diff options
| author | Luca <deri@ntop.org> | 2024-09-16 09:21:17 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2024-09-16 09:21:17 +0200 |
| commit | 6de91c78955a0d85d97518c273366bd9d6ede5de (patch) | |
| tree | 841b625835620e2f0f6859a8545c09c542607842 /src/lib/ndpi_utils.c | |
| parent | b77d3e3ab6d216cda9a092794a5fb8b1eac86fe6 (diff) | |
Reworked fingerprint export now in JSON
Diffstat (limited to 'src/lib/ndpi_utils.c')
| -rw-r--r-- | src/lib/ndpi_utils.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 77305eb15..012c49baa 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -3602,3 +3602,46 @@ u_int ndpi_encode_domain(struct ndpi_detection_module_struct *ndpi_str, return(out_idx); } + +/* ****************************************************** */ + +static u_int8_t is_ndpi_proto(struct ndpi_flow_struct *flow, u_int16_t id) { + if((flow->detected_protocol_stack[0] == id) + || (flow->detected_protocol_stack[1] == id)) + return(1); + else + return(0); +} + +/* ****************************************************** */ + +bool ndpi_serialize_flow_fingerprint(struct ndpi_flow_struct *flow, ndpi_serializer *serializer) { + if(is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) || is_ndpi_proto(flow, NDPI_PROTOCOL_QUIC)) { + if((flow->protos.tls_quic.ja4_client_raw != NULL) + || (flow->protos.tls_quic.ja4_client[0] != '\0')) { + + if(flow->protos.tls_quic.ja4_client_raw != NULL) + ndpi_serialize_string_string(serializer, "JA4r", flow->protos.tls_quic.ja4_client_raw); + + ndpi_serialize_string_string(serializer, "JA4", flow->protos.tls_quic.ja4_client); + return(true); + } + } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP) + && (flow->protos.dhcp.fingerprint[0] != '\0')) { + ndpi_serialize_string_string(serializer, "options", flow->protos.dhcp.options); + ndpi_serialize_string_string(serializer, "fingerprint", flow->protos.dhcp.fingerprint); + + return(true); + } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) + && (flow->protos.ssh.hassh_client[0] != '\0')) { + + ndpi_serialize_string_string(serializer, "hassh_client", flow->protos.ssh.hassh_client); + ndpi_serialize_string_string(serializer, "client_signature", flow->protos.ssh.client_signature); + ndpi_serialize_string_string(serializer, "hassh_server", flow->protos.ssh.hassh_server); + ndpi_serialize_string_string(serializer, "server_signature", flow->protos.ssh.server_signature); + + return(true); + } + + return(false); +} |