diff options
| -rw-r--r-- | example/ndpiReader.c | 5 | ||||
| -rw-r--r-- | example/reader_util.c | 10 | ||||
| -rw-r--r-- | example/reader_util.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 7 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 4 |
5 files changed, 22 insertions, 5 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index f70ebd785..d7c5630ef 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -602,7 +602,7 @@ void printCSVHeader() { /* Flow info */ fprintf(csv_fp, "client_info,server_info,"); fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); - fprintf(csv_fp, "tls_server_info,ja3s,tls_server_unsafe,"); + fprintf(csv_fp, "ja3s,tls_server_unsafe,"); fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh"); fprintf(csv_fp, "\n"); } @@ -1028,7 +1028,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(csv_fp != NULL) { float data_ratio = ndpi_data_ratio(flow->src2dst_bytes, flow->dst2src_bytes); - float f = (float)flow->first_seen, l = (float)flow->last_seen; + double f = (double)flow->first_seen, l = (double)flow->last_seen; /* PLEASE KEEP IN SYNC WITH printCSVHeader() */ @@ -1805,6 +1805,7 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, undetected_flows_deleted = 1; ndpi_free_flow_info_half(flow); + ndpi_free_flow_data_analysis(flow); ndpi_thread_info[thread_id].workflow->stats.ndpi_flow_count--; /* adding to a queue (we can't delete it from the tree inline ) */ diff --git a/example/reader_util.c b/example/reader_util.c index 44e02616e..d72a494fa 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -457,6 +457,14 @@ void ndpi_flow_info_freer(void *node) { ndpi_free_flow_info_half(flow); + ndpi_free_flow_data_analysis(flow); + + ndpi_free(flow); +} + +/* ***************************************************** */ + +void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow) { if(flow->iat_c_to_s) ndpi_free_data_analysis(flow->iat_c_to_s); if(flow->iat_s_to_c) ndpi_free_data_analysis(flow->iat_s_to_c); @@ -464,8 +472,6 @@ void ndpi_flow_info_freer(void *node) { if(flow->pktlen_s_to_c) ndpi_free_data_analysis(flow->pktlen_s_to_c); if(flow->iat_flow) ndpi_free_data_analysis(flow->iat_flow); - - ndpi_free(flow); } /* ***************************************************** */ diff --git a/example/reader_util.h b/example/reader_util.h index 93df6b03a..1b9b6babd 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -303,6 +303,7 @@ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); u_int32_t ethernet_crc32(const void* data, size_t n_bytes); void ndpi_flow_info_freer(void *node); +void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow); const char* print_cipher_id(u_int32_t cipher); float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ebf0fbc1b..a3c19dedc 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -979,6 +979,8 @@ static ndpi_network host_protocol_list[] = { { 0x4237DF00 /* 65.55.223.0 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, { 0x34724A05 /* 52.114.74.5 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x14B40000 /* 20.180.0.0 */, 14, NDPI_PROTOCOL_SKYPE }, + { 0x14B80000 /* 20.184.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, /* Blizzard Entertainment, Inc @@ -8897,6 +8899,7 @@ static ndpi_protocol_match host_match[] = { { "ttvnw.net", NULL, "ttvnw" TLD, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, { "static-cdn.jtvnw.net", NULL, "static-cdn\\.jtvnw" TLD, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", NULL, "www-cdn\\.jtvnw" TLD, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, + { "twitch.tv", NULL, "twitch\\.tv$", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, { ".qq.com", NULL, "\\.qq" TLD, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", NULL, "\\.gtimg" TLD, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, @@ -9040,6 +9043,7 @@ static ndpi_protocol_match host_match[] = { { "tupdate.com", NULL, "tupdate" TLD, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".pastebin.com", NULL, "\\.pastebin" TLD, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "pastebin.com", NULL, "^pastebin" TLD, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".ppstream.com", NULL, "\\.ppstream" TLD, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".pps.tv", NULL, "\\.pps\\.tv$", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, @@ -9060,6 +9064,9 @@ static ndpi_protocol_match host_match[] = { { "musical.ly", NULL, "musical\\.ly" TLD, "TikTok", NDPI_PROTOCOL_TIKTOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "muscdn.com", NULL, "muscndl\\.com" TLD, "TikTok", NDPI_PROTOCOL_TIKTOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "brasilbandalarga.com.br", NULL, "brasilbandalarga\\.com" TLD, "EAQ", NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".eaqbr.com.br", NULL, "\\.eaqbr\\.com" TLD, "EAQ", NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { NULL, NULL, NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e71ca668e..6fe1e8065 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5940,9 +5940,11 @@ char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_str, return("Unsafe"); break; case NDPI_PROTOCOL_POTENTIALLY_DANGEROUS: + return("Potentially Dangerous"); + break; + case NDPI_PROTOCOL_DANGEROUS: return("Dangerous"); break; - case NDPI_PROTOCOL_UNRATED: default: return("Unrated"); |