diff options
| -rw-r--r-- | example/ndpiReader.c | 160 | ||||
| -rw-r--r-- | src/include/ndpi_patricia_typedefs.h | 26 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 18 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 64 |
4 files changed, 157 insertions, 111 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d9f4c5fdf..20bc8a91b 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -5089,116 +5089,116 @@ void zscoreUnitTest() { /** @brief MAIN FUNCTION **/ - int main(int argc, char **argv) { - int i, skip_unit_tests = 0; +int main(int argc, char **argv) { + int i, skip_unit_tests = 0; #ifdef DEBUG_TRACE - trace = fopen("/tmp/ndpiReader.log", "a"); + trace = fopen("/tmp/ndpiReader.log", "a"); - if(trace) { - int i; + if(trace) { + int i; - fprintf(trace, " #### %s #### \n", __FUNCTION__); - fprintf(trace, " #### [argc: %u] #### \n", argc); + fprintf(trace, " #### %s #### \n", __FUNCTION__); + fprintf(trace, " #### [argc: %u] #### \n", argc); - for(i=0; i<argc; i++) - fprintf(trace, " #### [%d] [%s]\n", i, argv[i]); - } + for(i=0; i<argc; i++) + fprintf(trace, " #### [%d] [%s]\n", i, argv[i]); + } #endif - if(ndpi_get_api_version() != NDPI_API_VERSION) { - printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); - return(-1); - } + if(ndpi_get_api_version() != NDPI_API_VERSION) { + printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); + return(-1); + } - if(!skip_unit_tests) { + if(!skip_unit_tests) { #ifndef DEBUG_TRACE - /* Skip tests when debugging */ + /* Skip tests when debugging */ #ifdef HW_TEST - hwUnitTest2(); + hwUnitTest2(); #endif #ifdef STRESS_TEST - desUnitStressTest(); - exit(0); + desUnitStressTest(); + exit(0); #endif - zscoreUnitTest(); - sesUnitTest(); - desUnitTest(); - - /* Internal checks */ - // binUnitTest(); - //hwUnitTest(); - jitterUnitTest(); - rsiUnitTest(); - hashUnitTest(); - dgaUnitTest(); - hllUnitTest(); - bitmapUnitTest(); - automataUnitTest(); - analyzeUnitTest(); - ndpi_self_check_host_match(); - analysisUnitTest(); - compressedBitmapUnitTest(); + zscoreUnitTest(); + sesUnitTest(); + desUnitTest(); + + /* Internal checks */ + // binUnitTest(); + //hwUnitTest(); + jitterUnitTest(); + rsiUnitTest(); + hashUnitTest(); + dgaUnitTest(); + hllUnitTest(); + bitmapUnitTest(); + automataUnitTest(); + analyzeUnitTest(); + ndpi_self_check_host_match(); + analysisUnitTest(); + compressedBitmapUnitTest(); #endif - } + } - gettimeofday(&startup_time, NULL); - memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); + gettimeofday(&startup_time, NULL); + memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); - if(getenv("AHO_DEBUG")) - ac_automata_enable_debug(1); - parseOptions(argc, argv); + if(getenv("AHO_DEBUG")) + ac_automata_enable_debug(1); + parseOptions(argc, argv); - ndpi_info_mod = ndpi_init_detection_module(init_prefs); + ndpi_info_mod = ndpi_init_detection_module(init_prefs); - if(ndpi_info_mod == NULL) return -1; + if(ndpi_info_mod == NULL) return -1; - if(domain_to_check) { - ndpiCheckHostStringMatch(domain_to_check); - exit(0); - } + if(domain_to_check) { + ndpiCheckHostStringMatch(domain_to_check); + exit(0); + } - if(!quiet_mode) { - printf("\n-----------------------------------------------------------\n" - "* NOTE: This is demo app to show *some* nDPI features.\n" - "* In this demo we have implemented only some basic features\n" - "* just to show you what you can do with the library. Feel \n" - "* free to extend it and send us the patches for inclusion\n" - "------------------------------------------------------------\n\n"); - - printf("Using nDPI (%s) [%d thread(s)]\n", ndpi_revision(), num_threads); - - const char *gcrypt_ver = ndpi_get_gcrypt_version(); - if(gcrypt_ver) - printf("Using libgcrypt version %s\n", gcrypt_ver); - } + if(!quiet_mode) { + printf("\n-----------------------------------------------------------\n" + "* NOTE: This is demo app to show *some* nDPI features.