diff options
| -rw-r--r-- | example/ndpiReader.c | 39 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 95 | ||||
| -rw-r--r-- | tests/result/ah.pcapng.out | 2 | ||||
| -rw-r--r-- | tests/result/esp.pcapng.out | 2 | ||||
| -rw-r--r-- | tests/result/gre_no_options.pcapng.out | 2 | ||||
| -rw-r--r-- | tests/result/ipv6_in_gtp.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/ospfv2_add_new_prefix.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/pgm.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/pim.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/sctp.cap.out | 4 |
11 files changed, 92 insertions, 62 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 399316aa9..e82e089db 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1150,39 +1150,6 @@ static void parseOptions(int argc, char **argv) { /* ********************************** */ -/** - * @brief From IPPROTO to string NAME - */ -static char* ipProto2Name(u_int16_t proto_id) { - static char proto[8]; - - switch(proto_id) { - case IPPROTO_TCP: - return("TCP"); - break; - case IPPROTO_UDP: - return("UDP"); - break; - case IPPROTO_ICMP: - return("ICMP"); - break; - case IPPROTO_ICMPV6: - return("ICMPV6"); - break; - case 112: - return("VRRP"); - break; - case IPPROTO_IGMP: - return("IGMP"); - break; - } - - ndpi_snprintf(proto, sizeof(proto), "%u", proto_id); - return(proto); -} - -/* ********************************** */ - #if 0 /** * @brief A faster replacement for inet_ntoa(). @@ -1289,6 +1256,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa u_int8_t known_tls; char buf[32], buf1[64]; char buf_ver[16]; + char l4_proto_name[32]; u_int i; if(csv_fp != NULL) { @@ -1402,7 +1370,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "\t%u(%u)", id, flow->flow_id); #endif - fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); + fprintf(out, "\t%s ", ndpi_get_ip_proto_name(flow->protocol, l4_proto_name, sizeof(l4_proto_name))); fprintf(out, "%s%s%s:%u %s %s%s%s:%u ", (flow->ip_version == 6) ? "[" : "", @@ -2289,7 +2257,6 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi u_int16_t thread_id = *(int *)user_data; u_int16_t sport, dport; char proto[16]; - int r; sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); @@ -2303,7 +2270,7 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi proto[sizeof(proto) - 1] = '\0'; } - if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) + if(flow->protocol == IPPROTO_TCP && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)) { updateScanners(&scannerHosts, flow->src_ip, flow->ip_version, dport); } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 962f68d87..f570ceb3d 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1100,6 +1100,8 @@ extern "C" { ndpi_protocol l7_protocol, ndpi_serializer *serializer); + char *ndpi_get_ip_proto_name(u_int16_t ip_proto, char *name, unsigned int name_len); + void ndpi_md5(const u_char *data, size_t data_len, u_char hash[16]); u_int32_t ndpi_quick_hash(unsigned char *str, u_int str_len); diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 201480c4e..ee6f076ab 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1506,6 +1506,82 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************** */ +char *ndpi_get_ip_proto_name(u_int16_t ip_proto, char *name, unsigned int name_len) { + if(name == NULL || name_len == 0) + return name; + + switch (ip_proto) { + case IPPROTO_TCP: + snprintf(name, name_len, "TCP"); + break; + + case IPPROTO_UDP: + snprintf(name, name_len, "UDP"); + break; + + case NDPI_IPSEC_PROTOCOL_ESP: + snprintf(name, name_len, "ESP"); + break; + + case NDPI_IPSEC_PROTOCOL_AH: + snprintf(name, name_len, "AH"); + break; + + case NDPI_GRE_PROTOCOL_TYPE: + snprintf(name, name_len, "GRE"); + break; + + case NDPI_ICMP_PROTOCOL_TYPE: + snprintf(name, name_len, "ICMP"); + break; + + case NDPI_IGMP_PROTOCOL_TYPE: + snprintf(name, name_len, "IGMP"); + break; + + case NDPI_EGP_PROTOCOL_TYPE: + snprintf(name, name_len, "EGP"); + break; + + case NDPI_SCTP_PROTOCOL_TYPE: + snprintf(name, name_len, "SCTP"); + break; + + case NDPI_PGM_PROTOCOL_TYPE: + snprintf(name, name_len, "PGM"); + break; + + case NDPI_OSPF_PROTOCOL_TYPE: + snprintf(name, name_len, "OSPF"); + break; + + case NDPI_IPIP_PROTOCOL_TYPE: + snprintf(name, name_len, "IPIP"); + break; + + case NDPI_ICMPV6_PROTOCOL_TYPE: + snprintf(name, name_len, "ICMPV6"); + break; + + case NDPI_PIM_PROTOCOL_TYPE: + snprintf(name, name_len, "PIM"); + break; + + case 112: + snprintf(name, name_len, "VRRP"); + break; + + default: + snprintf(name, name_len, "%d", ip_proto); + break; + } + + name[name_len - 1] = '\0'; + return name; +} + +/* ********************************** */ + /* NOTE: serializer is initialized by the function */ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -1517,6 +1593,7 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol l7_protocol, ndpi_serializer *serializer) { char src_name[INET6_ADDRSTRLEN] = {'\0'}, dst_name[INET6_ADDRSTRLEN] = {'\0'}; + char l4_proto_name[32]; if(ip_version == 4) { inet_ntop(AF_INET, &src_v4, src_name, sizeof(src_name)); @@ -1535,23 +1612,7 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_string_uint32(serializer, "ip", ip_version); - switch(l4_protocol) { - case IPPROTO_TCP: - ndpi_serialize_string_string(serializer, "proto", "TCP"); - break; - - case IPPROTO_UDP: - ndpi_serialize_string_string(serializer, "proto", "UDP"); - break; - - case