diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 50 | ||||
| -rw-r--r-- | example/ndpi_util.c | 203 |
2 files changed, 126 insertions, 127 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8c1ac37ce..76c18537d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -452,7 +452,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { * @brief Unknown Proto Walker */ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - + struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -556,19 +556,19 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, * @brief On Protocol Discover - call node_guess_undetected_protocol() for protocol */ static void on_protocol_discovered(struct ndpi_workflow * workflow, - struct ndpi_flow_info * flow, - void * udata) { - + struct ndpi_flow_info * flow, + void * udata) { + const u_int16_t thread_id = (uintptr_t) udata; if(verbose > 1){ if(enable_protocol_guess) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { flow->detected_protocol.protocol = node_guess_undetected_protocol(thread_id, flow), - flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; + flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; } } - + printFlow(thread_id, flow); } } @@ -609,7 +609,7 @@ static void debug_printf(u_int32_t protocol, void *id_struct, printf("%s", out_buf); fflush(stdout); } - + va_end(va_ap); } #endif @@ -656,7 +656,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { * @brief End of detection and free flow */ static void terminateDetection(u_int16_t thread_id) { - + ndpi_workflow_free(ndpi_thread_info[thread_id].workflow); } @@ -773,7 +773,7 @@ static void printResults(u_int64_t tot_usec) { memset(&cumulative_stats, 0, sizeof(cumulative_stats)); for(thread_id = 0; thread_id < num_threads; thread_id++) { - if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) + if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) && (ndpi_thread_info[thread_id].workflow->stats.raw_packet_count == 0)) continue; @@ -898,7 +898,7 @@ static void printResults(u_int64_t tot_usec) { } #endif } - + if((!json_flag) && (!quiet_mode)) printf("\n\nDetected protocols:\n"); for(i = 0; i <= ndpi_get_num_supported_protocols(ndpi_thread_info[0].workflow->ndpi_struct); i++) { ndpi_protocol_breed_t breed = ndpi_get_proto_breed(ndpi_thread_info[0].workflow->ndpi_struct, i); @@ -1017,9 +1017,9 @@ static void breakPcapLoop(u_int16_t thread_id) { /** * @brief Sigproc is executed for each packet in the pcap file - */ + */ void sigproc(int sig) { - + static int called = 0; int thread_id; @@ -1033,7 +1033,7 @@ void sigproc(int sig) { /** * @brief Get the next pcap file from a passed playlist - */ + */ static int getNextPcapFileFromPlaylist(u_int16_t thread_id, char filename[], u_int32_t filename_len) { if(playlist_fp[thread_id] == NULL) { @@ -1057,7 +1057,7 @@ static int getNextPcapFileFromPlaylist(u_int16_t thread_id, char filename[], u_i /** * @brief Configure the pcap handle - */ + */ static void configurePcapHandle(pcap_t * pcap_handle) { if(_bpf_filter != NULL) { @@ -1077,7 +1077,7 @@ static void configurePcapHandle(pcap_t * pcap_handle) { /** * @brief Open a pcap file or a specified device - Always returns a valid pcap_t - */ + */ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_file) { u_int snaplen = 1536; @@ -1131,10 +1131,10 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi /** * @brief Check pcap packet - */ + */ static void pcap_packet_callback_checked(u_char *args, - const struct pcap_pkthdr *header, - const u_char *packet) { + const struct pcap_pkthdr *header, + const u_char *packet) { u_int16_t thread_id = *((u_int16_t*)args); @@ -1166,8 +1166,8 @@ static void pcap_packet_callback_checked(u_char *args, /* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */ ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], - &ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], - ndpi_workflow_node_cmp); + &ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], + ndpi_workflow_node_cmp); /* free the memory associated to idle flow in "idle_flows" - (see struct reader thread)*/ ndpi_free_flow_info_half(ndpi_thread_info[thread_id].idle_flows[ndpi_thread_info[thread_id].num_idle_flows]); @@ -1201,7 +1201,7 @@ static void runPcapLoop(u_int16_t