diff options
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_api.h.in | 8 | ||||
| -rw-r--r-- | src/include/ndpi_main.h | 4 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 43 |
3 files changed, 45 insertions, 10 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in index 2db7a4c0e..a069d0571 100644 --- a/src/include/ndpi_api.h.in +++ b/src/include/ndpi_api.h.in @@ -302,6 +302,7 @@ extern "C" { * @par packet = unsigned char pointer to the Layer 3 (IP header) * @par packetlen = the length of the packet * @par packet_time_ms = the current timestamp for the packet (expressed in msec) + * @par input_info = (optional) flow information provided by the (external) flow manager * @return void * */ @@ -309,7 +310,8 @@ extern "C" { struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, - const u_int64_t packet_time_ms); + const u_int64_t packet_time_ms, + const struct ndpi_flow_input_info *input_info); /** * Processes one packet and returns the ID of the detected protocol. @@ -320,6 +322,7 @@ extern "C" { * @par packet = unsigned char pointer to the Layer 3 (IP header) * @par packetlen = the length of the packet * @par packet_time_ms = the current timestamp for the packet (expressed in msec) + * @par input_info = (optional) flow information provided by the (external) flow manager * @return the detected ID of the protocol * */ @@ -327,7 +330,8 @@ extern "C" { struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, - const u_int64_t packet_time_ms); + const u_int64_t packet_time_ms, + const struct ndpi_flow_input_info *input_info); /** * Get the main protocol of the passed flows for the detected module * diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 071097d99..355b9a086 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -167,6 +167,10 @@ extern "C" { int64_t ndpi_asn1_ber_decode_length(const unsigned char *payload, int payload_len, u_int16_t *value_len); + int ndpi_current_pkt_from_client_to_server(const struct ndpi_packet_struct *packet, const struct ndpi_flow_struct *flow); + int ndpi_current_pkt_from_server_to_client(const struct ndpi_packet_struct *packet, const struct ndpi_flow_struct *flow); + int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow); + #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index bcbdab296..9928ce321 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -528,6 +528,31 @@ struct ndpi_vxlanhdr { } PACK_OFF; /* ************************************************************ */ + +/** + * The application might inform the library about client/server direction + */ +#define NDPI_IN_PKT_DIR_UNKNOWN 0 /**< The application doesn't provide this kind of information */ +#define NDPI_IN_PKT_DIR_C_TO_S 1 /**< Current packet is from client to server */ +#define NDPI_IN_PKT_DIR_S_TO_C 2 /**< Current packet is from server to client */ + +/** + * The application might choose to not pass TCP handshake packets to the library + * (for performance reasons), but it might want to inform the library itlsef that these + * packets have been captured/seen anyway (to avoid losing classifiation capabilities). + */ +#define NDPI_FLOW_BEGINNING_UNKNOWN 0 /**< The application doesn't provide this kind of information */ +#define NDPI_FLOW_BEGINNING_SEEN 1 /**< The application informs the library that the TCP handshake has been seen (even if its packets might not have been passed to the library) */ +#define NDPI_FLOW_BEGINNING_NOT_SEEN 2 /**< The application informs the library that the TCP handshake has not been seen */ + +/** + * Optional information about flow management (per packet) + */ +struct ndpi_flow_input_info { + unsigned char in_pkt_dir; + unsigned char seen_flow_beginning; +}; + /* ******************* ********************* ****************** */ /* ************************************************************ */ @@ -1150,6 +1175,7 @@ struct ndpi_detection_module_struct { /* Current packet */ struct ndpi_packet_struct packet; + const struct ndpi_flow_input_info *input_info; }; #endif /* NDPI_LIB_COMPILATION */ @@ -1182,7 +1208,7 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category, guessed_header_category; u_int8_t l4_proto, protocol_id_already_guessed:1, host_already_guessed:1, fail_with_unknown:1, - init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1, is_ipv6:1; + init_finished:1, client_packet_direction:1, packet_direction:1, check_extra_packets:1, is_ipv6:1; u_int16_t num_dissector_calls; ndpi_confidence_t confidence; /* ndpi_confidence_t */ @@ -1192,14 +1218,15 @@ struct ndpi_flow_struct { */ u_int32_t next_tcp_seq_nr[2]; - /* Flow addresses (used mainly for LRU lookups in ndpi_detection_giveup()) - and ports. All in *network* byte order - - TODO - - IPv6. Note that LRU is ipv4 only, for the time being + /* Flow addresses (useful for LRU lookups in ndpi_detection_giveup()) + and ports. All in *network* byte order. + Client and server. */ - u_int32_t saddr, daddr; - u_int16_t sport, dport; + union { + u_int32_t v4; + u_int8_t v6[16]; + } c_address, s_address; /* For some unknown reasons, x86_64-w64-mingw32-gcc doesn't like the name "s_addr" */ + u_int16_t c_port, s_port; // ----------------------------------------- |