diff options
| -rw-r--r-- | example/ndpiReader.c | 21 | ||||
| -rw-r--r-- | example/reader_util.c | 12 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 14 | ||||
| -rw-r--r-- | src/lib/ndpi_cache.c | 39 |
4 files changed, 71 insertions, 15 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d1e5d9bb1..d60e5769d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -94,6 +94,7 @@ static u_int8_t ignore_vlanid = 0; FILE *fingerprint_fp = NULL; /**< for flow fingerprint export */ /** User preferences **/ +char *addr_dump_path = NULL; u_int8_t enable_realtime_output = 0, enable_protocol_guess = NDPI_GIVEUP_GUESS_BY_PORT | NDPI_GIVEUP_GUESS_BY_IP, enable_payload_analyzer = 0, num_bin_clusters = 0, extcap_exit = 0; u_int8_t verbose = 0, enable_flow_stats = 0; bool do_load_lists = false; @@ -468,8 +469,8 @@ static void ndpiCheckIPMatch(char *testChar) { ndpi_load_protocols_file(ndpi_str, _protoFilePath); for(i = 0; i < num_cfgs; i++) { - rc = ndpi_set_config(ndpi_str, - cfgs[i].proto, cfgs[i].param, cfgs[i].value); + rc = ndpi_set_config(ndpi_str, cfgs[i].proto, cfgs[i].param, cfgs[i].value); + if (rc != NDPI_CFG_OK) { fprintf(stderr, "Error setting config [%s][%s][%s]: %s (%d)\n", (cfgs[i].proto != NULL ? cfgs[i].proto : ""), @@ -623,7 +624,7 @@ static void help(u_int long_help) { #endif "[-f <filter>][-s <duration>][-m <duration>][-b <num bin clusters>]\n" " [-p <protos>][-l <loops> [-q][-d][-h][-H][-D][-e <len>][-E <path>][-t][-v <level>]\n" - " [-n <threads>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n" + " [-n <threads>][-N <path>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n" " [-r <file>][-R][-j <file>][-S <file>][-T <num>][-U <num>] [-x <domain>]\n" " [-a <mode>][-B proto_list]\n\n" "Usage:\n" @@ -636,6 +637,7 @@ static void help(u_int long_help) { " -l <num loops> | Number of detection loops (test only)\n" " -n <num threads> | Number of threads. Default: number of interfaces in -i.\n" " | Ignored with pcap files.\n" + " -N <path> | Address cache dump/restore pathxo.\n" " -b <num bin clusters> | Number of bin clusters\n" " -k <file> | Specify a file to write serialized detection results\n" " -K <format> | Specify the serialization format for `-k'\n" @@ -781,6 +783,7 @@ static struct option longopts[] = { { "load-categories", required_argument, NULL, 'G'}, { "loops", required_argument, NULL, 'l'}, { "num-threads", required_argument, NULL, 'n'}, + { "address-cache-dump", required_argument, NULL, 'N'}, { "ignore-vlanid", no_argument, NULL, 'I'}, { "protos", required_argument, NULL, 'p'}, @@ -1094,7 +1097,7 @@ static void parseOptions(int argc, char **argv) { #endif while((opt = getopt_long(argc, argv, - "a:Ab:B:e:E:c:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:Rs:tu:v:V:n:rp:x:X:w:q0123:456:7:89:m:MT:U:", + "a:Ab:B:e:E:c:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:Rs:tu:v:V:n:rp:x:X:w:q0123:456:7:89:m:MN:T:U:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : ""); @@ -1191,6 +1194,10 @@ static void parseOptions(int argc, char **argv) { num_threads = atoi(optarg); break; + case 'N': + addr_dump_path = optarg; + break; + case 'p': _protoFilePath = optarg; break; @@ -2901,8 +2908,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle, memset(&ndpi_thread_info[thread_id], 0, sizeof(ndpi_thread_info[thread_id])); ndpi_thread_info[thread_id].workflow = ndpi_workflow_init(&prefs, pcap_handle, 1, - serialization_format, - g_ctx); + serialization_format, g_ctx); /* Protocols to enable/disable. Default: everything is enabled */ NDPI_BITMASK_SET_ALL(enabled_bitmask); @@ -2970,6 +2976,9 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle, if(enable_doh_dot_detection) ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "tls", "application_blocks_tracking", "enable"); + if(addr_dump_path != NULL) + ndpi_cache_address_restore(ndpi_thread_info[thread_id].workflow->ndpi_struct, addr_dump_path, 0); + ret = ndpi_finalize_initialization(ndpi_thread_info[thread_id].workflow->ndpi_struct); if(ret != 0) { fprintf(stderr, "Error ndpi_finalize_initialization: %d\n", ret); diff --git a/example/reader_util.c b/example/reader_util.c index 5ddb9f000..8ed32cad4 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -80,7 +80,7 @@ extern u_int8_t verbose, human_readeable_string_len; extern u_int8_t max_num_udp_dissected_pkts /* 24 */, max_num_tcp_dissected_pkts /* 80 */; static u_int32_t flow_id = 0; extern FILE *fingerprint_fp; - +extern char *addr_dump_path; u_int8_t enable_doh_dot_detection = 0; extern bool do_load_lists; extern int malloc_size_stats; @@ -404,6 +404,7 @@ int parse_proto_name_list(char *str, NDPI_PROTOCOL_BITMASK *bitmask, int inverte else NDPI_BITMASK_DEL(*bitmask,proto); } + ndpi_exit_detection_module(module); return 0; } @@ -456,6 +457,7 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref