ********************************** */ +/* ********************************** */ + +void ndpi_serialize_risk_score(ndpi_serializer *serializer, + ndpi_risk_enum risk) +{ + u_int16_t rs, rs_client = 0, rs_server = 0; + + if (risk == NDPI_NO_RISK) { + return; + } + + ndpi_serialize_start_of_block(serializer, "risk_score"); + rs = ndpi_risk2score(risk, &rs_client, &rs_server); + ndpi_serialize_string_uint32(serializer, "total", rs); + ndpi_serialize_string_uint32(serializer, "client", rs_client); + ndpi_serialize_string_uint32(serializer, "server", rs_server); + ndpi_serialize_end_of_block(serializer); +} + +/* ********************************** */ + +void ndpi_serialize_confidence(ndpi_serializer *serializer, + ndpi_confidence_t confidence) +{ + if (confidence == NDPI_CONFIDENCE_UNKNOWN) { + return; + } + + ndpi_serialize_start_of_block(serializer, "confidence"); + ndpi_serialize_uint32_string(serializer, (u_int32_t)confidence, ndpi_confidence_get_name(confidence)); + ndpi_serialize_end_of_block(serializer); +} + +/* ********************************** */ void ndpi_serialize_proto(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serializer *serializer, ndpi_risk_enum risk, + ndpi_confidence_t confidence, ndpi_protocol l7_protocol) { char buf[64]; ndpi_serialize_start_of_block(serializer, "ndpi"); ndpi_serialize_risk(serializer, risk); + ndpi_serialize_confidence(serializer, confidence); ndpi_serialize_string_string(serializer, "proto", ndpi_protocol2name(ndpi_struct, l7_protocol, buf, sizeof(buf))); ndpi_protocol_breed_t breed = ndpi_get_proto_breed(ndpi_struct, @@ -1156,7 +1200,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, if(flow == NULL) return(-1); - ndpi_serialize_proto(ndpi_struct, serializer, flow->risk, l7_protocol); + ndpi_serialize_proto(ndpi_struct, serializer, flow->risk, flow->confidence, l7_protocol); switch(l7_protocol.master_protocol ? l7_protocol.master_protocol : l7_protocol.app_protocol) { case NDPI_PROTOCOL_IP_ICMP: |