From fc16c9368e1f5ba93144115d687fd2ce09f50955 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 21 Feb 2021 21:33:26 +0100 Subject: Added risky domain flow-risk support --- example/ndpiReader.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'example/ndpiReader.c') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 7681d1627..591480ff3 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -65,8 +65,9 @@ static FILE *playlist_fp[MAX_NUM_READER_THREADS] = { NULL }; /**< Ingress playli static FILE *results_file = NULL; static char *results_path = NULL; static char * bpfFilter = NULL; /**< bpf filter */ -static char *_protoFilePath = NULL; /**< Protocol file path */ +static char *_protoFilePath = NULL; /**< Protocol file path */ static char *_customCategoryFilePath= NULL; /**< Custom categories file path */ +static char *_riskyDomainFilePath = NULL; /**< Risky domain files */ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; FILE *csv_fp = NULL; /**< for CSV export */ @@ -437,7 +438,7 @@ static void help(u_int long_help) { "[-f ][-s ][-m ][-b ]\n" " [-p ][-l [-q][-d][-J][-h][-D][-e ][-t][-v ]\n" " [-n ][-w ][-c ][-C ][-j ][-x ]\n" - " [-T ][-U ] [-x ]\n\n" + " [-r ][-T ][-U ] [-x ]\n\n" "Usage:\n" " -i | Specify a pcap file/playlist to read packets from or a\n" " | device for live capture (comma-separated list)\n" @@ -465,9 +466,9 @@ static void help(u_int long_help) { " | = max packet payload dissection\n" " | = max num reported payloads\n" " | Default: %u:%u:%u:%u:%u\n" - " -r | Print nDPI version and git revision\n" " -c | Load custom categories from the specified file\n" " -C | Write output in CSV format on the specified file\n" + " -r | Load risky domain file\n" " -w | Write test output on the specified file. This is useful for\n" " | testing purposes in order to compare results across runs\n" " -h | This help\n" @@ -762,7 +763,7 @@ static void parseOptions(int argc, char **argv) { } #endif - while((opt = getopt_long(argc, argv, "b:e:c:C:dDf:g:i:Ihp:P:l:s:tu:v:V:n:Jrp:x:w:q0123:456:7:89:m:T:U:", + while((opt = getopt_long(argc, argv, "b:e:c:C:dDf:g:i:Ihp:P:l:r:s:tu:v:V:n:Jrp:x:w:q0123:456:7:89:m:T:U:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); @@ -829,6 +830,10 @@ static void parseOptions(int argc, char **argv) { printf("Unable to write on CSV file %s\n", optarg); break; + case 'r': + _riskyDomainFilePath = optarg; + break; + case 's': capture_for = atoi(optarg); capture_until = capture_for + time(NULL); @@ -838,10 +843,6 @@ static void parseOptions(int argc, char **argv) { decode_tunnels = 1; break; - case 'r': - printf("ndpiReader - nDPI (%s)\n", ndpi_revision()); - exit(0); - case 'v': verbose = atoi(optarg); break; @@ -2056,6 +2057,9 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { if(_customCategoryFilePath) ndpi_load_categories_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _customCategoryFilePath); + if(_riskyDomainFilePath) + ndpi_load_risk_domain_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _riskyDomainFilePath); + ndpi_finalize_initalization(ndpi_thread_info[thread_id].workflow->ndpi_struct); if(enable_doh_dot_detection) -- cgit v1.2.3