\n" + "* In this demo we have implemented only some basic features\n" + "* just to show you what you can do with the library. Feel \n" + "* free to extend it and send us the patches for inclusion\n" + "------------------------------------------------------------\n\n"); + + printf("Using nDPI (%s) [%d thread(s)]\n", ndpi_revision(), num_threads); + + const char *gcrypt_ver = ndpi_get_gcrypt_version(); + if(gcrypt_ver) + printf("Using libgcrypt version %s\n", gcrypt_ver); + } - signal(SIGINT, sigproc); + signal(SIGINT, sigproc); - for(i=0; i<num_loops; i++) - test_lib(); + for(i=0; i<num_loops; i++) + test_lib(); - if(results_path) ndpi_free(results_path); - if(results_file) fclose(results_file); - if(extcap_dumper) pcap_dump_close(extcap_dumper); - if(extcap_fifo_h) pcap_close(extcap_fifo_h); - if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod); - if(enable_malloc_bins) - ndpi_free_bin(&malloc_bins); - if(csv_fp) fclose(csv_fp); - ndpi_free(_debug_protocols); - ndpi_free(_disabled_protocols); + if(results_path) ndpi_free(results_path); + if(results_file) fclose(results_file); + if(extcap_dumper) pcap_dump_close(extcap_dumper); + if(extcap_fifo_h) pcap_close(extcap_fifo_h); + if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod); + if(enable_malloc_bins) + ndpi_free_bin(&malloc_bins); + if(csv_fp) fclose(csv_fp); + ndpi_free(_debug_protocols); + ndpi_free(_disabled_protocols); #ifdef DEBUG_TRACE - if(trace) fclose(trace); + if(trace) fclose(trace); #endif - - return 0; - } + + return 0; +} #ifdef _MSC_BUILD int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) diff --git a/src/include/ndpi_patricia_typedefs.h b/src/include/ndpi_patricia_typedefs.h index 29e426b3c..f062677bd 100644 --- a/src/include/ndpi_patricia_typedefs.h +++ b/src/include/ndpi_patricia_typedefs.h @@ -66,20 +66,26 @@ #define UV16_MAX_USER_VALUES 2 +struct patricia_uv16 { + u_int16_t user_value, additional_user_value; +}; + +struct patricia_uv16_list { + struct patricia_uv16 value; + struct patricia_uv16_list *next; +}; + +struct patricia_uv32 { + u_int32_t user_value, additional_user_value; +}; + /* pointer to user data (ex. route flap info) */ union ndpi_patricia_node_value_t { /* User-defined values */ union { - struct { - u_int16_t user_value, additional_user_value; - } uv16[UV16_MAX_USER_VALUES]; - - struct { - u_int32_t user_value, additional_user_value; - } uv32; - - u_int64_t uv64; - + struct patricia_uv16 uv16[UV16_MAX_USER_VALUES]; + struct patricia_uv32 uv32; + u_int64_t uv64; void *user_data; } u; }; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c7a39ca12..45a98a0e1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1,7 +1,7 @@ /* * ndpi_typedefs.h * - * Copyright (C) 2011-22 - ntop.org + * Copyright (C) 2011-23 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -1156,18 +1156,18 @@ struct ndpi_detection_module_struct { risky_domain_automa, tls_cert_subject_automa, host_risk_mask_automa, common_alpns_automa; /* IMPORTANT: please, whenever you add a new automa: - * update ndpi_finalize_initialization() - * update automa_type above - */ + * update ndpi_finalize_initialization() + * update automa_type above + */ ndpi_str_hash *malicious_ja3_hashmap, *malicious_sha1_hashmap; ndpi_list *trusted_issuer_dn; - - void *ip_risk_mask_ptree; - void *ip_risk_ptree; - /* IP-based protocol detection */ - void *protocols_ptree; + + /* Patricia trees */ + ndpi_patricia_tree_t *ip_risk_mask_ptree; + ndpi_patricia_tree_t *ip_risk_ptree; + ndpi_patricia_tree_t *protocols_ptree; /* IP-based protocol detection */ /* *** If you add a new Patricia tree, please update ptree_type above! *** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ffb38b1cc..4033bbdae 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2164,22 +2164,22 @@ void ndpi_patricia_get_stats(ndpi_patricia_tree_t *tree, struct ndpi_patricia_tr /* ******************************************************************** */ int ndpi_get_patricia_stats(struct ndpi_detection_module_struct *ndpi_struct, - ptree_type ptree_type, - struct ndpi_patricia_tree_stats *stats) { + ptree_type ptree_type, + struct ndpi_patricia_tree_stats *stats) { if(!ndpi_struct || !stats) return -1; switch(ptree_type) { case NDPI_PTREE_RISK_MASK: - ndpi_patricia_get_stats((ndpi_patricia_tree_t *)ndpi_struct->ip_risk_mask_ptree, stats); + ndpi_patricia_get_stats(ndpi_struct->ip_risk_mask_ptree, stats); return 0; case NDPI_PTREE_RISK: - ndpi_patricia_get_stats((ndpi_patricia_tree_t *)ndpi_struct->ip_risk_ptree, stats); + ndpi_patricia_get_stats(ndpi_struct->ip_risk_ptree, stats); return 0; case NDPI_PTREE_PROTOCOLS: - ndpi_patricia_get_stats((ndpi_patricia_tree_t *)ndpi_struct->protocols_ptree, stats); + ndpi_patricia_get_stats(ndpi_struct->protocols_ptree, stats); return 0; default: @@ -2336,12 +2336,27 @@ u_int16_t ndpi_network_port_ptree_match(struct ndpi_detection_module_struct *ndp if(node) { int i; - + struct patricia_uv16_list *item; + for(i=0; i<UV16_MAX_USER_VALUES; i++) { if((node->value.u.uv16[i].additional_user_value == 0) || (node->value.u.uv16[i].additional_user_value == port)) return(node->value.u.uv16[i].user_value); } + + /* + If we're here it means that we don't have + enough room for our custom value so we need + to check the custom_user_data pointer. + */ + item = (struct patricia_uv16_list*)node->data; + + while(item != NULL) { + if(item->value.additional_user_value == port) + return(item->value.user_value); + else + item = item->next; + } } return(NDPI_PROTOCOL_UNKNOWN); @@ -2505,14 +2520,32 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) { int i; - + struct patricia_uv16_list *item; + for(i=0; i<UV16_MAX_USER_VALUES; i++) { if(node->value.u.uv16[i].user_value == 0) { node->value.u.uv16[i].user_value = protocol_id, node->value.u.uv16[i].additional_user_value = htons(port); + return(0); } - } + } /* for */ + + /* + If we're here it means that we don't have + enough room for our custom value + */ + item = (struct patricia_uv16_list*)ndpi_malloc(sizeof(struct patricia_uv16_list)); + + if(item != NULL) { + item->value.user_value = protocol_id, + item->value.additional_user_value = htons(port), + item->next = (struct patricia_uv16_list*)node->data; + + node->data = item; + return(0); + } + return(-1); /* All slots are full */ } @@ -3295,7 +3328,14 @@ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str /* *********************************************** */ static void free_ptree_data(void *data) { - ; + struct patricia_uv16_list *item = (struct patricia_uv16_list *)data; + + while(item != NULL) { + struct patricia_uv16_list *next = item->next; + + free(item); + item = next; + } } /* ****************************************************** */ @@ -3315,7 +3355,7 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) { for(i = 0; (i < MAX_NBPF_CUSTOM_PROTO) && (ndpi_str->nbpf_custom_proto[i].tree != NULL); i++) nbpf_free(ndpi_str->nbpf_custom_proto[i].tree); #endif - + /* NDPI_PROTOCOL_TINC */ if(ndpi_str->tinc_cache) cache_free((cache_t)(ndpi_str->tinc_cache)); @@ -3348,10 +3388,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) { ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->protocols_ptree, free_ptree_data); if(ndpi_str->ip_risk_mask_ptree) - ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_mask_ptree, free_ptree_data); + ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_mask_ptree, NULL); if(ndpi_str->ip_risk_ptree) - ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree, free_ptree_data); + ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree, NULL); if(ndpi_str->udpRoot != NULL) ndpi_tdestroy(ndpi_str->udpRoot, ndpi_free); if(ndpi_str->tcpRoot != NULL) ndpi_tdestroy(ndpi_str->tcpRoot, ndpi_free); |