3 files changed, 42 insertions, 25 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 3e8eb6241..bbc78bf02 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1145,6 +1145,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
     fprintf(out, "[< 1 sec]");
 
   if(flow->telnet.username[0] != '\0')  fprintf(out, "[Username: %s]", flow->telnet.username);
+  if(flow->telnet.password[0] != '\0')  fprintf(out, "[Password: %s]", flow->telnet.password);
   if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name);
 
   if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info);
diff --git a/example/reader_util.c b/example/reader_util.c
index 8646018e3..b90cf8256 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -972,19 +972,23 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 	  || /* POP */  is_ndpi_proto(flow, NDPI_PROTOCOL_MAIL_POP)
 	  || /* SMTP */ is_ndpi_proto(flow, NDPI_PROTOCOL_MAIL_SMTP)) {
     if(flow->ndpi_flow->protos.ftp_imap_pop_smtp.username[0] != '\0')
-      snprintf(flow->info, sizeof(flow->info), "User: %s][Pwd: %s",
+      snprintf(flow->info, sizeof(flow->info), "User: %s][Pwd: %s%s",
 	       flow->ndpi_flow->protos.ftp_imap_pop_smtp.username,
-	       flow->ndpi_flow->protos.ftp_imap_pop_smtp.password);
+	       flow->ndpi_flow->protos.ftp_imap_pop_smtp.password,
+	       flow->ndpi_flow->protos.ftp_imap_pop_smtp.auth_failed ? "][Auth Failed" : "");
   }
   /* KERBEROS */
   else if(is_ndpi_proto(flow, NDPI_PROTOCOL_KERBEROS)) {
     if((flow->ndpi_flow->protos.kerberos.hostname[0] != '\0')
        || (flow->ndpi_flow->protos.kerberos.username[0] != '\0')) {
-      snprintf(flow->info, sizeof(flow->info), "%s%s (%s)",
+      snprintf(flow->info, sizeof(flow->info), "%s%s%s%s",
+	       flow->ndpi_flow->protos.kerberos.domain /* = realm */,
+	       flow->ndpi_flow->protos.kerberos.domain[0] != '\0' ? "\\" : "",
 	       flow->ndpi_flow->protos.kerberos.hostname,
-	       flow->ndpi_flow->protos.kerberos.username,
+	       flow->ndpi_flow->protos.kerberos.username);
+    } else if(flow->ndpi_flow->protos.kerberos.domain[0] != '\0')
+      snprintf(flow->info, sizeof(flow->info), "%s",
 	       flow->ndpi_flow->protos.kerberos.domain);
-    }
   }
   /* HTTP */
   else if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_HTTP)
@@ -997,6 +1001,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     }
   } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_TELNET)) {
     snprintf(flow->telnet.username, sizeof(flow->telnet.username), "%s", flow->ndpi_flow->protos.telnet.username);
+    snprintf(flow->telnet.password, sizeof(flow->telnet.password), "%s", flow->ndpi_flow->protos.telnet.password);
   } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SSH)) {
     snprintf(flow->ssh_tls.client_info, sizeof(flow->ssh_tls.client_info), "%s",
 	     flow->ndpi_flow->protos.ssh.client_signature);
@@ -1212,21 +1217,21 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
       if((flow->entropy.src2dst_pkt_count+flow->entropy.dst2src_pkt_count) <= max_num_packets_per_flow) {
         if(flow->bidirectional)
           flow->entropy.score = ndpi_classify(flow->entropy.src2dst_pkt_len, flow->entropy.src2dst_pkt_time,
-				     flow->entropy.dst2src_pkt_len, flow->entropy.dst2src_pkt_time,
-				     flow->entropy.src2dst_start, flow->entropy.dst2src_start,
-				     max_num_packets_per_flow, flow->src_port, flow->dst_port,
-				     flow->src2dst_packets, flow->dst2src_packets,
-				     flow->entropy.src2dst_opackets, flow->entropy.dst2src_opackets,
-				     flow->entropy.src2dst_l4_bytes, flow->entropy.dst2src_l4_bytes, 1,
-				     flow->entropy.src2dst_byte_count, flow->entropy.dst2src_byte_count);
-       else
-         flow->entropy.score = ndpi_classify(flow->entropy.src2dst_pkt_len, flow->entropy.src2dst_pkt_time,
-				     NULL, NULL, flow->entropy.src2dst_start, flow->entropy.src2dst_start,
-				     max_num_packets_per_flow, flow->src_port, flow->dst_port,
-				     flow->src2dst_packets, 0,
-				     flow->entropy.src2dst_opackets, 0,
-				     flow->entropy.src2dst_l4_bytes, 0, 1,
-				     flow->entropy.src2dst_byte_count, NULL);
+					      flow->entropy.dst2src_pkt_len, flow->entropy.dst2src_pkt_time,
+					      flow->entropy.src2dst_start, flow->entropy.dst2src_start,
+					      max_num_packets_per_flow, flow->src_port, flow->dst_port,
+					      flow->src2dst_packets, flow->dst2src_packets,
+					      flow->entropy.src2dst_opackets, flow->entropy.dst2src_opackets,
+					      flow->entropy.src2dst_l4_bytes, flow->entropy.dst2src_l4_bytes, 1,
+					      flow->entropy.src2dst_byte_count, flow->entropy.dst2src_byte_count);
+	else
+	  flow->entropy.score = ndpi_classify(flow->entropy.src2dst_pkt_len, flow->entropy.src2dst_pkt_time,
+					      NULL, NULL, flow->entropy.src2dst_start, flow->entropy.src2dst_start,
+					      max_num_packets_per_flow, flow->src_port, flow->dst_port,
+					      flow->src2dst_packets, 0,
+					      flow->entropy.src2dst_opackets, 0,
+					      flow->entropy.src2dst_l4_bytes, 0, 1,
+					      flow->entropy.src2dst_byte_count, NULL);
       }
     }
 
