From d72a760ac3895dd8a0bd3e55d4b51f9e22e04e6c Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Tue, 9 Jan 2024 08:41:44 +0100 Subject: New API for library configuration This is the first step into providing (more) configuration options in nDPI. The idea is to have a simple way to configure (most of) nDPI: only one function (`ndpi_set_config()`) to set any configuration parameters (in the present or on in the future) and we try to keep this function prototype as agnostic as possible. You can configure the library: * via API, using `ndpi_set_config()` * via a configuration file, in a text format This way, anytime we need to add a new configuration parameter: * we don't need to add two public functions (a getter and a setter) * we don't break API/ABI compatibility of the library; even changing the parameter type (from integer to a list of integer, for example) doesn't break the compatibility. The complete list of configuration options is provided in `doc/configuration_parameters.md`. As a first example, two configuration knobs are provided: * the ability to enable/disable the extraction of the sha1 fingerprint of the TLS certificates. * the upper limit on the number of packets per flow that will be subject to inspection --- fuzz/fuzz_config.cpp | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'fuzz/fuzz_config.cpp') diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index afd9367fb..573f6ecbe 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -28,21 +28,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_proto p, p2; char out[128]; char log_ts[32]; + int value; + char cfg_value[32]; - if(fuzzed_data.remaining_bytes() < 4 + /* ndpi_init_detection_module() */ - NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS + - 1 + /* TLS cert expire */ - 6 + /* files */ - ((NDPI_LRUCACHE_MAX + 1) * 5) + /* LRU caches */ - 2 + 1 + 4 + /* ndpi_set_detection_preferences() */ - 7 + /* Opportunistic tls */ - 2 + /* Pid */ - 2 + /* Category */ - 1 + /* Tunnel */ - 1 + /* Bool value */ - 2 + /* input_info */ - 21 /* Min real data: ip length + 1 byte of L4 header */) + /* Just to be sure to have some data */ + if(fuzzed_data.remaining_bytes() < NDPI_MAX_SUPPORTED_PROTOCOLS * 2 + 200) return -1; /* To allow memory allocation failures */ @@ -101,9 +92,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(fuzzed_data.ConsumeBool()) ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_enable_tls_block_dissection, 0 /* unused */); - if(fuzzed_data.ConsumeBool()) - ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_max_packets_to_process, - fuzzed_data.ConsumeIntegralInRange(0, (1 << 16))); ndpi_set_detection_preferences(ndpi_info_mod, static_cast(0xFF), 0xFF); /* Invalid preference */ @@ -126,6 +114,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_protocol_aggressiveness(ndpi_info_mod, i); } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "tls", "metadata.sha1_fingerprint.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 255 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "packets_limit_per_flow", cfg_value); + } + ndpi_finalize_initialization(ndpi_info_mod); /* Random protocol configuration */ -- cgit v1.2.3