Added ndpi_get_flow_error_code() API call

Fixed typo
author: Luca Deri <deri@ntop.org> 2022-05-02 10:51:08 +0200
committer: Luca Deri <deri@ntop.org> 2022-05-02 10:51:08 +0200
commit: c8f72ef76471cf038bb55ef48179c4795ff638fa (patch)
tree: a1b404ee71e6e9d9369f198ab02116bce4ae4b40 /src
parent: 02d0b5fe13a49ca06179f089e2bf82dedd3043f0 (diff)
5 files changed, 64 insertions, 26 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 9ad9bd7c2..c350159f0 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -99,6 +99,15 @@ extern "C" {
 			      u_int match_len, u_int32_t *num);
 
   /**
+   * Return the protocol error code of a given flow
+   *
+   * @par    flow    = the flow to analyze
+   * @return the error code or 0 otherwise
+   *                        
+   */
+  u_int32_t ndpi_get_flow_error_code(struct ndpi_flow_struct *flow);
+  
+  /**
    * nDPI personal allocation and free functions
    **/
   void * ndpi_malloc(size_t size);
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 124347fb0..2644a73df 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1300,6 +1300,12 @@ struct ndpi_flow_struct {
       char fingerprint[48];
       char class_ident[48];
     } dhcp;
+
+    struct {
+      u_int8_t version;   /* 0 = SNMPv1, 1 = SNMPv2c, 3 = SNMPv3 */
+      u_int8_t primitive; /* GET, SET... */
+      u_int8_t error_status;
+    } snmp;
   } protos;
 
   /*** ALL protocol specific 64 bit variables here ***/
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 63a5cec89..ea148f117 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -113,7 +113,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
   { NDPI_TLS_SELFSIGNED_CERTIFICATE,            NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
   { NDPI_TLS_OBSOLETE_VERSION,                  NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
   { NDPI_TLS_WEAK_CIPHER,                       NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
-  { NDPI_TLS_CERTIFICATE_EXPIRED,               NDPI_RISK_HIGH,   CLIENT_FAIR_RISK_PERCENTAGE },
+  { NDPI_TLS_CERTIFICATE_EXPIRED,               NDPI_RISK_HIGH,   CLIENT_LOW_RISK_PERCENTAGE  },
   { NDPI_TLS_CERTIFICATE_MISMATCH,              NDPI_RISK_HIGH,   CLIENT_FAIR_RISK_PERCENTAGE },
   { NDPI_HTTP_SUSPICIOUS_USER_AGENT,            NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
   { NDPI_HTTP_NUMERIC_IP_HOST,                  NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE },
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index b9ffeb72f..2ecb5f0de 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -856,34 +856,30 @@ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_st
 /* ********************************** */
 
 static const char* ndpi_get_flow_info_by_proto_id(struct ndpi_flow_struct const * const flow,
-                                                  u_int16_t proto_id)
-{
-  switch (proto_id)
-  {
-    case NDPI_PROTOCOL_DNS:
-    case NDPI_PROTOCOL_HTTP:
-        return flow->host_server_name;
-    case NDPI_PROTOCOL_QUIC:
-    case NDPI_PROTOCOL_TLS:
-        if (flow->protos.tls_quic.hello_processed != 0)
-        {
-          return flow->host_server_name;
-        }
-        break;
+                                                  u_int16_t proto_id) {
+  switch (proto_id) {
+  case NDPI_PROTOCOL_DNS:
+  case NDPI_PROTOCOL_HTTP:
+    return flow->host_server_name;
+    
+  case NDPI_PROTOCOL_QUIC:
+  case NDPI_PROTOCOL_TLS:
+    if (flow->protos.tls_quic.hello_processed != 0)
+      return flow->host_server_name;        
+    break;
   }
-
+  
   return NULL;
 }
 
+/* ********************************** */
+
 const char* ndpi_get_flow_info(struct ndpi_flow_struct const * const flow,
-                               ndpi_protocol const * const l7_protocol)
-{
+                               ndpi_protocol const * const l7_protocol) {
   char const * const app_protocol_info = ndpi_get_flow_info_by_proto_id(flow, l7_protocol->app_protocol);
 
