From a828ac01918575b4436828c1ba5154e1674dfc7f Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 29 Jul 2020 22:36:27 +0200
Subject: Tiny changes for TLS block lenght dissection

---
 example/ndpiReader.c  |  6 +++++-
 example/reader_util.c | 41 ++++++++++++++++++++++++++---------------
 2 files changed, 31 insertions(+), 16 deletions(-)

(limited to 'example')

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index b0d1a9122..c525346fa 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1949,6 +1949,10 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
     ndpi_load_categories_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _customCategoryFilePath);
 
   ndpi_finalize_initalization(ndpi_thread_info[thread_id].workflow->ndpi_struct);
+
+#ifdef USE_TLS_LEN
+  ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, ndpi_pref_enable_tls_block_dissection, 1);
+#endif
 }
 
 /* *********************************************** */
@@ -2460,7 +2464,7 @@ static void printFlowsStats() {
     if(verbose > 1) {
 #ifndef DIRECTION_BINS
       struct ndpi_bin *bins = (struct ndpi_bin*)ndpi_malloc(sizeof(struct ndpi_bin)*num_flows);
-      u_int16_t *cluster_ids = (u_int16_t*)ndpi_malloc(sizeof(u_int16_t)*num_flows);;
+      u_int16_t *cluster_ids = (u_int16_t*)ndpi_malloc(sizeof(u_int16_t)*num_flows);
 #endif
 
       for(i=0; i<num_flows; i++) {
diff --git a/example/reader_util.c b/example/reader_util.c
index e26e8625d..7e68a378d 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -79,7 +79,7 @@
 
 #define PLEN_MAX         1504
 #define PLEN_BIN_LEN     32
-#define PLEN_NUM_BINS    47 /* 47*32 = 1504 */
+#define PLEN_NUM_BINS    48 /* 47*32 = 1504 */
 #define MAX_NUM_BIN_PKTS 256
 
 #include "ndpi_main.h"
@@ -1021,6 +1021,20 @@ void correct_csv_data_field(char* data) {
 
 /* ****************************************************** */
 
+u_int8_t plen2slot(u_int16_t plen) {  
+  /* 
+     Slots [32 bytes lenght]
+     0..31, 32..63 ... 
+  */
+
+  if(plen > PLEN_MAX)
+    return(PLEN_NUM_BINS-1);
+  else
+    return(plen/PLEN_BIN_LEN);
+}
+
+/* ****************************************************** */
+
 void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow, FILE * csv_fp) {
   u_int i;
 
@@ -1194,6 +1208,17 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 	snprintf(flow->info, sizeof(flow->info), "ALPN: %s",
 		 flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
     }
+
+#ifdef USE_TLS_LEN
+    /* For TLS we use TLS block lenght instead of payload lenght */
+    ndpi_reset_bin(&flow->payload_len_bin);
+    
+    for(i=0; i<flow->ndpi_flow->l4.tcp.tls.num_tls_blocks; i++) {
+      u_int16_t len = abs(flow->ndpi_flow->l4.tcp.tls.tls_application_blocks_len[i]);
+      printf("%u\n", len);
+      ndpi_inc_bin(&flow->payload_len_bin, plen2slot(len), 1);
+    }
+#endif
   }
 
   if(flow->detection_completed && (!flow->check_extra_packets)) {
@@ -1257,20 +1282,6 @@ void update_tcp_flags_count(struct ndpi_flow_info* flow, struct ndpi_tcphdr* tcp
   }
 }
 
-/* ****************************************************** */
-
-u_int8_t plen2slot(u_int16_t plen) {  
-  /* 
-     Slots [32 bytes lenght]
-     0..31, 32..63 ... 
-  */
-
-  if(plen > PLEN_MAX)
-    return(PLEN_NUM_BINS-1);
-  else
-    return(plen/PLEN_BIN_LEN);
-}
-
 /* ****************************************************** */
 /**
    Function to process the packet:
-- 
cgit v1.2.3