From f25deeccb1ccbebd6346271828762fdd8326c32b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 30 May 2022 00:31:52 +0200 Subject: Added RiskInfo string --- example/ndpiReader.c | 3 +++ example/reader_util.c | 10 +++++++++- example/reader_util.h | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index f8886fed1..d7dac2e15 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1515,6 +1515,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "]"); fprintf(out, "[Risk Score: %u]", ndpi_risk2score(flow->risk, &cli_score, &srv_score)); + + if(flow->risk_str) + fprintf(out, "[Risk Info: %s]", flow->risk_str); } if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(buf_ver, sizeof(buf_ver), diff --git a/example/reader_util.c b/example/reader_util.c index 49c647516..cb591d52e 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -541,6 +541,8 @@ void ndpi_flow_info_free_data(struct ndpi_flow_info *flow) { #else ndpi_free_bin(&flow->payload_len_bin); #endif + + if(flow->risk_str) ndpi_free(flow->risk_str); } /* ***************************************************** */ @@ -1036,11 +1038,17 @@ u_int8_t plen2slot(u_int16_t plen) { void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { u_int i, is_quic = 0; - + char out[128], *s; + if(!flow->ndpi_flow) return; flow->info_type = INFO_INVALID; + s = ndpi_get_flow_risk_info(flow->ndpi_flow, out, sizeof(out)); + + if(s != NULL) + flow->risk_str = ndpi_strdup(s); + flow->confidence = flow->ndpi_flow->confidence; ndpi_snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", diff --git a/example/reader_util.h b/example/reader_util.h index 6259de5f2..c2a152d38 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -198,6 +198,7 @@ typedef struct ndpi_flow_info { u_int32_t src2dst_packets, dst2src_packets; u_int32_t has_human_readeable_strings; char human_readeable_string_buffer[32]; + char *risk_str; // result only, not used for flow identification ndpi_protocol detected_protocol; -- cgit v1.2.3