thread_id) { * @brief Process a running thread */ void * processing_thread(void *_thread_id) { - + long thread_id = (long) _thread_id; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; @@ -1287,13 +1287,13 @@ void automataUnitTest() { assert(ndpi_add_string_to_automa(automa, "world") == 0); ndpi_finalize_automa(automa); assert(ndpi_match_string(automa, "This is the wonderful world of nDPI") == 0); - + ndpi_free_automa(automa); } /** @brief MAIN FUNCTION - **/ +**/ int main(int argc, char **argv) { int i; @@ -1339,7 +1339,7 @@ int main(int argc, char **argv) { /** @brief Timezone - **/ +**/ struct timezone { int tz_minuteswest; /* minutes W of Greenwich */ int tz_dsttime; /* type of dst correction */ @@ -1348,7 +1348,7 @@ struct timezone { /** @brief Set time - **/ +**/ int gettimeofday(struct timeval *tv, struct timezone *tz) { FILETIME ft; LARGE_INTEGER li; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index be421cf12..2f5d10e8d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -74,7 +74,6 @@ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { if(flow->ndpi_flow) { ndpi_free_flow(flow->ndpi_flow); flow->ndpi_flow = NULL; } if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } - } /* ***************************************************** */ @@ -105,11 +104,11 @@ static void free_wrapper(void *freeable) { /* ***************************************************** */ struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle) { - + set_ndpi_malloc(malloc_wrapper), set_ndpi_free(free_wrapper); /* TODO: just needed here to init ndpi malloc wrapper */ struct ndpi_detection_module_struct * module = ndpi_init_detection_module(); - + struct ndpi_workflow * workflow = ndpi_calloc(1, sizeof(struct ndpi_workflow)); workflow->pcap_handle = pcap_handle; @@ -445,94 +444,94 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, u_int16_t ipsize, u_int16_t rawsize) { - struct ndpi_id_struct *src, *dst; - struct ndpi_flow_info *flow = NULL; - struct ndpi_flow_struct *ndpi_flow = NULL; - u_int8_t proto; - struct ndpi_tcphdr *tcph = NULL; - struct ndpi_udphdr *udph = NULL; - u_int16_t sport, dport, payload_len; - u_int8_t *payload; - u_int8_t src_to_dst_direction= 1; - - if(iph) - flow = get_ndpi_flow_info(workflow, 4, vlan_id, iph, NULL, - ip_offset, ipsize, - ntohs(iph->tot_len) - (iph->ihl * 4), - &tcph, &udph, &sport, &dport, - &src, &dst, &proto, - &payload, &payload_len, &src_to_dst_direction); - else - flow = get_ndpi_flow_info6(workflow, vlan_id, iph6, ip_offset, - &tcph, &udph, &sport, &dport, - &src, &dst, &proto, - &payload, &payload_len, &src_to_dst_direction); - - if(flow != NULL) { - workflow->stats.ip_packet_count++; - workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */, - workflow->stats.total_ip_bytes += rawsize; - ndpi_flow = flow->ndpi_flow; - flow->packets++, flow->bytes += rawsize; - flow->last_seen = time; - } else { - return(0); - } + struct ndpi_id_struct *src, *dst; + struct ndpi_flow_info *flow = NULL; + struct ndpi_flow_struct *ndpi_flow = NULL; + u_int8_t proto; + struct ndpi_tcphdr *tcph = NULL; + struct ndpi_udphdr *udph = NULL; + u_int16_t sport, dport, payload_len; + u_int8_t *payload; + u_int8_t src_to_dst_direction= 1; + + if(iph) + flow = get_ndpi_flow_info(workflow, 4, vlan_id, iph, NULL, + ip_offset, ipsize, + ntohs(iph->tot_len) - (iph->ihl * 4), + &tcph, &udph, &sport, &dport, + &src, &dst, &proto, + &payload, &payload_len, &src_to_dst_direction); + else + flow = get_ndpi_flow_info6(workflow, vlan_id, iph6, ip_offset, + &tcph, &udph, &sport, &dport, + &src, &dst, &proto, + &payload, &payload_len, &src_to_dst_direction); + + if(flow != NULL) { + workflow->stats.ip_packet_count++; + workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */, + workflow->stats.total_ip_bytes += rawsize; + ndpi_flow = flow->ndpi_flow; + flow->packets++, flow->bytes += rawsize; + flow->last_seen = time; + } else { + return(0); + } - /* Protocol already detected */ - if(flow->detection_completed) return(0); + /* Protocol already detected */ + if(flow->detection_completed) return(0); - flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, - iph ? (uint8_t *)iph : (uint8_t *)iph6, - ipsize, time, src, dst); + flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, + iph ? (uint8_t *)iph : (uint8_t *)iph6, + ipsize, time, src, dst); - if((flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) - || ((proto == IPPROTO_UDP) && (flow->packets > 8)) - || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ - flow->detection_completed = 1; - } + if((flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) + || ((proto == IPPROTO_UDP) && (flow->packets > 8)) + || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { + /* New protocol detected or give up */ + flow->detection_completed = 1; + } - if(flow->detection_completed) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); - } - - snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", - flow->ndpi_flow->host_server_name); + if(flow->detection_completed) { + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, + flow->ndpi_flow); + } - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) { - int i, j, n = 0; + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", + flow->ndpi_flow->host_server_name); - for(i=0, j = 0; i<20; i++) { - sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; - } + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) { + int i, j, n = 0; - if(n == 0) flow->bittorent_hash[0] = '\0'; + for(i=0, j = 0; i<20; i++) { + sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); + j += 2, n += flow->ndpi_flow->bittorent_hash[i]; } - if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { - snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", - flow->ndpi_flow->protos.ssl.client_certificate); - snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", - flow->ndpi_flow->protos.ssl.server_certificate); - } + if(n == 0) flow->bittorent_hash[0] = '\0'; + } - if(flow->detection_completed) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { - if (workflow->__flow_giveup_callback != NULL) - workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); - } else { - if (workflow->__flow_detected_callback != NULL) - workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); - } + if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { + snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", + flow->ndpi_flow->protos.ssl.client_certificate); + snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", + flow->ndpi_flow->protos.ssl.server_certificate); + } - ndpi_free_flow_info_half(flow); + if(flow->detection_completed) { + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { + if (workflow->__flow_giveup_callback != NULL) + workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); + } else { + if (workflow->__flow_detected_callback != NULL) + workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); } - return 0; + ndpi_free_flow_info_half(flow); + } + + return 0; } /* ****************************************************** */ @@ -693,32 +692,32 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* check ether type */ switch(type) { - case VLAN: - vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; - type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + case VLAN: + vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; + type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + ip_offset += 4; + vlan_packet = 1; + break; + case MPLS_UNI: + case MPLS_MULTI: + mpls = (struct ndpi_mpls_header *) &packet[ip_offset]; + label = ntohl(mpls->label); + /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */ + workflow->stats.mpls_count++; + type = ETH_P_IP, ip_offset += 4; + + while((label & 0x100) != 0x100) { ip_offset += 4; - vlan_packet = 1; - break; - case MPLS_UNI: - case MPLS_MULTI: - mpls = (struct ndpi_mpls_header *) &packet[ip_offset]; label = ntohl(mpls->label); - /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */ - workflow->stats.mpls_count++; - type = ETH_P_IP, ip_offset += 4; - - while((label & 0x100) != 0x100) { - ip_offset += 4; - label = ntohl(mpls->label); - } - break; - case PPPoE: - workflow->stats.pppoe_count++; - type = ETH_P_IP; - ip_offset += 8; - break; - default: - break; + } + break; + case PPPoE: + workflow->stats.pppoe_count++; + type = ETH_P_IP; + ip_offset += 8; + break; + default: + break; } workflow->stats.vlan_count += vlan_packet; |