diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 20 | ||||
| -rw-r--r-- | example/ndpi_util.c | 75 | ||||
| -rw-r--r-- | example/ndpi_util.h | 1 |
3 files changed, 45 insertions, 51 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a7aa79e17..1a5dbbfd0 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -763,6 +763,24 @@ static char* print_cipher(ndpi_cipher_weakness c) { return(""); } } + +/* ********************************** */ + +static char* ssl_version2str(u_int16_t version) { + static char v[8]; + + switch(version) { + case 0x300: return("SSLv3"); + case 0x301: return("TLSv1"); + case 0x302: return("TLSv1.1"); + case 0x303: return("TLSv1.2"); + case 0x304: return("TLSv1.3"); + } + + snprintf(v, sizeof(v), "%04X", version); + return(v); +} + /* ********************************** */ /** @@ -819,7 +837,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); - + if(flow->ssh_ssl.ssl_version != 0) fprintf(out, "[%s]", ssl_version2str(flow->ssh_ssl.ssl_version)); if(flow->ssh_ssl.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_ssl.ja3_client, print_cipher(flow->ssh_ssl.client_unsafe_cipher)); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 2c05ddcd1..4b8ffb894 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -562,6 +562,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl /* SSL */ else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + flow->ssh_ssl.ssl_version = flow->ndpi_flow->protos.stun_ssl.ssl.ssl_version; snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.client_certificate); snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", @@ -576,7 +577,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } - if(flow->detection_completed && !flow->check_extra_packets) { + if(flow->detection_completed && (!flow->check_extra_packets)) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { if(workflow->__flow_giveup_callback != NULL) workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); @@ -646,63 +647,37 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, return(nproto); } - /* The lines below are no longer necessary as this hsould be called automatically by ndpi_detection_process_packet */ -#if 0 - /* Protocol already detected */ - if(flow->detection_completed) { - if(flow->check_extra_packets && ndpi_flow != NULL && ndpi_flow->check_extra_packets) { - if(ndpi_flow->num_extra_packets_checked == 0 && ndpi_flow->max_extra_packets_to_check == 0) { - /* Protocols can set this, but we set it here in case they didn't */ - ndpi_flow->max_extra_packets_to_check = MAX_EXTRA_PACKETS_TO_CHECK; - } - if(ndpi_flow->num_extra_packets_checked < ndpi_flow->max_extra_packets_to_check) { - ndpi_process_extra_packet(workflow->ndpi_struct, ndpi_flow, - iph ? (uint8_t *)iph : (uint8_t *)iph6, - ipsize, time, src, dst); - if(ndpi_flow->check_extra_packets == 0) { - flow->check_extra_packets = 0; - process_ndpi_collected_info(workflow, flow); - } - } - } else if(ndpi_flow != NULL) { - /* If this wasn't NULL we should do the half free */ - /* TODO: When half_free is deprecated, get rid of this */ - ndpi_free_flow_info_half(flow); - } - - return(flow->detected_protocol); - } -#endif + if(!flow->detection_completed) { + flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, + iph ? (uint8_t *)iph : (uint8_t *)iph6, + ipsize, time, src, dst); - flow->detected_protocol = - ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, - iph ? (uint8_t *)iph : (uint8_t *)iph6, - ipsize, time, src, dst); - - if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) - || ((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > 8)) - || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) { - /* New protocol detected or give up */ - flow->detection_completed = 1; - /* Check if we should keep checking extra packets */ - if(ndpi_flow && ndpi_flow->check_extra_packets) - flow->check_extra_packets = 1; - - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, - enable_protocol_guess); + if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) + || ((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > 8)) + || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) { + /* New protocol detected or give up */ + flow->detection_completed = 1; - process_ndpi_collected_info(workflow, flow); - } + /* Check if we should keep checking extra packets */ + if(ndpi_flow && ndpi_flow->check_extra_packets) + flow->check_extra_packets = 1; + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, + enable_protocol_guess); + + process_ndpi_collected_info(workflow, flow); + } + } + return(flow->detected_protocol); } /* ****************************************************** */ -struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet) { +struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet) { /* * Declare pointers to packet headers */ diff --git a/example/ndpi_util.h b/example/ndpi_util.h index a1b61454d..538753834 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -97,6 +97,7 @@ typedef struct ndpi_flow_info { char bittorent_hash[41]; struct { + u_int16_t ssl_version; char client_info[64], server_info[64], server_organization[64], ja3_client[33], ja3_server[33]; ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; |