aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--example/ndpiReader.c29
-rw-r--r--src/include/ndpi_typedefs.h1
-rw-r--r--src/lib/ndpi_content_match.c.inc2
-rw-r--r--src/lib/protocols/dhcp.c7
5 files changed, 27 insertions, 14 deletions
diff --git a/README.md b/README.md
index d9802fc2d..5aff79ae9 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ The entire procedure of adding new protocols in detail:
1. Add new protocol together with its unique ID to: src/include/ndpi_protocol_ids.h
2. Create a new protocol in: src/lib/protocols/
-3. Variables to be kept for the duration of the entire flow (as state variables) needs to be placed in: /include/ndpi_structs.h in ndpi_flow_tcp_struct (for TCP only), ndpi_flow_udp_struct (for UDP only), or ndpi_flow_struct (for both).
+3. Variables to be kept for the duration of the entire flow (as state variables) need to be placed in: src/include/ndpi_typedefs.h in ndpi_flow_tcp_struct (for TCP only), ndpi_flow_udp_struct (for UDP only), or ndpi_flow_struct (for both).
4. Add a new entry for the search function for the new protocol in: src/include/ndpi_protocols.h
5. Choose (do not change anything) a selection bitmask from: src/include/ndpi_define.h
6. Add a new entry in ndpi_set_protocol_detection_bitmask2 in: src/lib/ndpi_main.c
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 8d8ee47b0..710839261 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -96,6 +96,7 @@ static struct timeval pcap_start, pcap_end;
static time_t capture_for = 0;
static time_t capture_until = 0;
static u_int32_t num_flows;
+static struct ndpi_detection_module_struct *ndpi_info_mod = NULL;
struct flow_info {
struct ndpi_flow_info *flow;
@@ -272,8 +273,7 @@ static void help(u_int long_help) {
if(long_help) {
printf("\n\nSupported protocols:\n");
num_threads = 1;
- setupDetection(0, NULL);
- ndpi_dump_protocols(ndpi_thread_info[0].workflow->ndpi_struct);
+ ndpi_dump_protocols(ndpi_info_mod);
}
exit(!long_help);
}
@@ -365,34 +365,30 @@ int cmpFlows(const void *_a, const void *_b) {
void extcap_config() {
int i, argidx = 0;
- struct ndpi_detection_module_struct *ndpi_mod;
struct ndpi_proto_sorter *protos;
/* -i <interface> */
- printf("arg {number=%d}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}"
+ printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}"
"{tooltip=The interface name}\n", argidx++);
printf("arg {number=%d}{call=-i}{display=Pcap File to Analyze}{type=fileselect}"
"{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++);
- setupDetection(0, NULL);
- ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct;
-
- protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols);
+ protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter) * ndpi_info_mod->ndpi_num_supported_protocols);
if(!protos) exit(0);
- for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
+ for(i=0; i<(int) ndpi_info_mod->ndpi_num_supported_protocols; i++) {
protos[i].id = i;
- snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_mod->proto_defaults[i].protoName);
+ snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_info_mod->proto_defaults[i].protoName);
}
- qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto);
+ qsort(protos, ndpi_info_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto);
printf("arg {number=%d}{call=-9}{display=nDPI Protocol Filter}{type=selector}"
"{tooltip=nDPI Protocol to be filtered}\n", argidx);
printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)");
- for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++)
+ for(i=0; i<(int)ndpi_info_mod->ndpi_num_supported_protocols; i++)
printf("value {arg=%d}{value=%d}{display=%s (%d)}\n", argidx, protos[i].id,
protos[i].name, protos[i].id);
@@ -578,7 +574,8 @@ static void parseOptions(int argc, char **argv) {
break;
case '9':
- extcap_packet_filter = atoi(optarg);
+ extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg);
+ if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg);
break;
default:
@@ -1117,6 +1114,8 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u
HASH_DEL(*receivers, r);
free(r);
}
+
+ return(NULL);
}
/* *********************************************** */
@@ -3123,6 +3122,9 @@ int main(int argc, char **argv) {
automataUnitTest();
+ ndpi_info_mod = ndpi_init_detection_module();
+ if (ndpi_info_mod == NULL) return -1;
+
memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info));
parseOptions(argc, argv);
@@ -3153,6 +3155,7 @@ int main(int argc, char **argv) {
if(results_path) free(results_path);
if(results_file) fclose(results_file);
if(extcap_dumper) pcap_dump_close(extcap_dumper);
+ if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod);
return 0;
}
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 33043fde5..c79f57f4d 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1031,6 +1031,7 @@ struct ndpi_flow_struct {
struct {
char fingerprint[48];
+ char class_ident[48];
} dhcp;
} protos;
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index ba14f50f1..4a9ec63cf 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8031,6 +8031,7 @@ ndpi_protocol_match host_match[] = {
{ ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
{ ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+ { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
{ ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
{ ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
{ ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
@@ -8048,6 +8049,7 @@ ndpi_protocol_match host_match[] = {
{ ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
{ ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
{ "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
{ ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index cdf33947e..c46cc1c91 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -104,6 +104,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
"%02X", dhcp->options[i+2+idx] & 0xFF);
offset += 2;
}
+ } else if(id == 60 /* Class Identifier */) {
+ char *name = (char*)&dhcp->options[i+2];
+ int j = 0;
+
+ j = ndpi_min(len, sizeof(flow->protos.dhcp.class_ident)-1);
+ strncpy((char*)flow->protos.dhcp.class_ident, name, j);
+ flow->protos.dhcp.class_ident[j] = '\0';
} else if(id == 12 /* Host Name */) {
char *name = (char*)&dhcp->options[i+2];
int j = 0;
Powered by cgit, Themed by Ted Yin.