aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/ndpi_main.c')
-rw-r--r--src/lib/ndpi_main.c100
1 files changed, 34 insertions, 66 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 47012f93f..90c65d53a 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2613,8 +2613,8 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
ndpi_str->common_alpns_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
load_common_alpns(ndpi_str);
ndpi_str->tls_cert_subject_automa.ac_automa = ac_automata_init(NULL);
- ndpi_str->malicious_ja3_automa.ac_automa = NULL; /* Initialized on demand */
- ndpi_str->malicious_sha1_automa.ac_automa = NULL; /* Initialized on demand */
+ ndpi_str->malicious_ja3_hashmap = NULL; /* Initialized on demand */
+ ndpi_str->malicious_sha1_hashmap = NULL; /* Initialized on demand */
ndpi_str->risky_domain_automa.ac_automa = NULL; /* Initialized on demand */
ndpi_str->trusted_issuer_dn = NULL;
@@ -2744,42 +2744,19 @@ void ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str)
if(ndpi_str->ac_automa_finalized) return;
- for(i = 0; i < 99; i++) {
- ndpi_automa *automa;
+ ndpi_automa * const automa[] = { &ndpi_str->host_automa,
+ &ndpi_str->tls_cert_subject_automa,
+ &ndpi_str->host_risk_mask_automa,
+ &ndpi_str->common_alpns_automa };
- switch(i) {
- case 0:
- automa = &ndpi_str->host_automa;
- break;
-
- case 1:
- automa = &ndpi_str->tls_cert_subject_automa;
- break;
-
- case 2:
- automa = &ndpi_str->malicious_ja3_automa;
- break;
-
- case 3:
- automa = &ndpi_str->malicious_sha1_automa;
- break;
-
- case 4:
- automa = &ndpi_str->host_risk_mask_automa;
- break;
-
- case 5:
- automa = &ndpi_str->common_alpns_automa;
- break;
-
- default:
- ndpi_str->ac_automa_finalized = 1;
- return;
- }
+ for(i = 0; i < NDPI_ARRAY_LENGTH(automa); ++i) {
+ ndpi_automa *a = automa[i];
- if(automa && automa->ac_automa)
- ac_automata_finalize((AC_AUTOMATA_t *) automa->ac_automa);
+ if(a && a->ac_automa)
+ ac_automata_finalize((AC_AUTOMATA_t *) a->ac_automa);
}
+
+ ndpi_str->ac_automa_finalized = 1;
}
/* *********************************************** */
@@ -3028,13 +3005,11 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
if(ndpi_str->tls_cert_subject_automa.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->tls_cert_subject_automa.ac_automa, 0);
- if(ndpi_str->malicious_ja3_automa.ac_automa != NULL)
- ac_automata_release((AC_AUTOMATA_t *) ndpi_str->malicious_ja3_automa.ac_automa,
- 1 /* free patterns strings memory */);
+ if(ndpi_str->malicious_ja3_hashmap != NULL)
+ ndpi_hash_free(&ndpi_str->malicious_ja3_hashmap, NULL);
- if(ndpi_str->malicious_sha1_automa.ac_automa != NULL)
- ac_automata_release((AC_AUTOMATA_t *) ndpi_str->malicious_sha1_automa.ac_automa,
- 1 /* free patterns strings memory */);
+ if(ndpi_str->malicious_sha1_hashmap != NULL)
+ ndpi_hash_free(&ndpi_str->malicious_sha1_hashmap, NULL);
if(ndpi_str->custom_categories.hostnames.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->custom_categories.hostnames.ac_automa,
@@ -3660,14 +3635,12 @@ int ndpi_load_risk_domain_file(struct ndpi_detection_module_struct *ndpi_str, co
*
*/
int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str, const char *path) {
- char buffer[128], *line, *str;
+ char buffer[128], *line;
FILE *fd;
int len, num = 0;
- if(ndpi_str->malicious_ja3_automa.ac_automa == NULL)
- ndpi_str->malicious_ja3_automa.ac_automa = ac_automata_init(NULL);
- if(ndpi_str->malicious_ja3_automa.ac_automa)
- ac_automata_name(ndpi_str->malicious_ja3_automa.ac_automa,"ja3",0);
+ if(ndpi_str->malicious_ja3_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_ja3_hashmap) != 0)
+ return(-1);
fd = fopen(path, "r");
@@ -3694,13 +3667,14 @@ int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str,
if((comma = strchr(line, ',')) != NULL)
comma[0] = '\0';
- str = ndpi_strdup(line);
- if (str == NULL) {
- NDPI_LOG_ERR(ndpi_str, "Memory allocation failure\n");
- return -1;
- };
+ len = strlen(line);
+
+ if(len != 32 /* size of MD5 hash */) {
+ NDPI_LOG_ERR(ndpi_str, "Not a JA3 md5 hash: [%s]\n", line);
+ continue;
+ }
- if(ndpi_add_string_to_automa(ndpi_str->malicious_ja3_automa.ac_automa, str) >= 0)
+ if(ndpi_hash_add_entry(&ndpi_str->malicious_ja3_hashmap, line, len, NULL) == 0)
num++;
}
@@ -3722,15 +3696,13 @@ int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str,
int ndpi_load_malicious_sha1_file(struct ndpi_detection_module_struct *ndpi_str, const char *path)
{
char buffer[128];
- char *first_comma, *second_comma, *str;
+ char *first_comma, *second_comma;
FILE *fd;
size_t i, len;
int num = 0;
- if (ndpi_str->malicious_sha1_automa.ac_automa == NULL)
- ndpi_str->malicious_sha1_automa.ac_automa = ac_automata_init(NULL);
- if(ndpi_str->malicious_sha1_automa.ac_automa)
- ac_automata_name(ndpi_str->malicious_sha1_automa.ac_automa,"sha1",0);
+ if (ndpi_str->malicious_sha1_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_sha1_hashmap) != 0)
+ return(-1);
fd = fopen(path, "r");
@@ -3756,20 +3728,16 @@ int ndpi_load_malicious_sha1_file(struct ndpi_detection_module_struct *ndpi_str,
second_comma = &buffer[len - 1];
}
- if ((second_comma - first_comma) != 40)
- continue;
second_comma[0] = '\0';
+ if ((second_comma - first_comma) != 40) {
+ NDPI_LOG_ERR(ndpi_str, "Not a SSL certificate sha1 hash: [%s]\n", first_comma);
+ continue;
+ }
for (i = 0; i < 40; ++i)
first_comma[i] = toupper(first_comma[i]);
- str = ndpi_strdup(first_comma);
- if (str == NULL) {
- NDPI_LOG_ERR(ndpi_str, "Memory allocation failure\n");
- return -1;
- };
-
- if (ndpi_add_string_to_automa(ndpi_str->malicious_sha1_automa.ac_automa, str) >= 0)
+ if(ndpi_hash_add_entry(&ndpi_str->malicious_sha1_hashmap, first_comma, second_comma - first_comma, NULL) == 0)
num++;
}
Powered by cgit, Themed by Ted Yin.