diff options
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 234 |
1 files changed, 95 insertions, 139 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1b9f070d4..88dba03e9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -42,17 +42,15 @@ #include <pcap.h> #include <signal.h> #include <pthread.h> +#include <sys/socket.h> #include "../config.h" +#include "ndpi_api.h" #ifdef HAVE_JSON_C #include <json.h> #endif -#include "ndpi_api.h" - -#include <sys/socket.h> - #define MAX_NUM_READER_THREADS 16 #define IDLE_SCAN_PERIOD 10 /* msec (use detection_tick_resolution = 1000) */ #define MAX_IDLE_TIME 30000 @@ -77,6 +75,7 @@ #define MPLS_UNI 0x8847 #define MPLS_MULTI 0x8848 #define PPPoE 0x8864 +#define SNAP 0xaa /* mask for FCF */ #define WIFI_DATA 0x2 /* 0000 0010 */ @@ -654,16 +653,6 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept struct ndpi_flow *flow = *(struct ndpi_flow **) node; u_int16_t thread_id = *((u_int16_t *) user_data); -#if 0 - printf("<%d>Walk on node %s (%p)\n", - depth, - which == preorder?"preorder": - which == postorder?"postorder": - which == endorder?"endorder": - which == leaf?"leaf": "unknown", - flow); -#endif - if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ if(enable_protocol_guess) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { @@ -727,7 +716,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id, const u_int8_t version, u_int16_t vlan_id, const struct ndpi_iphdr *iph, - const struct ndpi_ip6_hdr *iph6, + const struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, u_int16_t ipsize, u_int16_t l4_packet_len, @@ -764,7 +753,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id, l4_offset = iph->ihl * 4; l3 = (u_int8_t*)iph; } else { - l4_offset = sizeof(struct ndpi_ip6_hdr); + l4_offset = sizeof(struct ndpi_ipv6hdr); l3 = (u_int8_t*)iph6; } @@ -941,7 +930,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id, static struct ndpi_flow *get_ndpi_flow6(u_int16_t thread_id, u_int16_t vlan_id, - const struct ndpi_ip6_hdr *iph6, + const struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, struct ndpi_tcphdr **tcph, struct ndpi_udphdr **udph, @@ -961,13 +950,13 @@ static struct ndpi_flow *get_ndpi_flow6(u_int16_t thread_id, iph.protocol = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; if(iph.protocol == 0x3C /* IPv6 destination option */) { - u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ip6_hdr); + u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); iph.protocol = options[0]; } return(get_ndpi_flow(thread_id, 6, vlan_id, &iph, iph6, ip_offset, - sizeof(struct ndpi_ip6_hdr), + sizeof(struct ndpi_ipv6hdr), ntohs(iph6->ip6_ctlun.ip6_un1.ip6_un1_plen), tcph, udph, sport, dport, src, dst, proto, payload, payload_len, src_to_dst_direction)); @@ -995,8 +984,8 @@ static void setupDetection(u_int16_t thread_id) { ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].ndpi_struct, &all); // allocate memory for id and flow tracking - size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); - size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); + size_id_struct = sizeof(struct ndpi_id_struct); + size_flow_struct = sizeof(struct ndpi_flow_struct); // clear memory for results memset(ndpi_thread_info[thread_id].stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].stats.protocol_counter)); @@ -1027,7 +1016,7 @@ static unsigned int packet_processing(u_int16_t thread_id, const u_int64_t time, u_int16_t vlan_id, const struct ndpi_iphdr *iph, - struct ndpi_ip6_hdr *iph6, + struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, u_int16_t ipsize, u_int16_t rawsize) { struct ndpi_id_struct *src, *dst; @@ -1084,31 +1073,6 @@ static unsigned int packet_processing(u_int16_t thread_id, snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", flow->ndpi_flow->protos.ssl.server_certificate); } -#if 0 - if(verbose > 1) { - if(ndpi_is_proto(flow->detected_protocol, NDPI_PROTOCOL_HTTP)) { - char *method; - - printf("[URL] %s\n", ndpi_get_http_url(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)); - printf("[Content-Type] %s\n", ndpi_get_http_content_type(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)); - - switch(ndpi_get_http_method(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)) { - case