From b77d3e3ab6d216cda9a092794a5fb8b1eac86fe6 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 15 Sep 2024 20:21:32 +0200 Subject: Enhanced DHCP fingerprint Exported it with -E --- example/reader_util.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'example') diff --git a/example/reader_util.c b/example/reader_util.c index d2b60859d..51e8c3da0 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1057,8 +1057,19 @@ static void dump_raw_fingerprint(struct ndpi_workflow * workflow, /* ****************************************************** */ static void dump_flow_fingerprint(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { - if(flow->ndpi_flow->protos.tls_quic.ja4_client_raw != NULL) - dump_raw_fingerprint(workflow, flow, "JA4r", flow->ndpi_flow->protos.tls_quic.ja4_client_raw); + if(is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) || is_ndpi_proto(flow, NDPI_PROTOCOL_QUIC)) { + if(flow->ndpi_flow->protos.tls_quic.ja4_client_raw != NULL) + dump_raw_fingerprint(workflow, flow, "JA4r", flow->ndpi_flow->protos.tls_quic.ja4_client_raw); + } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP) + && (flow->ndpi_flow->protos.dhcp.fingerprint[0] != '\0')) { + char buf[256]; + + snprintf(buf, sizeof(buf), "%s_%s", + flow->ndpi_flow->protos.dhcp.options, + flow->ndpi_flow->protos.dhcp.fingerprint); + + dump_raw_fingerprint(workflow, flow, "DHCP_r", buf); + } } /* ****************************************************** */ -- cgit v1.2.3