From 556f892a56d57e1afadb91fd5a12078cb3e2e5dc Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Tue, 25 Jun 2024 12:16:09 +0200
Subject: wireshark: lua: export some metadata

Export some metadata (for the moment, SNI and TLS fingerprints) to
Wireshark/tshark via extcap.
Note that:
* metadata are exported only once per flow
* metadata are exported (all together) when nDPI stopped processing
the flow

Still room for a lot of improvements!
In particular:
* we need to add some boundary checks (if we are going to export other
attributes)
* we should try to have a variable length trailer
---
 fuzz/fuzz_ndpi_reader.c            | 3 ++-
 fuzz/fuzz_readerutils_workflow.cpp | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'fuzz')

diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index 80ed16886..41e7be063 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -126,9 +126,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     if(packet_checked) {
       ndpi_risk flow_risk;
+      struct ndpi_flow_info *flow = NULL; /* unused */
 
       memcpy(packet_checked, pkt, header->caplen);
-      ndpi_workflow_process_packet(workflow, header, packet_checked, &flow_risk);
+      ndpi_workflow_process_packet(workflow, header, packet_checked, &flow_risk, &flow);
       free(packet_checked);
     }
 
diff --git a/fuzz/fuzz_readerutils_workflow.cpp b/fuzz/fuzz_readerutils_workflow.cpp
index 9087a72c1..3517003b6 100644
--- a/fuzz/fuzz_readerutils_workflow.cpp
+++ b/fuzz/fuzz_readerutils_workflow.cpp
@@ -23,6 +23,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   ndpi_serialization_format serialization_format;
   NDPI_PROTOCOL_BITMASK enabled_bitmask;
   ndpi_risk flow_risk;
+  struct ndpi_flow_info *flow = NULL; /* unused */
   const u_char *pkt;
   struct pcap_pkthdr *header;
   int r, rc;
@@ -95,7 +96,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
       header = NULL;
       r = pcap_next_ex(pcap_handle, &header, &pkt);
       while (r > 0) {
-        ndpi_workflow_process_packet(w, header, pkt, &flow_risk);
+        ndpi_workflow_process_packet(w, header, pkt, &flow_risk, &flow);
         r = pcap_next_ex(pcap_handle, &header, &pkt);
       }
     }
-- 
cgit v1.2.3