diff options
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0d84e6f87..e5119692b 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -197,7 +197,8 @@ typedef struct ndpi_flow { // result only, not used for flow identification ndpi_protocol detected_protocol; - char host_server_name[256]; + char host_server_name[192]; + char bittorent_hash[41]; struct { char client_certificate[48], server_certificate[48]; @@ -528,6 +529,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow *flow) { if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); if(flow->ssl.client_certificate[0] != '\0') fprintf(out, "[SSL client: %s]", flow->ssl.client_certificate); if(flow->ssl.server_certificate[0] != '\0') fprintf(out, "[SSL server: %s]", flow->ssl.server_certificate); + if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); fprintf(out, "\n"); } else { @@ -538,7 +540,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow *flow) { json_object_object_add(jObj,"host_a.name",json_object_new_string(flow->lower_name)); json_object_object_add(jObj,"host_a.port",json_object_new_int(ntohs(flow->lower_port))); json_object_object_add(jObj,"host_b.name",json_object_new_string(flow->upper_name)); - json_object_object_add(jObj,"host_n.port",json_object_new_int(ntohs(flow->upper_port))); + json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->upper_port))); if(flow->detected_protocol.master_protocol) json_object_object_add(jObj,"detected.masterprotocol",json_object_new_int(flow->detected_protocol.master_protocol)); @@ -590,8 +592,8 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow *flow) { static void free_ndpi_flow(struct ndpi_flow *flow) { if(flow->ndpi_flow) { ndpi_free_flow(flow->ndpi_flow); flow->ndpi_flow = NULL; } - if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } - if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } + if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } + if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } } @@ -651,6 +653,9 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept u_int16_t thread_id = *((u_int16_t *) user_data); if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ + if((!flow->detection_completed) && flow->ndpi_flow) + flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].ndpi_struct, flow->ndpi_flow); + if(enable_protocol_guess) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { node_guess_undetected_protocol(thread_id, flow); @@ -1066,11 +1071,25 @@ static unsigned int packet_processing(u_int16_t thread_id, snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) { + int i, j, n = 0; + + for(i=0, j = 0; i<20; i++) { + sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); + j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + } + + if(n == 0) flow->bittorent_hash[0] = '\0'; + } + if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", flow->ndpi_flow->protos.ssl.client_certificate); snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", flow->ndpi_flow->protos.ssl.server_certificate); } + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) + flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[thread_id].ndpi_struct, flow->ndpi_flow); + free_ndpi_flow(flow); if(verbose > 1) { @@ -1091,10 +1110,16 @@ static unsigned int packet_processing(u_int16_t thread_id, ndpi_twalk(ndpi_thread_info[thread_id].ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_idle_scan_walker, &thread_id); /* remove idle flows (unfortunately we cannot do this inline) */ - while (ndpi_thread_info[thread_id].num_idle_flows > 0) - ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], - &ndpi_thread_info[thread_id].ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_cmp); - + while (ndpi_thread_info[thread_id].num_idle_flows > 0) { + + /* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */ + ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], &ndpi_thread_info[thread_id].ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_cmp); + + /* free the memory associated to idle flow in "idle_flows" - (see struct reader thread)*/ + free_ndpi_flow(ndpi_thread_info[thread_id].idle_flows[ndpi_thread_info[thread_id].num_idle_flows]); + ndpi_free(ndpi_thread_info[thread_id].idle_flows[ndpi_thread_info[thread_id].num_idle_flows]); + } + if(++ndpi_thread_info[thread_id].idle_scan_idx == NUM_ROOTS) ndpi_thread_info[thread_id].idle_scan_idx = 0; ndpi_thread_info[thread_id].last_idle_scan_time = ndpi_thread_info[thread_id].last_time; } @@ -1434,6 +1459,7 @@ static void printResults(u_int64_t tot_usec) { static void closePcapFile(u_int16_t thread_id) { if(ndpi_thread_info[thread_id]._pcap_handle != NULL) { pcap_close(ndpi_thread_info[thread_id]._pcap_handle); + } } @@ -1729,7 +1755,7 @@ static void pcap_packet_callback(u_char *args, break; default: - printf("Unknown datalink %d\n", datalink_type); + /* printf("Unknown datalink %d\n", datalink_type); */ return; } @@ -1946,7 +1972,7 @@ void *processing_thread(void *_thread_id) { goto pcap_loop; } } - + return NULL; } |