@@ -1362,7 +1367,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
   u_int64_t time;
   u_int16_t ip_offset = 0, ip_len;
   u_int16_t frag_off = 0, vlan_id = 0;
-  u_int8_t proto = 0;
+  u_int8_t proto = 0, recheck_type;
   /*u_int32_t label;*/
 
   /* counters */
@@ -1490,6 +1495,8 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
   }
 
 ether_type_check:
+  recheck_type = 0;
+
   /* check ether type */
   switch(type) {
   case VLAN:
@@ -1497,13 +1504,16 @@ ether_type_check:
     type = (packet[ip_offset+2] << 8) + packet[ip_offset+3];
     ip_offset += 4;
     vlan_packet = 1;
+    
     // double tagging for 802.1Q
     while((type == 0x8100) && (ip_offset < header->caplen)) {
       vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF;
       type = (packet[ip_offset+2] << 8) + packet[ip_offset+3];
       ip_offset += 4;
     }
+    recheck_type = 1;
     break;
+    
   case MPLS_UNI:
   case MPLS_MULTI:
     mpls.u32 = *((uint32_t *) &packet[ip_offset]);
@@ -1516,16 +1526,23 @@ ether_type_check:
       mpls.u32 = ntohl(mpls.u32);
       ip_offset += 4;
     }
+    recheck_type = 1;
     break;
+    
   case PPPoE:
     workflow->stats.pppoe_count++;
     type = ETH_P_IP;
     ip_offset += 8;
+    recheck_type = 1;
     break;
+    
   default:
     break;
   }
-
+  
+  if(recheck_type)
+    goto ether_type_check;
+    
   workflow->stats.vlan_count += vlan_packet;
 
  iph_check:
diff --git a/example/reader_util.h b/example/reader_util.h
index fce34c7c3..c420ca211 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -211,14 +211,13 @@ typedef struct ndpi_flow_info {
   } http;
   
   struct {
-    char username[32];
+    char username[32], password[32];
   } telnet;
   
   void *src_id, *dst_id;
 
   struct ndpi_entropy entropy;
-  struct ndpi_entropy last_entropy;
-  
+  struct ndpi_entropy last_entropy;  
 } ndpi_flow_info_t;