From d0609ea601f6e0e9fac7cfe622d07e41f0129e89 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 14 Jun 2023 23:44:57 +0200 Subject: Implemented Zoom/Teams stream type detection --- example/reader_util.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index a35eaf3c5..d044fb76a 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1,7 +1,7 @@ /* * reader_util.c * - * Copyright (C) 2011-22 - ntop.org + * Copyright (C) 2011-23 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -1141,16 +1141,17 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->num_dissector_calls = flow->ndpi_flow->num_dissector_calls; ndpi_snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", - flow->ndpi_flow->host_server_name); + flow->ndpi_flow->host_server_name); ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", - flow->ndpi_flow->flow_extra_info); + flow->ndpi_flow->flow_extra_info); flow->risk = flow->ndpi_flow->risk; if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP)) { if(flow->ndpi_flow->protos.dhcp.fingerprint[0] != '\0') flow->dhcp_fingerprint = ndpi_strdup(flow->ndpi_flow->protos.dhcp.fingerprint); + if(flow->ndpi_flow->protos.dhcp.class_ident[0] != '\0') flow->dhcp_class_ident = ndpi_strdup(flow->ndpi_flow->protos.dhcp.class_ident); } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_BITTORRENT) && @@ -1160,6 +1161,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(flow->ndpi_flow->protos.bittorrent.hash[0] != '\0') { flow->bittorent_hash = ndpi_malloc(sizeof(flow->ndpi_flow->protos.bittorrent.hash) * 2 + 1); + if(flow->bittorent_hash) { for(i=0, j = 0; i < sizeof(flow->ndpi_flow->protos.bittorrent.hash); i++) { sprintf(&flow->bittorent_hash[j], "%02x", @@ -1167,6 +1169,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl j += 2; } + flow->bittorent_hash[j] = '\0'; } } @@ -1369,6 +1372,11 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } + if(is_ndpi_proto(flow, NDPI_PROTOCOL_ZOOM)) + flow->multimedia_flow_type = flow->ndpi_flow->zoom.flow_type; + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SKYPE_TEAMS_CALL)) + flow->multimedia_flow_type = flow->ndpi_flow->skype_teams.flow_type; + /* HTTP metadata are "global" not in `flow->ndpi_flow->protos` union; for example, we can have HTTP/BitTorrent and in that case we want to export also HTTP attributes */ if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP) @@ -1388,8 +1396,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl sizeof(flow->http.user_agent), "%s", (flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : "")); - if (workflow->ndpi_serialization_format != ndpi_serialization_format_unknown) - { + if (workflow->ndpi_serialization_format != ndpi_serialization_format_unknown) { if (ndpi_flow2json(workflow->ndpi_struct, flow->ndpi_flow, flow->ip_version, flow->protocol, flow->vlan_id, @@ -1397,17 +1404,16 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl &flow->src_ip6, &flow->dst_ip6, flow->src_port, flow->dst_port, flow->detected_protocol, - &flow->ndpi_flow_serializer) != 0) - { + &flow->ndpi_flow_serializer) != 0) { LOG(NDPI_LOG_ERROR, "flow2json failed\n"); exit(-1); } + ndpi_serialize_string_uint32(&flow->ndpi_flow_serializer, "detection_completed", flow->detection_completed); ndpi_serialize_string_uint32(&flow->ndpi_flow_serializer, "check_extra_packets", flow->check_extra_packets); } - if(flow->detection_completed && (!flow->check_extra_packets)) { - + if(flow->detection_completed && (!flow->check_extra_packets)) { flow->flow_payload = flow->ndpi_flow->flow_payload, flow->flow_payload_len = flow->ndpi_flow->flow_payload_len; flow->ndpi_flow->flow_payload = NULL; /* We'll free the memory */ -- cgit v1.2.3