HTTP_METHOD_OPTIONS: method = "HTTP_METHOD_OPTIONS"; break; - case HTTP_METHOD_GET: method = "HTTP_METHOD_GET"; break; - case HTTP_METHOD_HEAD: method = "HTTP_METHOD_HEAD"; break; - case HTTP_METHOD_POST: method = "HTTP_METHOD_POST"; break; - case HTTP_METHOD_PUT: method = "HTTP_METHOD_PUT"; break; - case HTTP_METHOD_DELETE: method = "HTTP_METHOD_DELETE"; break; - case HTTP_METHOD_TRACE: method = "HTTP_METHOD_TRACE"; break; - case HTTP_METHOD_CONNECT: method = "HTTP_METHOD_CONNECT"; break; - default: method = "HTTP_METHOD_UNKNOWN"; break; - } - - printf("[Method] %s\n", method); - } - } -#endif - free_ndpi_flow(flow); if(verbose > 1) { @@ -1123,11 +1087,6 @@ static unsigned int packet_processing(u_int16_t thread_id, } } -#if 0 - if(ndpi_flow->l4.tcp.host_server_name[0] != '\0') - printf("%s\n", ndpi_flow->l4.tcp.host_server_name); -#endif - if(live_capture) { if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].last_time) { /* scan for idle flows */ @@ -1600,40 +1559,47 @@ static void pcap_packet_callback(u_char *args, /* * Declare pointers to packet headers */ - /** --- Ethernet header --- **/ + + /* --- Ethernet header --- */ const struct ndpi_ethhdr *ethernet; - /** --- Cisco HDLC header --- **/ + /* --- Ethernet II header --- */ + const struct ndpi_ethhdr *ethernet_2; + /* --- LLC header --- */ + const struct ndpi_llc_header *llc; + + /* --- Cisco HDLC header --- */ const struct ndpi_chdlc *chdlc; + /* --- SLARP frame --- */ + struct ndpi_slarp *slarp; + /* --- CDP --- */ + struct ndpi_cdp *cdp; - /** --- ieee802.11 --- **/ - /* Radio Tap header */ + /* --- Radio Tap header --- */ const struct ndpi_radiotap_header *radiotap; - /* LLC header */ - const struct ndpi_llc_header_proto *llc; - /* Data frame */ - const struct ndpi_wifi_data_frame *wifi_data; + /* --- Wifi header --- */ + const struct ndpi_wifi_header *wifi; - /* SLARP frame */ - struct ndpi_slarp *slarp; - /* CDP */ - struct ndpi_cdp *cdp; + /* --- MPLS header --- */ + struct ndpi_mpls_header *mpls; /** --- IP header --- **/ struct ndpi_iphdr *iph; /** --- IPv6 header --- **/ - struct ndpi_ip6_hdr *iph6; + struct ndpi_ipv6hdr *iph6; /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; u_int16_t fc; - int wifi_data_len; - int llc_len; - u_int16_t llc_ether_type; + u_int16_t type; + int wifi_len; + int llc_off; + int pyld_eth_len = 0; + int check; u_int32_t fcs; u_int64_t time; - u_int16_t type, ip_offset, ip_len, ip6_offset; + u_int16_t ip_offset, ip_len, ip6_offset; u_int16_t frag_off = 0, vlan_id = 0; u_int8_t proto = 0; u_int32_t label; @@ -1676,6 +1642,7 @@ static void pcap_packet_callback(u_char *args, datalink_check: switch(datalink_type) { + case DLT_NULL : if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) type = ETH_P_IP; @@ -1684,7 +1651,7 @@ static void pcap_packet_callback(u_char *args, ip_offset = 4 + eth_offset; - /* Cisco PPP in HDLC-like framing - 50*/ + /* Cisco PPP in HDLC-like framing - 50 */ case DLT_PPP_SERIAL: chdlc = (struct ndpi_chdlc *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */ @@ -1702,7 +1669,21 @@ static void pcap_packet_callback(u_char *args, case DLT_EN10MB : ethernet = (struct ndpi_ethhdr *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; - type = ntohs(ethernet->h_proto); + check = ntohs(ethernet->h_lt); + + if(check <= 1500) + pyld_eth_len = check; + else if (check >= 1536) + type = check; + + if(pyld_eth_len != 0) { + /* check for LLC layer with SNAP extension */ + if(packet[ip_offset] == SNAP) { + llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + type = llc->snap.proto_ID; + ip_offset += + 8; + } + } break; /* Linux Cooked Capture - 113 */ @@ -1726,73 +1707,67 @@ static void pcap_packet_callback(u_char *args, fcs = header->len - 4; /* Calculate 802.11 header length (variable) */ - wifi_data = (struct ndpi_wifi_data_frame*)( packet + eth_offset + radio_len); - fc = wifi_data->fc; + wifi = (struct ndpi_wifi_header*)( packet + eth_offset + radio_len); + fc = wifi->fc; /* check wifi data presence */ if(FCF_TYPE(fc) == WIFI_DATA) { if((FCF_TO_DS(fc) && FCF_FROM_DS(fc) == 0x0) || (FCF_TO_DS(fc) == 0x0 && FCF_FROM_DS(fc))) - wifi_data_len = 26; /* + 4 byte fcs */ - - /* TODO: check QoS Control for aggregated MSDU */ + wifi_len = 26; /* + 4 byte fcs */ } else /* no data frames */ break; /* Check ether_type from LLC */ - llc = (struct ndpi_llc_header_proto*)(packet + eth_offset + wifi_data_len + radio_len); - llc_ether_type = ntohs(llc->ether_IP_type); + llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len); + if(llc->dsap == SNAP) + type = ntohs(llc->snap.proto_ID); /* Set IP header offset */ - ip_offset = wifi_data_len + radio_len + sizeof(struct ndpi_llc_header_proto) + eth_offset; + ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset; break; default: return; } - while(1) { - if(type == VLAN) { - vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; - type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + /* check ether type */ + if(type == VLAN) { + vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; + type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + ip_offset += 4; + vlan_packet = 1; + } + else if(type == MPLS_UNI || type == MPLS_MULTI) { + + mpls = (struct ndpi_mpls_header *) &packet[ip_offset]; + label = ntohl(mpls->label); + /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */ + ndpi_thread_info[thread_id].stats.mpls_count++; + type = ETH_P_IP, ip_offset += 4; + + while((label & 0x100) != 0x100) { ip_offset += 4; - vlan_packet = 1; - break; - } - else if(type == MPLS_UNI || type == MPLS_MULTI) { - label = ntohl(*((u_int32_t*)&packet[ip_offset])); - ndpi_thread_info[thread_id].stats.mpls_count++; - type = 0x800, ip_offset += 4; - - while((label & 0x100) != 0x100) { - ip_offset += 4; - label = ntohl(*((u_int32_t*)&packet[ip_offset])); - } - break; - } - else if(type == SLARP) { - slarp = (struct ndpi_slarp *) &packet[ip_offset]; - if(slarp->slarp_type == 0x02 || slarp->slarp_type == 0x00 || slarp->slarp_type == 0x01) { - /* TODO if info are needed */ - } - slarp_pkts++; - break; + label = ntohl(mpls->label); } - else if(type == CISCO_D_PROTO) { - cdp = (struct ndpi_cdp *) &packet[ip_offset]; - cdp_pkts++; - break; - } - else if(type == PPPoE) { - ndpi_thread_info[thread_id].stats.pppoe_count++; - type = 0x0800; - ip_offset += 8; - break; + } + else if(type == SLARP) { + slarp = (struct ndpi_slarp *) &packet[ip_offset]; + if(slarp->slarp_type == 0x02 || slarp->slarp_type == 0x00 || slarp->slarp_type == 0x01) { + /* TODO if info are needed */ } - else - break; - } /* while(1) */ - + slarp_pkts++; + } + else if(type == CISCO_D_PROTO) { + cdp = (struct ndpi_cdp *) &packet[ip_offset]; + cdp_pkts++; + } + else if(type == PPPoE) { + ndpi_thread_info[thread_id].stats.pppoe_count++; + type = ETH_P_IP; + ip_offset += 8; + } + ndpi_thread_info[thread_id].stats.vlan_count += vlan_packet; iph_check: @@ -1836,9 +1811,9 @@ static void pcap_packet_callback(u_char *args, return; } } else if(iph->version == 6) { - iph6 = (struct ndpi_ip6_hdr *)&packet[ip_offset]; + iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; - ip_len = sizeof(struct ndpi_ip6_hdr); + ip_len = sizeof(struct ndpi_ipv6hdr); if(proto == 0x3C /* IPv6 destination option */) { @@ -1848,15 +1823,6 @@ static void pcap_packet_callback(u_char *args, } iph = NULL; - /* tunnel 6in4 */ - /* ipv6in4: */ - /* ip6_offset = ip_len + ip_offset; */ - /* iph6 = (struct ndpi_ip6_hdr *)&packet[ip6_offset]; */ - /* proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; */ - /* ip_len = sizeof(struct ndpi_ip6_hdr); */ - /* ip_offset = ip_len + ip6_offset; */ - /* iph = NULL; */ - } else { static u_int8_t ipv4_warning_used = 0; @@ -2071,16 +2037,6 @@ struct timezone { /* ***************************************************** */ -#if 0 -int gettimeofday(struct timeval *tv, void *notUsed) { - tv->tv_sec = time(NULL); - tv->tv_usec = 0; - return(0); -} -#endif - -/* ***************************************************** */ - int gettimeofday(struct timeval *tv, struct timezone *tz) { FILETIME ft; LARGE_INTEGER li; |