diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 9 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 30 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 48 |
3 files changed, 85 insertions, 2 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 653d8e565..b0c9d71bf 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -628,6 +628,15 @@ extern "C" { const char* ndpi_confidence_get_name(ndpi_confidence_t confidence); /** + * Get FPC confidence as string + * + * @par confidence = the confidence value + * @return the string name of the confidence result + * + */ + const char* ndpi_fpc_confidence_get_name(ndpi_fpc_confidence_t fpc_confidence); + + /** * Set protocol category string * * @par mod = the detection module diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index acee346c1..6a4478af6 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -996,6 +996,23 @@ typedef enum { } ndpi_confidence_t; typedef enum { + NDPI_FPC_CONFIDENCE_UNKNOWN = 0, /* Unknown First Packet Classification */ + NDPI_FPC_CONFIDENCE_IP, /* FPC based on IP address */ + NDPI_FPC_CONFIDENCE_DNS, /* FPC based on DNS information */ + + /* + IMPORTANT + + Please keep in sync with + ndpi_fpc_confidence_get_name() + in ndpi_main.c + */ + + /* Last one */ + NDPI_FPC_CONFIDENCE_MAX, +} ndpi_fpc_confidence_t; + +typedef enum { NDPI_PROTOCOL_SAFE = 0, /* Surely doesn't provide risks for the network. (e.g., a news site) */ NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn't provide risks, but could be malicious (e.g., Dropbox) */ NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ @@ -1119,6 +1136,12 @@ typedef struct _ndpi_automa { typedef void ndpi_str_hash; +struct ndpi_fpc_info { + u_int16_t master_protocol; + u_int16_t app_protocol; + ndpi_fpc_confidence_t confidence; +}; + typedef struct ndpi_proto { /* Note @@ -1195,6 +1218,9 @@ struct ndpi_flow_struct { u_int16_t num_dissector_calls; ndpi_confidence_t confidence; /* ndpi_confidence_t */ + /* First Packet Classification info */ + struct ndpi_fpc_info fpc; + /* if ndpi_struct->direction_detect_disable == 1 tcp sequence number connection tracking @@ -1510,8 +1536,8 @@ struct ndpi_flow_struct { _Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 256, "Size of the struct member protocols increased to more than 256 bytes, " "please check if this change is necessary."); -_Static_assert(sizeof(struct ndpi_flow_struct) <= 1112, - "Size of the flow struct increased to more than 1112 bytes, " +_Static_assert(sizeof(struct ndpi_flow_struct) <= 1120, + "Size of the flow struct increased to more than 1120 bytes, " "please check if this change is necessary."); #endif #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f2162e005..ac1c28897 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -8287,6 +8287,33 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n /* ********************************************************************************* */ +static void fpc_update(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + u_int16_t fpc_master, u_int16_t fpc_app, + ndpi_fpc_confidence_t fpc_confidence) +{ + NDPI_LOG_DBG(ndpi_str, "FPC %d.%d/%s -> %d.%d/%s\n", + flow->fpc.master_protocol, flow->fpc.app_protocol, + ndpi_fpc_confidence_get_name(flow->fpc.confidence), + fpc_master, fpc_app, + ndpi_fpc_confidence_get_name(fpc_confidence)); + flow->fpc.master_protocol = fpc_master; + flow->fpc.app_protocol = fpc_app; + flow->fpc.confidence = fpc_confidence; +} + +/* ********************************************************************************* */ + +static void fpc_check_ip(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow) +{ + if(flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) + fpc_update(ndpi_str, flow, NDPI_PROTOCOL_UNKNOWN, + flow->guessed_protocol_id_by_ip, NDPI_FPC_CONFIDENCE_IP); +} + +/* ********************************************************************************* */ + static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, const unsigned char *packet_data, @@ -8421,6 +8448,8 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio if(ndpi_do_guess(ndpi_str, flow, &ret) == -1) return(ret); + + fpc_check_ip(ndpi_str, flow); } num_calls = ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); @@ -9383,6 +9412,25 @@ const char *ndpi_confidence_get_name(ndpi_confidence_t confidence) /* ****************************************************** */ +const char *ndpi_fpc_confidence_get_name(ndpi_fpc_confidence_t fpc_confidence) +{ + switch(fpc_confidence) { + case NDPI_FPC_CONFIDENCE_UNKNOWN: + return "Unknown"; + + case NDPI_FPC_CONFIDENCE_IP: + return "IP address"; + + case NDPI_FPC_CONFIDENCE_DNS: + return "DNS"; + + default: + return "Invalid"; /* Out of sync with ndpi_fpc_confidence_t definition */ + } +} + +/* ****************************************************** */ + const char *ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_category_t category) { if((!ndpi_str) || (category >= NDPI_PROTOCOL_NUM_CATEGORIES)) { |