Provide some API functions for convenience.improved/serialization-and-api-helper

 * Extended JSON serializsation: risk, risk score, confidence

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

3 files changed, 85 insertions, 5 deletions

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 37d73172c..c0a871cc5 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6490,6 +6490,27 @@ u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi
 
 /* ********************************************************************************* */
 
+u_int16_t ndpi_get_flow_appprotocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) {
+  return(flow->detected_protocol_stack[0]);
+}
+
+/* ********************************************************************************* */
+
+ndpi_protocol_category_t ndpi_get_flow_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow)
+{
+  return(flow->category);
+}
+
+void ndpi_get_flow_ndpi_proto(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
+                struct ndpi_proto * ndpi_proto)
+{
+  ndpi_proto->master_protocol = ndpi_get_flow_masterprotocol(ndpi_str, flow);
+  ndpi_proto->app_protocol = ndpi_get_flow_appprotocol(ndpi_str, flow);
+  ndpi_proto->category = ndpi_get_flow_category(ndpi_str, flow);
+}
+
+/* ********************************************************************************* */
+
 static void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
 					  u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol,
 					  ndpi_confidence_t confidence) {
diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index 1699644a4..76c764405 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -1983,6 +1983,21 @@ int ndpi_serialize_start_of_block(ndpi_serializer *_serializer,
 
 /* ********************************** */
 
+/* Serialize start of nested block with a numeric key */
+int ndpi_serialize_start_of_block_uint32(ndpi_serializer *_serializer, u_int32_t key) {
+  char buf[11];
+  int written = snprintf(buf, sizeof(buf), "%u", key);
+
+  if (written <= 0 || written == sizeof(buf))
+  {
+    return(-1);
+  }
+
+  return(ndpi_serialize_start_of_block_binary(_serializer, buf, written));
+}
+
+/* ********************************** */
+
 /* Serialize end of nested block (JSON only)*/
 int ndpi_serialize_end_of_block(ndpi_serializer *_serializer) {
   ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer;
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 29cb94695..8cbc2e2df 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1109,7 +1109,7 @@ void ndpi_serialize_risk(ndpi_serializer *serializer,
                          ndpi_risk risk) {
   u_int32_t i;
 
-  if (risk == NDPI_NO_RISK) {
+  if (risk == 0) {
     return;
   }
 
@@ -1117,24 +1117,68 @@ void ndpi_serialize_risk(ndpi_serializer *serializer,
   for(i = 0; i < NDPI_MAX_RISK; i++) {
     ndpi_risk_enum r = (ndpi_risk_enum)i;
 
-    if(NDPI_ISSET_BIT(risk, r))
-      ndpi_serialize_uint32_string(serializer, i, ndpi_risk2str(r));
+    if(NDPI_ISSET_BIT(risk, r)) {
+      ndpi_risk_info const * const risk_info = ndpi_risk2severity(r);
+      if (risk_info == NULL)
+        continue;
+
+      ndpi_serialize_start_of_block_uint32(serializer, i);
+      ndpi_serialize_string_string(serializer, "risk", ndpi_risk2str(risk_info->risk));
+      ndpi_serialize_string_string(serializer, "severity", ndpi_severity2str(risk_info->severity));
+      ndpi_serialize_risk_score(serializer, r);
+      ndpi_serialize_end_of_block(serializer);
+    }
   }
 
   ndpi_serialize_end_of_block(serializer);
 }
 
- /* ********************************** */
+/* ********************************** */
+
+void ndpi_serialize_risk_score(ndpi_serializer *serializer,
+                               ndpi_risk_enum risk)
+{
+  u_int16_t rs, rs_client = 0, rs_server = 0;
+
+  if (risk == NDPI_NO_RISK) {
+    return;
+  }
+
+  ndpi_serialize_start_of_block(serializer, "risk_score");
+  rs = ndpi_risk2score(risk, &rs_client, &rs_server);
+  ndpi_serialize_string_uint32(serializer, "total", rs);
+  ndpi_serialize_string_uint32(serializer, "client", rs_client);
+  ndpi_serialize_string_uint32(serializer, "server", rs_server);
+  ndpi_serialize_end_of_block(serializer);
+}
+
+/* ********************************** */
+
+void ndpi_serialize_confidence(ndpi_serializer *serializer,
+                               ndpi_confidence_t confidence)
+{
+  if (confidence == NDPI_CONFIDENCE_UNKNOWN) {
+    return;
+  }
+
+  ndpi_serialize_start_of_block(serializer, "confidence");
+  ndpi_serialize_uint32_string(serializer, (u_int32_t)confidence, ndpi_confidence_get_name(confidence));
+  ndpi_serialize_end_of_block(serializer);
+}
+
+/* ********************************** */
 
 void ndpi_serialize_proto(struct ndpi_detection_module_struct *ndpi_struct,
                           ndpi_serializer *serializer,
                           ndpi_risk_enum risk,
+                          ndpi_confidence_t confidence,
                           ndpi_protocol l7_protocol)
 {
   char buf[64];
 
   ndpi_serialize_start_of_block(serializer, "ndpi");
   ndpi_serialize_risk(serializer, risk);
+  ndpi_serialize_confidence(serializer, confidence);
   ndpi_serialize_string_string(serializer, "proto", ndpi_protocol2name(ndpi_struct, l7_protocol, buf, sizeof(buf)));
   ndpi_protocol_breed_t breed =
     ndpi_get_proto_breed(ndpi_struct,
@@ -1156,7 +1200,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
 
   if(flow == NULL) return(-1);
 
-  ndpi_serialize_proto(ndpi_struct, serializer, flow->risk, l7_protocol);
+  ndpi_serialize_proto(ndpi_struct, serializer, flow->risk, flow->confidence, l7_protocol);
 
   switch(l7_protocol.master_protocol ? l7_protocol.master_protocol : l7_protocol.app_protocol) {
   case NDPI_PROTOCOL_IP_ICMP: