Reworked fingerprint export now in JSON

3 files changed, 50 insertions, 3 deletions

diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index f26e0bdb7..4ed16bf13 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -2307,6 +2307,10 @@ extern "C" {
 
   /* ******************************* */
 
+  bool ndpi_serialize_flow_fingerprint(struct ndpi_flow_struct *flow, ndpi_serializer *serializer);
+  
+  /* ******************************* */
+
   const char *ndpi_lru_cache_idx_to_name(lru_cache_type idx);
 
   /**
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 77305eb15..012c49baa 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -3602,3 +3602,46 @@ u_int ndpi_encode_domain(struct ndpi_detection_module_struct *ndpi_str,
 
   return(out_idx);
 }
+
+/* ****************************************************** */
+
+static u_int8_t is_ndpi_proto(struct ndpi_flow_struct *flow, u_int16_t id) {
+  if((flow->detected_protocol_stack[0] == id)
+     || (flow->detected_protocol_stack[1] == id))
+    return(1);
+  else
+    return(0);
+}
+
+/* ****************************************************** */
+
+bool ndpi_serialize_flow_fingerprint(struct ndpi_flow_struct *flow, ndpi_serializer *serializer) {
+  if(is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) || is_ndpi_proto(flow, NDPI_PROTOCOL_QUIC)) {
+    if((flow->protos.tls_quic.ja4_client_raw != NULL)
+       || (flow->protos.tls_quic.ja4_client[0] != '\0')) {
+
+      if(flow->protos.tls_quic.ja4_client_raw != NULL)
+	ndpi_serialize_string_string(serializer, "JA4r", flow->protos.tls_quic.ja4_client_raw);
+      
+      ndpi_serialize_string_string(serializer, "JA4", flow->protos.tls_quic.ja4_client);
+      return(true);
+    }
+  } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP)
+	    && (flow->protos.dhcp.fingerprint[0] != '\0')) {
+    ndpi_serialize_string_string(serializer, "options", flow->protos.dhcp.options);
+    ndpi_serialize_string_string(serializer, "fingerprint", flow->protos.dhcp.fingerprint);
+    
+    return(true);
+  } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SSH)
+	    && (flow->protos.ssh.hassh_client[0] != '\0')) {
+
+    ndpi_serialize_string_string(serializer, "hassh_client", flow->protos.ssh.hassh_client);
+    ndpi_serialize_string_string(serializer, "client_signature", flow->protos.ssh.client_signature);
+    ndpi_serialize_string_string(serializer, "hassh_server", flow->protos.ssh.hassh_server);
+    ndpi_serialize_string_string(serializer, "server_signature", flow->protos.ssh.server_signature);
+    
+    return(true);
+  }
+
+  return(false);
+}
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 7eb89c648..b558df504 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1,7 +1,7 @@
 /*
  * tls.c - TLS/TLS/DTLS dissector
  *
- * Copyright (C) 2016-22 - ntop.org
+ * Copyright (C) 2016-24 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -29,7 +29,7 @@
 #include "ndpi_encryption.h"
 #include "ndpi_private.h"
 
-/* #define JA4R_DECIMAL 1 */
+#define JA4R_DECIMAL 1 
 
 static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_struct,
 				    struct ndpi_flow_struct *flow);
@@ -1801,7 +1801,7 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
 #endif
 
 #ifdef JA4R_DECIMAL
-  rc = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, " ");
+  rc = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, "_");
   if(rc > 0) ja4_r_len += rc;
 #endif