diff options
| author | Luca Deri <deri@ntop.org> | 2019-07-18 11:24:44 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-07-18 11:24:44 +0200 |
| commit | 20bac32e1fa07489340b27367f31a3fcc74ca152 (patch) | |
| tree | dbd74ed0bbaaf93fa4d9426288a4be145c7d3be8 /src | |
| parent | f394102b80cad1c47e4cb3bb521d4ae1857498f0 (diff) | |
Improvements for dta dissection
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 45 |
2 files changed, 36 insertions, 13 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index f2b03774f..d5cc9ad15 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -812,7 +812,9 @@ extern "C" { u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_struct, - char *buffer, u_int buffer_size); + char *buffer, u_int buffer_size, + u_int8_t min_string_match_len, /* Will return 0 if no string > min_string_match_len have been found */ + char *outbuf, u_int outbuf_len); char* ndpi_ssl_version2str(u_int16_t version); /* Serializer */ diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 02876d6f1..55c626c27 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -608,16 +608,21 @@ const char* ndpi_cipher2str(u_int32_t cipher) { static int ndpi_is_other_char(char c) { return((c == '.') + || (c == ' ') || (c == '@') + || (c == '/') ); } /* ******************************************************************** */ static int ndpi_is_valid_char(char c) { - return(isdigit(c) - || isalpha(c) - || ndpi_is_other_char(c)); + if(ispunct(c) && (!ndpi_is_other_char(c))) + return(0); + else + return(isdigit(c) + || isalpha(c) + || ndpi_is_other_char(c)); } /* ******************************************************************** */ @@ -628,11 +633,11 @@ static int ndpi_find_non_eng_bigrams(struct ndpi_detection_module_struct *ndpi_s char s[3]; if((isdigit(str[0]) && isdigit(str[1])) - || (ndpi_is_other_char(str[0]) || ndpi_is_other_char(str[1])) - || (ndpi_is_other_char(str[0]) || ndpi_is_other_char(str[1])) + || ndpi_is_other_char(str[0]) + || ndpi_is_other_char(str[1]) ) return(1); - + s[0] = tolower(str[0]), s[1] = tolower(str[1]), s[2] = '\0'; return(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, s)); @@ -643,13 +648,17 @@ static int ndpi_find_non_eng_bigrams(struct ndpi_detection_module_struct *ndpi_s /* #define PRINT_STRINGS 1 */ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_struct, - char *buffer, u_int buffer_size) { - u_int ret = 0, i = 0, do_cr = 0, len = 0; - const u_int8_t NDPI_MIN_VALID_STRING_LEN = 4; /* Will return 0 if no string > NDPI_MIN_VALID_STRING_LEN have been found */ + char *buffer, u_int buffer_size, + u_int8_t min_string_match_len, + char *outbuf, u_int outbuf_len) { + u_int ret = 0, i = 0, do_cr = 0, len = 0, o_idx = 0, being_o_idx = 0; if(buffer_size <= 0) return(0); + outbuf_len--; + outbuf[outbuf_len] = '\0'; + for(i=0; i<buffer_size-2; i++) { if(ndpi_is_valid_char(buffer[i]) && ndpi_is_valid_char(buffer[i+1]) @@ -657,23 +666,35 @@ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_st #ifdef PRINT_STRINGS printf("%c%c", buffer[i], buffer[i+1]); #endif + if(o_idx < outbuf_len) outbuf[o_idx++] = buffer[i]; + if(o_idx < outbuf_len) outbuf[o_idx++] = buffer[i+1]; do_cr = 1, i += 1, len += 2; } else { if(ndpi_is_valid_char(buffer[i]) && do_cr) { #ifdef PRINT_STRINGS printf("%c", buffer[i]); #endif + if(o_idx < outbuf_len) outbuf[o_idx++] = buffer[i]; len += 1; } // printf("->> %c%c\n", isprint(buffer[i]) ? buffer[i] : '.', isprint(buffer[i+1]) ? buffer[i+1] : '.'); if(do_cr) { + if(len > min_string_match_len) + ret = 1; + else { + o_idx = being_o_idx; + being_o_idx = o_idx; + outbuf[o_idx] = '\0'; + } + #ifdef PRINT_STRINGS - printf(" [len: %u]\n", len); + printf(" [len: %u]%s\n", len, ret ? "<-- HIT" : ""); #endif - if(len > NDPI_MIN_VALID_STRING_LEN) - ret = 1; + if(ret) + break; + do_cr = 0, len = 0; } } |