diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 24 | ||||
| -rw-r--r-- | example/reader_util.c | 24 | ||||
| -rw-r--r-- | example/reader_util.h | 8 |
3 files changed, 47 insertions, 9 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index f7482ca65..5eb47f741 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1522,6 +1522,30 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.protocol_by_ip)); + if(flow->multimedia_flow_type != ndpi_multimedia_unknown_flow) { + const char *content; + + switch(flow->multimedia_flow_type) { + case ndpi_multimedia_audio_flow: + content = "Audio"; + break; + + case ndpi_multimedia_video_flow: + content = "Video"; + break; + + case ndpi_multimedia_screen_sharing_flow: + content = "Screen Sharing"; + break; + + default: + content = "???"; + break; + } + + fprintf(out, "[Stream Content: %s]", content); + } + fprintf(out, "[%s]", ndpi_is_encrypted_proto(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol) ? "Encrypted" : "ClearText"); diff --git a/example/reader_util.c b/example/reader_util.c index a35eaf3c5..d044fb76a 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1,7 +1,7 @@ /* * reader_util.c * - * Copyright (C) 2011-22 - ntop.org + * Copyright (C) 2011-23 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -1141,16 +1141,17 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->num_dissector_calls = flow->ndpi_flow->num_dissector_calls; ndpi_snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", - flow->ndpi_flow->host_server_name); + flow->ndpi_flow->host_server_name); ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", - flow->ndpi_flow->flow_extra_info); + flow->ndpi_flow->flow_extra_info); flow->risk = flow->ndpi_flow->risk; if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP)) { if(flow->ndpi_flow->protos.dhcp.fingerprint[0] != '\0') flow->dhcp_fingerprint = ndpi_strdup(flow->ndpi_flow->protos.dhcp.fingerprint); + if(flow->ndpi_flow->protos.dhcp.class_ident[0] != '\0') flow->dhcp_class_ident = ndpi_strdup(flow->ndpi_flow->protos.dhcp.class_ident); } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_BITTORRENT) && @@ -1160,6 +1161,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(flow->ndpi_flow->protos.bittorrent.hash[0] != '\0') { flow->bittorent_hash = ndpi_malloc(sizeof(flow->ndpi_flow->protos.bittorrent.hash) * 2 + 1); + if(flow->bittorent_hash) { for(i=0, j = 0; i < sizeof(flow->ndpi_flow->protos.bittorrent.hash); i++) { sprintf(&flow->bittorent_hash[j], "%02x", @@ -1167,6 +1169,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl j += 2; } + flow->bittorent_hash[j] = '\0'; } } @@ -1369,6 +1372,11 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } + if(is_ndpi_proto(flow, NDPI_PROTOCOL_ZOOM)) + flow->multimedia_flow_type = flow->ndpi_flow->zoom.flow_type; + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SKYPE_TEAMS_CALL)) + flow->multimedia_flow_type = flow->ndpi_flow->skype_teams.flow_type; + /* HTTP metadata are "global" not in `flow->ndpi_flow->protos` union; for example, we can have HTTP/BitTorrent and in that case we want to export also HTTP attributes */ if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP) @@ -1388,8 +1396,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl sizeof(flow->http.user_agent), "%s", (flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : "")); - if (workflow->ndpi_serialization_format != ndpi_serialization_format_unknown) - { + if (workflow->ndpi_serialization_format != ndpi_serialization_format_unknown) { if (ndpi_flow2json(workflow->ndpi_struct, flow->ndpi_flow, flow->ip_version, flow->protocol, flow->vlan_id, @@ -1397,17 +1404,16 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl &flow->src_ip6, &flow->dst_ip6, flow->src_port, flow->dst_port, flow->detected_protocol, - &flow->ndpi_flow_serializer) != 0) - { + &flow->ndpi_flow_serializer) != 0) { LOG(NDPI_LOG_ERROR, "flow2json failed\n"); exit(-1); } + ndpi_serialize_string_uint32(&flow->ndpi_flow_serializer, "detection_completed", flow->detection_completed); ndpi_serialize_string_uint32(&flow->ndpi_flow_serializer, "check_extra_packets", flow->check_extra_packets); } - if(flow->detection_completed && (!flow->check_extra_packets)) { - + if(flow->detection_completed && (!flow->check_extra_packets)) { flow->flow_payload = flow->ndpi_flow->flow_payload, flow->flow_payload_len = flow->ndpi_flow->flow_payload_len; flow->ndpi_flow->flow_payload = NULL; /* We'll free the memory */ diff --git a/example/reader_util.h b/example/reader_util.h index c5c399cd5..3b185d347 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -214,30 +214,36 @@ typedef struct ndpi_flow_info { *pktlen_c_to_s, *pktlen_s_to_c; enum info_type info_type; + union { char info[256]; + struct { unsigned char auth_failed; char username[127]; char password[128]; } ftp_imap_pop_smtp; + struct { char domain[85]; char hostname[85]; char username[86]; } kerberos; + struct { char ip[16]; char port[6]; char hostname[48]; char fqdn[48]; } softether; + struct { char identity_uuid[36]; char machine[48]; char platform[32]; char services[48]; } tivoconnect; + struct { uint16_t result_code; uint16_t internal_port; @@ -289,6 +295,8 @@ typedef struct ndpi_flow_info { char *username, *password; } telnet; + ndpi_multimedia_flow_type multimedia_flow_type; + void *src_id, *dst_id; struct ndpi_entropy *entropy; |