diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 6 | ||||
| -rw-r--r-- | src/lib/protocols/mining.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c7d88fe0f..d2bcfcd81 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1166,13 +1166,16 @@ struct ndpi_flow_struct { struct ndpi_flow_udp_struct udp; } l4; + /* Place textual flow info here */ + char flow_extra_info[16]; + /* Pointer to src or dst that identifies the server of this connection */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[256]; + u_char host_server_name[240]; /* This structure below will not not stay inside the protos @@ -1199,7 +1202,6 @@ struct ndpi_flow_struct { u_int16_t pktbuf_maxlen, pktbuf_currlen; } kerberos_buf; - union { /* the only fields useful for nDPI and ntopng */ struct { diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c index aaedf6c6d..29a894c39 100644 --- a/src/lib/protocols/mining.c +++ b/src/lib/protocols/mining.c @@ -77,6 +77,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t magic = htonl(0xf9beb4d9), magic1 = htonl(0xfabfb5da), *to_match = (u_int32_t*)packet->payload; if((*to_match == magic) || (*to_match == magic1)) { + snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); } } @@ -85,6 +86,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload_packet_len < 600) && (packet->tcp->dest == htons(30303) /* Ethereum port */) && (packet->payload[2] == 0x04)) { + snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len) && ( @@ -99,6 +101,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, { "id": 2, "jsonrpc":"2.0","result":true} {"worker": "", "jsonrpc": "2.0", "params": [], "id": 3, "method": "eth_getWork"} */ + snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len) && (ndpi_strnstr((const char *)packet->payload, "\"method\":", packet->payload_packet_len) @@ -119,6 +122,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"479059546883218","job":{"blob":"0606e89883d205a65d8ee78991838a1cf3ec2ebbc5fb1fa43dec5fa1cd2bee4069212a549cd731000000005a88235653097aa3e97ef2ceef4aee610751a828f9be1a0758a78365fb0a4c8c05","job_id":"722134174127131","target":"dc460300"},"status":"OK"}} {"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1} */ + snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); } } |