if(do_init_flows_root) { workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *)); + if(!workflow->ndpi_flows_root) { ndpi_exit_detection_module(module); ndpi_free(workflow); @@ -592,6 +594,9 @@ void ndpi_workflow_free(struct ndpi_workflow * workflow) { for(i=0; i<workflow->prefs.num_roots; i++) ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer); + if(addr_dump_path != NULL) + ndpi_cache_address_dump(workflow->ndpi_struct, addr_dump_path, 0); + ndpi_exit_detection_module(workflow->ndpi_struct); ndpi_free(workflow->ndpi_flows_root); ndpi_free(workflow); @@ -2020,6 +2025,11 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, *flow_risk = 0 /* NDPI_NO_RISK */; *flow = NULL; + if((addr_dump_path != NULL) && (workflow->stats.raw_packet_count == 0)) { + /* At the first packet flush expired cached addresses */ + ndpi_cache_address_flush_expired(workflow->ndpi_struct, header->ts.tv_sec); + } + /* Increment raw packet counter */ workflow->stats.raw_packet_count++; diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 94ba1f920..c1db4bbfd 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -2337,16 +2337,22 @@ extern "C" { /* Address cache API */ struct ndpi_address_cache* ndpi_init_address_cache(u_int32_t max_num_entries); void ndpi_term_address_cache(struct ndpi_address_cache *cache); - u_int ndpi_address_cache_flush_expired(struct ndpi_address_cache *cache, u_int32_t epoch_now); + u_int32_t ndpi_address_cache_flush_expired(struct ndpi_address_cache *cache, u_int32_t epoch_now); struct ndpi_address_cache_item* ndpi_address_cache_find(struct ndpi_address_cache *cache, ndpi_ip_addr_t ip_addr, u_int32_t epoch_now); bool ndpi_address_cache_insert(struct ndpi_address_cache *cache, ndpi_ip_addr_t ip_addr, char *hostname, u_int32_t epoch_now, u_int32_t ttl); - - struct ndpi_address_cache_item* ndpi_cache_address_find(struct ndpi_detection_module_struct *ndpi_struct, - ndpi_ip_addr_t ip_addr); bool ndpi_address_cache_dump(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); u_int32_t ndpi_address_cache_restore(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); + + bool ndpi_cache_address(struct ndpi_detection_module_struct *ndpi_struct, + ndpi_ip_addr_t ip_addr, char *hostname, + u_int32_t epoch_now, u_int32_t ttl); + struct ndpi_address_cache_item* ndpi_cache_address_find(struct ndpi_detection_module_struct *ndpi_struct, ndpi_ip_addr_t ip_addr); + bool ndpi_cache_address_dump(struct ndpi_detection_module_struct *ndpi_struct, char *path, u_int32_t epoch_now); + u_int32_t ndpi_cache_address_restore(struct ndpi_detection_module_struct *ndpi_struct, char *path, u_int32_t epoch_now); + u_int32_t ndpi_cache_address_flush_expired(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t epoch_now); + /* ******************************* */ const char *ndpi_lru_cache_idx_to_name(lru_cache_type idx); diff --git a/src/lib/ndpi_cache.c b/src/lib/ndpi_cache.c index 58842b95b..a85cb1623 100644 --- a/src/lib/ndpi_cache.c +++ b/src/lib/ndpi_cache.c @@ -264,10 +264,10 @@ void ndpi_term_address_cache(struct ndpi_address_cache *cache) { /* ***************************************************** */ /* Return the number of purged entries */ -u_int ndpi_address_cache_flush_expired(struct ndpi_address_cache *cache, - u_int32_t epoch_now) { - u_int i, num_purged = 0; - +u_int32_t ndpi_address_cache_flush_expired(struct ndpi_address_cache *cache, + u_int32_t epoch_now) { + u_int32_t i, num_purged = 0; + for(i=0; i<cache->num_root_nodes; i++) { struct ndpi_address_cache_item *root = cache->address_cache_root[i]; struct ndpi_address_cache_item *prev = NULL; @@ -488,3 +488,34 @@ struct ndpi_address_cache_item* ndpi_cache_address_find(struct ndpi_detection_mo return(ndpi_address_cache_find(ndpi_struct->address_cache, ip_addr, 0)); } + +/* ***************************************************** */ + +bool ndpi_cache_address_dump(struct ndpi_detection_module_struct *ndpi_struct, char *path, u_int32_t epoch_now) { + if(ndpi_struct->address_cache == NULL) return(false); + + return(ndpi_address_cache_dump(ndpi_struct->address_cache, path, epoch_now)); +} + +/* ***************************************************** */ + +u_int32_t ndpi_cache_address_restore(struct ndpi_detection_module_struct *ndpi_struct, char *path, u_int32_t epoch_now) { + if(ndpi_struct->address_cache == NULL) { + if(ndpi_struct->cfg.address_cache_size == 0) + return(0); + + if((ndpi_struct->address_cache = ndpi_init_address_cache(ndpi_struct->cfg.address_cache_size)) == 0) + return(0); + } + + return(ndpi_address_cache_restore(ndpi_struct->address_cache, path, epoch_now)); +} + +/* ***************************************************** */ + +u_int32_t ndpi_cache_address_flush_expired(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t epoch_now) { + if(ndpi_struct->address_cache == NULL) + return(0); + else + return(ndpi_address_cache_flush_expired(ndpi_struct->address_cache, epoch_now)); +} |