diff options
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_api.h | 24 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 4 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 32 |
4 files changed, 45 insertions, 17 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 20dd048ad..94e835557 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -681,12 +681,12 @@ extern "C" { * * @par ndpi_struct = the detection module * @par flow = the detected flow - * @par certificate = the ssl certificate + * @par certificate = the SSL/TLS certificate * @return 1 if the flow is TOR; * 0 else * */ - int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, + int ndpi_is_tls_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate); /* Wrappers functions */ @@ -774,8 +774,9 @@ extern "C" { /* LRU cache */ struct ndpi_lru_cache* ndpi_lru_cache_init(u_int32_t num_entries); void ndpi_lru_free_cache(struct ndpi_lru_cache *c); - u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int8_t clean_key_when_found); - void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key); + u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, + u_int16_t *value, u_int8_t clean_key_when_found); + void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t value); /** * Add a string to match to an automata @@ -833,15 +834,24 @@ extern "C" { u_int32_t key, const char *value); int ndpi_serialize_string_uint32(ndpi_serializer *serializer, const char *key, u_int32_t value); + int ndpi_serialize_string_uint32_format(ndpi_serializer *serializer, + const char *key, u_int32_t value, + const char *format); int ndpi_serialize_string_uint64(ndpi_serializer *serializer, const char *key, u_int64_t value); int ndpi_serialize_string_string(ndpi_serializer *serializer, const char *key, const char *value); + int ndpi_serialize_string_float(ndpi_serializer *serializer, + const char *key, float value, + const char *format /* e.f. "%.2f" */); int ndpi_serialize_end_of_record(ndpi_serializer *serializer); - + char* ndpi_serializer_get_buffer(ndpi_serializer *_serializer, u_int32_t *buffer_len); + u_int32_t ndpi_serializer_get_buffer_len(ndpi_serializer *_serializer); + /* Deserializer */ int ndpi_init_deserializer(ndpi_deserializer *deserializer, - ndpi_serializer *serializer); + ndpi_serializer *serializer); + void ndpi_serializer_set_csv_separator(ndpi_serializer *serializer, char separator); int ndpi_init_deserializer_buf(ndpi_deserializer *deserializer, u_int8_t *serialized_buffer, u_int32_t serialized_buffer_len); @@ -864,6 +874,8 @@ extern "C" { ndpi_string *key, u_int64_t *value); int ndpi_deserialize_string_string(ndpi_deserializer *deserializer, ndpi_string *key, ndpi_string *value); + int ndpi_deserialize_string_float(ndpi_deserializer *deserializer, + ndpi_string *key, float *value); int ndpi_deserialize_end_of_record(ndpi_deserializer *deserializer); #ifdef __cplusplus diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 4ad618e3e..d988cd140 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -98,7 +98,7 @@ typedef enum { NDPI_PROTOCOL_QQLIVE = 61, NDPI_PROTOCOL_THUNDER = 62, NDPI_PROTOCOL_SOULSEEK = 63, - NDPI_PROTOCOL_SSL_NO_CERT = 64, + NDPI_PROTOCOL_TLS_NO_CERT = 64, NDPI_PROTOCOL_IRC = 65, NDPI_PROTOCOL_AYIYA = 66, NDPI_PROTOCOL_UNENCRYPTED_JABBER = 67, @@ -125,7 +125,7 @@ typedef enum { NDPI_PROTOCOL_RDP = 88, NDPI_PROTOCOL_VNC = 89, NDPI_PROTOCOL_PCANYWHERE = 90, - NDPI_PROTOCOL_SSL = 91, + NDPI_PROTOCOL_TLS = 91, NDPI_PROTOCOL_SSH = 92, NDPI_PROTOCOL_USENET = 93, NDPI_PROTOCOL_MGCP = 94, diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 187fbec13..cb96270f1 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -312,7 +312,7 @@ void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); -void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_tls_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index e240f7847..019d50155 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -411,8 +411,14 @@ typedef enum { NDPI_HTTP_METHOD_CONNECT } ndpi_http_method; +struct ndpi_lru_cache_entry { + u_int32_t key; /* Store the whole key to avoid ambiguities */ + u_int32_t is_full:1, value:16, pad:15; +}; + struct ndpi_lru_cache { - u_int32_t num_entries, *entries; + u_int32_t num_entries; + struct ndpi_lru_cache_entry *entries; }; struct ndpi_id_struct { @@ -584,7 +590,7 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_TELNET */ u_int32_t telnet_stage:2; // 0 - 2 - /* NDPI_PROTOCOL_SSL */ + /* NDPI_PROTOCOL_TLS */ u_int8_t ssl_seen_client_cert:1, ssl_seen_server_cert:1, ssl_seen_certificate:1, @@ -777,8 +783,7 @@ struct ndpi_packet_struct { u_int8_t ssl_certificate_detected:4, ssl_certificate_num_checks:4; u_int8_t packet_lines_parsed_complete:1, - packet_direction:1, - empty_line_position_set:1; + packet_direction:1, empty_line_position_set:1, pad:5; }; struct ndpi_detection_module_struct; @@ -805,7 +810,8 @@ typedef enum { NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn't provide risks, but could be malicious (e.g., Dropbox) */ NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */ - NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Surely is dangerous (ex. Tor). Be prepared to troubles */ + NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Possibly dangerous (ex. Tor). */ + NDPI_PROTOCOL_DANGEROUS, /* Surely is dangerous (ex. smbv1). Be prepared to troubles */ NDPI_PROTOCOL_TRACKER_ADS, /* Trackers, Advertisements... */ NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */ } ndpi_protocol_breed_t; @@ -1061,6 +1067,9 @@ struct ndpi_detection_module_struct { /* NDPI_PROTOCOL_TINC */ struct cache *tinc_cache; + /* NDPI_PROTOCOL_STUN and subprotocols */ + struct ndpi_lru_cache *stun_cache; + ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; u_int8_t http_dont_dissect_response:1, dns_dont_dissect_response:1, @@ -1161,11 +1170,12 @@ struct ndpi_flow_struct { u_int8_t num_udp_pkts, num_processed_pkts, num_binding_requests, is_skype; } stun; - /* We can have STUN over SSL thus they need to live together */ + /* We can have STUN over SSL/TLS thus they need to live together */ } stun_ssl; struct { char client_signature[48], server_signature[48]; + char hassh_client[33], hassh_server[33]; } ssh; struct { @@ -1310,6 +1320,7 @@ typedef enum { ndpi_serialization_format_unknown = 0, ndpi_serialization_format_tlv, ndpi_serialization_format_json, + ndpi_serialization_format_csv } ndpi_serialization_format; typedef enum { @@ -1322,6 +1333,7 @@ typedef enum { ndpi_serialization_string_int64, ndpi_serialization_string_uint32, ndpi_serialization_string_uint64, + ndpi_serialization_string_float, ndpi_serialization_string_string, } ndpi_serialization_element_type; @@ -1334,8 +1346,12 @@ typedef struct { ndpi_serialization_format fmt; u_int32_t status; u_int8_t *buffer; - char *json_buffer; -} ndpi_serializer; + char csv_separator[2]; +} ndpi_private_serializer; + +#define ndpi_private_deserializer ndpi_private_serializer + +typedef struct { char c[sizeof(ndpi_private_serializer)]; } ndpi_serializer; #define ndpi_deserializer ndpi_serializer |