IPPROTO_ICMP: - ndpi_serialize_string_string(serializer, "proto", "ICMP"); - break; - - default: - ndpi_serialize_string_uint32(serializer, "proto", l4_protocol); - break; - } + ndpi_serialize_string_string(serializer, "proto", ndpi_get_ip_proto_name(l4_protocol, l4_proto_name, sizeof(l4_proto_name))); return(ndpi_dpi2json(ndpi_struct, flow, l7_protocol, serializer)); } diff --git a/tests/result/ah.pcapng.out b/tests/result/ah.pcapng.out index fd646404c..47b10d7db 100644 --- a/tests/result/ah.pcapng.out +++ b/tests/result/ah.pcapng.out @@ -23,4 +23,4 @@ Patricia protocols: 4/0 (search/found) IPSec 6 1768 2 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][2 pkts/770 bytes <-> 2 pkts/722 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 51 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 AH 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/esp.pcapng.out b/tests/result/esp.pcapng.out index 138c28dc0..49518667f 100644 --- a/tests/result/esp.pcapng.out +++ b/tests/result/esp.pcapng.out @@ -23,4 +23,4 @@ Patricia protocols: 4/0 (search/found) IPSec 6 1856 2 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][2 pkts/786 bytes <-> 2 pkts/738 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 50 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 ESP 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/gre_no_options.pcapng.out b/tests/result/gre_no_options.pcapng.out index c29776a01..8db0d6f85 100644 --- a/tests/result/gre_no_options.pcapng.out +++ b/tests/result/gre_no_options.pcapng.out @@ -21,4 +21,4 @@ Patricia protocols: 2/0 (search/found) GRE 2 276 1 - 1 47 203.0.113.1:0 <-> 192.0.2.2:0 [proto: 80/GRE][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 GRE 203.0.113.1:0 <-> 192.0.2.2:0 [proto: 80/GRE][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ipv6_in_gtp.pcap.out b/tests/result/ipv6_in_gtp.pcap.out index 506aa196f..5c21cfb0c 100644 --- a/tests/result/ipv6_in_gtp.pcap.out +++ b/tests/result/ipv6_in_gtp.pcap.out @@ -23,5 +23,5 @@ Patricia protocols: 0/0 (search/found) IPSec 1 166 1 RTP 1 150 1 - 1 50 [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 ESP [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [2607:fc20:4052:39e:490a:ea4d:17fe:e09c]:49120 -> [fd00:976a:bc67:193e::7]:25658 [VLAN: 5][proto: GTP:87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Media/1][1 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ospfv2_add_new_prefix.pcap.out b/tests/result/ospfv2_add_new_prefix.pcap.out index 8c8bbb521..6607ebf73 100644 --- a/tests/result/ospfv2_add_new_prefix.pcap.out +++ b/tests/result/ospfv2_add_new_prefix.pcap.out @@ -21,4 +21,4 @@ Patricia protocols: 2/0 (search/found) OSPF 2 200 1 - 1 89 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 85/OSPF][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 OSPF 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 85/OSPF][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/pgm.pcap.out b/tests/result/pgm.pcap.out index fcd30795d..549b3e26d 100644 --- a/tests/result/pgm.pcap.out +++ b/tests/result/pgm.pcap.out @@ -21,4 +21,4 @@ Patricia protocols: 2/0 (search/found) PGM 1000 196302 1 - 1 113 10.244.64.154:0 -> 235.0.1.47:0 [proto: 296/PGM][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1000 pkts/196302 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][78.91 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/0 1479/0 169/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 196/0 1344/0 201/0][PLAIN TEXT (PORTFOLIO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 PGM 10.244.64.154:0 -> 235.0.1.47:0 [proto: 296/PGM][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1000 pkts/196302 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][78.91 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/0 1479/0 169/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 196/0 1344/0 201/0][PLAIN TEXT (PORTFOLIO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/pim.pcap.out b/tests/result/pim.pcap.out index 4725b5258..287f10f17 100644 --- a/tests/result/pim.pcap.out +++ b/tests/result/pim.pcap.out @@ -21,4 +21,4 @@ Patricia protocols: 2/0 (search/found) IP_PIM 10 920 1 - 1 103 192.168.203.234:0 -> 224.0.0.13:0 [proto: 297/IP_PIM][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][10 pkts/920 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][9.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 999/0 1001/0 1006/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 92/0 108/0 8/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 PIM 192.168.203.234:0 -> 224.0.0.13:0 [proto: 297/IP_PIM][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][10 pkts/920 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][9.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 999/0 1001/0 1006/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 92/0 108/0 8/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/sctp.cap.out b/tests/result/sctp.cap.out index 496f0e467..13b66d2bf 100644 --- a/tests/result/sctp.cap.out +++ b/tests/result/sctp.cap.out @@ -21,5 +21,5 @@ Patricia protocols: 4/0 (search/found) SCTP 4 340 2 - 1 132 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 132 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 SCTP 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 SCTP 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |