diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 29 | ||||
| -rw-r--r-- | example/reader_util.c | 11 | ||||
| -rw-r--r-- | example/reader_util.h | 3 |
3 files changed, 41 insertions, 2 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index aad1f9eb9..22af8cfa7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -3353,6 +3353,32 @@ void serializerUnitTest() { /* *********************************************** */ +void analyzeUnitTest() { + struct ndpi_analyze_struct *s = ndpi_init_data_analysis(32); + u_int32_t i; + + for(i=0; i<256; i++) { + ndpi_data_add_value(s, rand()*i); + // ndpi_data_add_value(s, i+1); + } + + // ndpi_data_print_window_values(s); + +#ifdef RUN_DATA_ANALYSIS_THEN_QUIT + printf("Average: [all: %f][window: %f]\n", + ndpi_data_average(s), ndpi_data_window_average(s)); + printf("Entropy: %f\n", ndpi_entropy(s)); +#endif + + ndpi_free_data_analysis(s); + +#ifdef RUN_DATA_ANALYSIS_THEN_QUIT + exit(0); +#endif +} + +/* *********************************************** */ + /** * @brief Produce bpf filter to filter ports and hosts * in order to remove a peak in terms of number of packets @@ -3929,7 +3955,8 @@ int orginal_main(int argc, char **argv) { /* Internal checks */ automataUnitTest(); serializerUnitTest(); - + // analyzeUnitTest(); + gettimeofday(&startup_time, NULL); ndpi_info_mod = ndpi_init_detection_module(); diff --git a/example/reader_util.c b/example/reader_util.c index 2e6cec674..820bd9d57 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -56,6 +56,9 @@ #define SNAP 0xaa #define BSTP 0x42 /* Bridge Spanning Tree Protocol */ +/* Keep last 32 packets */ +#define DATA_ANALUYSIS_SLIDING_WINDOW 32 + /* mask for FCF */ #define WIFI_DATA 0x2 /* 0000 0010 */ #define FCF_TYPE(fc) (((fc) >> 2) & 0x3) /* 0000 0011 = 0x3 */ @@ -259,6 +262,8 @@ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { if(flow->ndpi_flow) { ndpi_flow_free(flow->ndpi_flow); flow->ndpi_flow = NULL; } if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } + if(flow->bytes_c_to_s) ndpi_free_data_analysis(flow->bytes_c_to_s); + if(flow->bytes_s_to_c) ndpi_free_data_analysis(flow->bytes_s_to_c); } /* ***************************************************** */ @@ -693,7 +698,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->src_ip = iph->saddr, newflow->dst_ip = iph->daddr; newflow->src_port = htons(*sport), newflow->dst_port = htons(*dport); newflow->ip_version = version; - + newflow->bytes_c_to_s = ndpi_init_data_analysis(DATA_ANALUYSIS_SLIDING_WINDOW), + newflow->bytes_s_to_c = ndpi_init_data_analysis(DATA_ANALUYSIS_SLIDING_WINDOW); + if(version == IPVERSION) { inet_ntop(AF_INET, &newflow->src_ip, newflow->src_name, sizeof(newflow->src_name)); inet_ntop(AF_INET, &newflow->dst_ip, newflow->dst_name, sizeof(newflow->dst_name)); @@ -978,9 +985,11 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if(src_to_dst_direction) { flow->src2dst_packets++, flow->src2dst_bytes += rawsize; flow->src2dst_l4_bytes += payload_len; + // ndpi_data_add_value(flow->bytes_c_to_s, rawsize); } else { flow->dst2src_packets++, flow->dst2src_bytes += rawsize; flow->dst2src_l4_bytes += payload_len; + // ndpi_data_add_value(flow->bytes_s_to_c, rawsize); } if(enable_payload_analyzer && (payload_len > 0)) diff --git a/example/reader_util.h b/example/reader_util.h index cf6acc7ec..62001d527 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -145,6 +145,9 @@ typedef struct ndpi_flow_info { // result only, not used for flow identification ndpi_protocol detected_protocol; + // Flow data analysis + struct ndpi_analyze_struct *bytes_c_to_s, *bytes_s_to_c; + char info[96]; char host_server_name[256]; char bittorent_hash[41]; |