diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h.in | 39 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 21 | ||||
| -rw-r--r-- | src/lib/ndpi_analyze.c | 83 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 5 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 14 |
6 files changed, 143 insertions, 21 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in index d97d40bdc..f94091cc8 100644 --- a/src/include/ndpi_api.h.in +++ b/src/include/ndpi_api.h.in @@ -280,13 +280,13 @@ extern "C" { * (like SSL getting both client and server certificate even if we already know after * seeing the client certificate what the protocol is) * - * @par ndpi_struct = the detection module - * @par flow = pointer to the connection state machine - * @par packet = unsigned char pointer to the Layer 3 (IP header) - * @par packetlen = the length of the packet - * @par current_tick = the current timestamp for the packet - * @par src = pointer to the source subscriber state machine - * @par dst = pointer to the destination subscriber state machine + * @par ndpi_struct = the detection module + * @par flow = pointer to the connection state machine + * @par packet = unsigned char pointer to the Layer 3 (IP header) + * @par packetlen = the length of the packet + * @par packet_time_ms = the current timestamp for the packet (expressed in msec) + * @par src = pointer to the source subscriber state machine + * @par dst = pointer to the destination subscriber state machine * @return void * */ @@ -294,7 +294,7 @@ extern "C" { struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, - const u_int64_t current_tick, + const u_int64_t packet_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst); @@ -302,13 +302,13 @@ extern "C" { * Processes one packet and returns the ID of the detected protocol. * This is the MAIN PACKET PROCESSING FUNCTION. * - * @par ndpi_struct = the detection module - * @par flow = pointer to the connection state machine - * @par packet = unsigned char pointer to the Layer 3 (IP header) - * @par packetlen = the length of the packet - * @par current_tick = the current timestamp for the packet - * @par src = pointer to the source subscriber state machine - * @par dst = pointer to the destination subscriber state machine + * @par ndpi_struct = the detection module + * @par flow = pointer to the connection state machine + * @par packet = unsigned char pointer to the Layer 3 (IP header) + * @par packetlen = the length of the packet + * @par packet_time_ms = the current timestamp for the packet (expressed in msec) + * @par src = pointer to the source subscriber state machine + * @par dst = pointer to the destination subscriber state machine * @return the detected ID of the protocol * */ @@ -316,7 +316,7 @@ extern "C" { struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, - const u_int64_t current_tick, + const u_int64_t packet_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst); /** @@ -1064,6 +1064,13 @@ extern "C" { /* Get cardinality estimation */ double ndpi_hll_count(struct ndpi_hll *hll); + + /* ******************************* */ + + int ndpi_init_bin(struct ndpi_bin *b, enum ndpi_bin_family f, u_int8_t num_bins); + void ndpi_free_bin(struct ndpi_bin *b); + void ndpi_inc_bin(struct ndpi_bin *b, u_int8_t slot_id); + void ndpi_normalize_bin(struct ndpi_bin *b); #ifdef __cplusplus } diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 79288e5bc..3784f995a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1498,4 +1498,25 @@ struct ndpi_hll { u_int8_t *registers; }; +/* **************************************** */ + +enum ndpi_bin_family { + ndpi_bin_family8, + ndpi_bin_family16, + ndpi_bin_family32 +}; + +struct ndpi_bin { + u_int8_t num_bins; + enum ndpi_bin_family family; + u_int32_t num_incs; + + union { + u_int8_t *bins8; /* num_bins bins */ + u_int16_t *bins16; /* num_bins bins */ + u_int32_t *bins32; /* num_bins bins */ + } u; +}; + + #endif /* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index 2d7e11abc..e1f37cc8d 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -233,3 +233,86 @@ void ndpi_hll_add_number(struct ndpi_hll *hll, u_int32_t value) { double ndpi_hll_count(struct ndpi_hll *hll) { return(hll_count(hll)); } + +/* ********************************************************************************* */ +/* ********************************************************************************* */ + +int ndpi_init_bin(struct ndpi_bin *b, enum ndpi_bin_family f, u_int8_t num_bins) { + b->num_bins = num_bins, b->family = f, b->num_incs = 0; + + switch(f) { + case ndpi_bin_family8: + if((b->u.bins8 = (u_int8_t*)calloc(num_bins, sizeof(u_int8_t))) == NULL) + return(-1); + break; + + case ndpi_bin_family16: + if((b->u.bins16 = (u_int16_t*)calloc(num_bins, sizeof(u_int16_t))) == NULL) + return(-1); + break; + + case ndpi_bin_family32: + if((b->u.bins32 = (u_int32_t*)calloc(num_bins, sizeof(u_int32_t))) == NULL) + return(-1); + break; + } + + return(0); +} + +void ndpi_free_bin(struct ndpi_bin *b) { + switch(b->family) { + case ndpi_bin_family8: + free(b->u.bins8); + break; + case ndpi_bin_family16: + free(b->u.bins16); + break; + case ndpi_bin_family32: + free(b->u.bins32); + break; + } +} + +void ndpi_inc_bin(struct ndpi_bin *b, u_int8_t slot_id) { + if(slot_id >= b->num_bins) slot_id = 0; + + b->num_incs += 1; + + switch(b->family) { + case ndpi_bin_family8: + b->u.bins8[slot_id]++; + break; + case ndpi_bin_family16: + b->u.bins16[slot_id]++; + break; + case ndpi_bin_family32: + b->u.bins32[slot_id]++; + break; + } +} + +/* + Each bin slot is transformed in a % with respect to the value total + */ +void ndpi_normalize_bin(struct ndpi_bin *b) { + u_int8_t i; + + if(b->num_incs == 0) return; + + switch(b->family) { + case ndpi_bin_family8: + for(i=0; i<b->num_bins; i++) + b->u.bins8[i] = (b->u.bins8[i]*100) / b->num_incs; + break; + case ndpi_bin_family16: + for(i=0; i<b->num_bins; i++) + b->u.bins16[i] = (b->u.bins16[i]*100) / b->num_incs; + break; + case ndpi_bin_family32: + for(i=0; i<b->num_bins; i++) + b->u.bins32[i] = (b->u.bins32[i]*100) / b->num_incs; + break; + } +} + diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7828c50f7..eec1156dd 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -9277,6 +9277,7 @@ static const char *ndpi_en_bigrams[] = { /* ******************************************************************** */ +#if 0 static const char *ndpi_en_popular_bigrams[] = { "th", "he", "in", "er", "an", "re", "on", "at", "en", "nd", "ti", "es", "or", "te", "of", "ed", "is", "it", "al", "ar", "st", "to", "nt", "ng", "se", "ha", "as", "ou", "io", "le", "ve", "co", "me", "de", "hi", "ri", @@ -9317,6 +9318,7 @@ static const char *ndpi_en_popular_bigrams[] = { "gq", "vk", "zj", "xk", "qp", "hx", "fz", "qh", "qj", "jz", "vq", "kq", "xd", "qw", "jx", "qx", "kz", "wx", "fq", "xz", "zx", "jq", "qg", "qk", "qy", "qz", "wq", "wz", NULL }; +#endif /* ******************************************************************** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a44107679..7799db0c1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -131,7 +131,7 @@ void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { /* ****************************************** */ char *ndpi_strdup(const char *s) { - if( s == NULL ){ + if(s == NULL ){ return NULL; } @@ -4336,7 +4336,8 @@ static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) { packet->accept_line.len = 0, packet->user_agent_line.ptr = NULL, packet->user_agent_line.len = 0, packet->http_url_name.ptr = NULL, packet->http_url_name.len = 0, packet->http_encoding.ptr = NULL, packet->http_encoding.len = 0, packet->http_transfer_encoding.ptr = NULL, packet->http_transfer_encoding.len = 0, - packet->http_contentlen.ptr = NULL, packet->http_contentlen.len = 0, packet->http_cookie.ptr = NULL, + packet->http_contentlen.ptr = NULL, packet->http_contentlen.len = 0, packet->content_disposition_line.ptr = NULL, + packet->content_disposition_line.len = 0, packet->http_cookie.ptr = NULL, packet->http_cookie.len = 0, packet->http_origin.len = 0, packet->http_origin.ptr = NULL, packet->http_x_session_type.ptr = NULL, packet->http_x_session_type.len = 0, packet->server_line.ptr = NULL, packet->server_line.len = 0, packet->http_method.ptr = NULL, packet->http_method.len = 0, diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 816b23a50..eac9e0f77 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -196,6 +196,14 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet, char *str; u_int len, j; + if (*rdnSeqBuf_offset >= rdnSeqBuf_len) { +#ifdef DEBUG_TLS + printf("[TLS] %s() [buffer capacity reached][%u]\n", + __FUNCTION__, rdnSeqBuf_len); +#endif + return -1; + } + // packet is truncated... further inspection is not needed if((offset+4+str_len) >= packet->payload_packet_len) return(-1); @@ -235,7 +243,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi u_int16_t p_offset, u_int16_t certificate_len) { struct ndpi_packet_struct *packet = &flow->packet; u_int num_found = 0, i; - char buffer[64] = { '\0' }, rdnSeqBuf[1024] = { '\0' }; + char buffer[64] = { '\0' }, rdnSeqBuf[2048] = { '\0' }; u_int rdn_len = 0; #ifdef DEBUG_TLS @@ -1200,14 +1208,14 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, printf("Client SSL [ALPN: %u]\n", alpn_len); #endif - if((alpn_str_len+alpn_len+1) < sizeof(alpn_str)) { + if((alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { if(alpn_str_len > 0) { alpn_str[alpn_str_len] = ','; alpn_str_len++; } for(alpn_i=0; alpn_i<alpn_len; alpn_i++) - alpn_str[alpn_str_len+alpn_i] = packet->payload[s_offset+alpn_i]; + alpn_str[alpn_str_len+alpn_i] = packet->payload[s_offset+alpn_i]; s_offset += alpn_len, alpn_str_len += alpn_len;; } else |