aboutsummaryrefslogtreecommitdiff
path: root/example
diff options
context:
space:
mode:
Diffstat (limited to 'example')
-rw-r--r--example/ndpiReader.c17
-rw-r--r--example/reader_util.c21
-rw-r--r--example/reader_util.h12
3 files changed, 26 insertions, 24 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 3dd18d857..30eda2532 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -997,10 +997,19 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info);
-#if 0
- if(flow->entropy.pktlen_c_to_s || flow->entropy.pktlen_s_to_c)
- fprintf(out, "[pktlen entropy: %.2f / %.2f]", flow->entropy.pktlen_c_to_s, flow->entropy.pktlen_s_to_c);
-#endif
+ if(flow->pktlen_c_to_s && flow->pktlen_s_to_c) {
+ fprintf(out, "[pktlen c2s avg(stddev)/entropy: %.1f(%.1f)/%.1f]",
+ ndpi_data_entropy(flow->pktlen_c_to_s),
+ ndpi_data_average(flow->pktlen_c_to_s),
+ ndpi_data_stddev(flow->pktlen_c_to_s));
+
+ fprintf(out, "[pktlen s2c avg(stddev)/entropy: %.1f(%.1f)/%.1f]",
+ ndpi_data_entropy(flow->pktlen_s_to_c),
+ ndpi_data_average(flow->pktlen_s_to_c),
+ ndpi_data_stddev(flow->pktlen_s_to_c));
+ }
+
+ fprintf(out, "[bytes ratio: %.2f]", ndpi_data_ratio(flow->src2dst_bytes, flow->dst2src_bytes));
if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version));
if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_tls.client_info);
diff --git a/example/reader_util.c b/example/reader_util.c
index 854471e63..9db5ccb82 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -399,11 +399,11 @@ void ndpi_flow_info_freer(void *node) {
ndpi_free_flow_info_half(flow);
- if(flow->bytes_c_to_s)
- ndpi_free_data_analysis(flow->bytes_c_to_s);
+ if(flow->pktlen_c_to_s)
+ ndpi_free_data_analysis(flow->pktlen_c_to_s);
- if(flow->bytes_s_to_c)
- ndpi_free_data_analysis(flow->bytes_s_to_c);
+ if(flow->pktlen_s_to_c)
+ ndpi_free_data_analysis(flow->pktlen_s_to_c);
ndpi_free(flow);
}
@@ -703,8 +703,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
newflow->src_ip = iph->saddr, newflow->dst_ip = iph->daddr;
newflow->src_port = htons(*sport), newflow->dst_port = htons(*dport);
newflow->ip_version = version;
- newflow->bytes_c_to_s = ndpi_init_data_analysis(DATA_ANALUYSIS_SLIDING_WINDOW),
- newflow->bytes_s_to_c = ndpi_init_data_analysis(DATA_ANALUYSIS_SLIDING_WINDOW);
+ newflow->pktlen_c_to_s = ndpi_init_data_analysis(DATA_ANALUYSIS_SLIDING_WINDOW),
+ newflow->pktlen_s_to_c = ndpi_init_data_analysis(DATA_ANALUYSIS_SLIDING_WINDOW);
if(version == IPVERSION) {
inet_ntop(AF_INET, &newflow->src_ip, newflow->src_name, sizeof(newflow->src_name));
@@ -842,7 +842,6 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo
/* ****************************************************** */
void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) {
-
if(enable_joy_stats) {
/* Update SPLT scores. */
@@ -870,10 +869,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s",
flow->ndpi_flow->host_server_name);
- if(flow->bytes_c_to_s) flow->entropy.pktlen_c_to_s = ndpi_entropy(flow->bytes_c_to_s);
-
- if(flow->bytes_s_to_c) flow->entropy.pktlen_s_to_c = ndpi_entropy(flow->bytes_s_to_c);
-
if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_DHCP) {
snprintf(flow->dhcp_fingerprint, sizeof(flow->dhcp_fingerprint), "%s", flow->ndpi_flow->protos.dhcp.fingerprint);
} else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) {
@@ -994,11 +989,11 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
if(src_to_dst_direction) {
flow->src2dst_packets++, flow->src2dst_bytes += rawsize;
flow->src2dst_l4_bytes += payload_len;
- if(flow->bytes_c_to_s) ndpi_data_add_value(flow->bytes_c_to_s, rawsize);
+ if(flow->pktlen_c_to_s) ndpi_data_add_value(flow->pktlen_c_to_s, rawsize);
} else {
flow->dst2src_packets++, flow->dst2src_bytes += rawsize;
flow->dst2src_l4_bytes += payload_len;
- if(flow->bytes_s_to_c) ndpi_data_add_value(flow->bytes_s_to_c, rawsize);
+ if(flow->pktlen_s_to_c) ndpi_data_add_value(flow->pktlen_s_to_c, rawsize);
}
if(enable_payload_analyzer && (payload_len > 0))
diff --git a/example/reader_util.h b/example/reader_util.h
index ce06959c5..1ca498299 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -120,7 +120,9 @@ typedef struct ndpi_ja3_fingerprints_host{
UT_hash_handle hh;
} ndpi_ja3_fingerprints_host;
-
+struct flow_metrics {
+ float entropy, average, stddev;
+};
// flow tracking
typedef struct ndpi_flow_info {
@@ -146,8 +148,8 @@ typedef struct ndpi_flow_info {
ndpi_protocol detected_protocol;
// Flow data analysis
- struct ndpi_analyze_struct *bytes_c_to_s, *bytes_s_to_c;
-
+ struct ndpi_analyze_struct *pktlen_c_to_s, *pktlen_s_to_c;
+
char info[96];
char host_server_name[256];
char bittorent_hash[41];
@@ -162,10 +164,6 @@ typedef struct ndpi_flow_info {
u_int16_t server_cipher;
ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher;
} ssh_tls;
-
- struct {
- float pktlen_c_to_s, pktlen_s_to_c;
- } entropy;
void *src_id, *dst_id;
Powered by cgit, Themed by Ted Yin.