-  if (app_protocol_info != NULL)
-  {
-    return app_protocol_info;
-  }
+  if (app_protocol_info != NULL)  
+    return app_protocol_info;  
 
   return ndpi_get_flow_info_by_proto_id(flow, l7_protocol->master_protocol);
 }
@@ -1788,7 +1784,7 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
     return("Weak TLS Cipher");
 
   case NDPI_TLS_CERTIFICATE_EXPIRED:
-    return("TLS Cert Expire");
+    return("TLS Cert Expired");
 
   case NDPI_TLS_CERTIFICATE_MISMATCH:
     return("TLS Cert Mismatch");
@@ -2436,6 +2432,23 @@ void ndpi_set_tls_cert_expire_days(struct ndpi_detection_module_struct *ndpi_str
 
 /* ******************************************* */
 
+u_int32_t ndpi_get_flow_error_code(struct ndpi_flow_struct *flow) {
+  switch(flow->detected_protocol_stack[0] /* app_protocol */) {
+  case NDPI_PROTOCOL_DNS:
+    return(flow->protos.dns.reply_code);
+
+  case NDPI_PROTOCOL_HTTP:
+    return(flow->http.response_status_code);
+ 
+  case NDPI_PROTOCOL_SNMP:
+    return(flow->protos.snmp.error_status);
+ }
+
+  return(0);
+}
+
+/* ******************************************* */
+
 int ndpi_vsnprintf(char * str, size_t size, char const * format, va_list va_args)
 {
 #ifdef WIN32
@@ -2457,6 +2470,8 @@ int ndpi_vsnprintf(char * str, size_t size, char const * format, va_list va_args
 #endif
 }
 
+/* ******************************************* */
+
 int ndpi_snprintf(char * str, size_t size, char const * format, ...)
 {
   va_list va_args;
@@ -2466,3 +2481,4 @@ int ndpi_snprintf(char * str, size_t size, char const * format, ...)
   va_end(va_args);
   return ret;
 }
+
diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c
index c4c2b95b9..07d5ce35f 100644
--- a/src/lib/protocols/snmp_proto.c
+++ b/src/lib/protocols/snmp_proto.c
@@ -97,11 +97,13 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
 
     len = get_int(&packet->payload[1], packet->payload_packet_len - 1, &len_length);
 
+    flow->protos.snmp.version = packet->payload[1 + len_length + 2];
+    
     if(len > 2 &&
        1 + len_length + len == packet->payload_packet_len &&
-       (packet->payload[1 + len_length + 2] == 0 /* SNMPv1 */ ||
-        packet->payload[1 + len_length + 2] == 1 /* SNMPv2c */ ||
-        packet->payload[1 + len_length + 2] == 3 /* SNMPv3 */)) {
+       ((flow->protos.snmp.version == 0 /* SNMPv1 */) ||
+        (flow->protos.snmp.version == 1 /* SNMPv2c */) ||
+        (flow->protos.snmp.version == 3 /* SNMPv3 */))) {
 
       if(flow->extra_packets_func == NULL) {
         ndpi_int_snmp_add_connection(ndpi_struct, flow);
@@ -125,6 +127,8 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
         if(snmp_primitive_offset < packet->payload_packet_len) {
           u_int8_t snmp_primitive = packet->payload[snmp_primitive_offset] & 0xF;
 
+	  flow->protos.snmp.primitive = snmp_primitive;
+	  
           if(snmp_primitive == 2 /* Get Response */ &&
              snmp_primitive_offset + 1 < packet->payload_packet_len) {
             offset = snmp_primitive_offset + 1;
@@ -145,6 +149,8 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
 
                 flow->extra_packets_func = NULL; /* We're good now */
 
+		flow->protos.snmp.error_status = error_status;
+		
                 if(error_status != 0)
                   ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED);
               }
@@ -152,6 +158,7 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
           }
         }
       }
+
       return;
     }
   }
author	Luca Deri <deri@ntop.org>	2022-05-02 10:51:08 +0200
committer	Luca Deri <deri@ntop.org>	2022-05-02 10:51:08 +0200
commit	c8f72ef76471cf038bb55ef48179c4795ff638fa (patch)
tree	a1b404ee71e6e9d9369f198ab02116bce4ae4b40 /src
parent	02d0b5fe13a49ca06179f089e2bf82dedd3043f0 (diff)