diff options
Diffstat (limited to 'example/reader_util.c')
| -rw-r--r-- | example/reader_util.c | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 53013df0d..cc44296d7 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -969,6 +969,17 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(n == 0) flow->bittorent_hash[0] = '\0'; } + /* DNS */ + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DNS)) { + if(flow->ndpi_flow->protos.dns.rsp_type == 0x1) + inet_ntop(AF_INET, &flow->ndpi_flow->protos.dns.rsp_addr.ipv4, flow->info, sizeof(flow->info)); + else { + inet_ntop(AF_INET6, &flow->ndpi_flow->protos.dns.rsp_addr.ipv6, flow->info, sizeof(flow->info)); + + /* For consistency across platforms replace :0: with :: */ + ndpi_patchIPv6Address(flow->info); + } + } /* MDNS */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_MDNS)) { snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); @@ -1061,6 +1072,15 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->l4.tcp.tls.sha1_certificate_fingerprint, 20); flow->ssh_tls.sha1_cert_fingerprint_set = 1; } + + if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn + && flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions) + snprintf(flow->info, sizeof(flow->info), "ALPN: %s][TLS Supported Versions: %s", + flow->ndpi_flow->protos.stun_ssl.ssl.alpn, + flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions); + else if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) + snprintf(flow->info, sizeof(flow->info), "ALPN: %s", + flow->ndpi_flow->protos.stun_ssl.ssl.alpn); } if(flow->detection_completed && (!flow->check_extra_packets)) { @@ -1279,11 +1299,11 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((proto == IPPROTO_TCP) && ( - is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) - || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) - ) { + is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) + || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) + ) { if((flow->src2dst_packets+flow->dst2src_packets) < 10 /* MIN_NUM_ENCRYPT_SKIP_PACKETS */) skip = 1; } @@ -1298,10 +1318,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, } else { if((proto == IPPROTO_TCP) && ( - is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) - || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) + is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) + || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) ) flow->has_human_readeable_strings = 0; } @@ -1429,7 +1449,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(header->caplen < 40) return(nproto); /* Too short */ - + datalink_check: switch(datalink_type) { case DLT_NULL: @@ -1544,7 +1564,7 @@ ether_type_check: vlan_packet = 1; // double tagging for 802.1Q - while((type == 0x8100) && (ip_offset < (u_int16_t)header->caplen)) { + while((type == 0x8100) && (ip_offset < ((u_int16_t)header->caplen))) { vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; ip_offset += 4; |