diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-07-13 03:18:55 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-07-13 03:35:35 +0200 |
| commit | 6f04807236f55c734816ddcc5ab80d06f89a3a9b (patch) | |
| tree | a4c5229f8c504efb4d00ca7dae88e9301ab36ec8 /examples | |
| parent | 19e4038ce5f8696d8c1ca7374430b8602faf5f9d (diff) | |
Build JSMN with support for parent links.
* nDPIsrvd.h: iterate over subtokens
* nDPIsrvd-captured: select/ unselect risky flows to capture
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/c-captured/c-captured.c | 116 | ||||
| -rw-r--r-- | examples/c-json-stdout/c-json-stdout.c | 3 |
2 files changed, 105 insertions, 14 deletions
diff --git a/examples/c-captured/c-captured.c b/examples/c-captured/c-captured.c index 76de75c3d..42da0677d 100644 --- a/examples/c-captured/c-captured.c +++ b/examples/c-captured/c-captured.c @@ -1,6 +1,8 @@ #include <arpa/inet.h> #include <errno.h> #include <linux/limits.h> +#include <ndpi_api.h> +#include <ndpi_typedefs.h> #include <netinet/ip_icmp.h> #include <netinet/tcp.h> #include <netinet/udp.h> @@ -62,7 +64,7 @@ static char * group = NULL; static char * datadir = NULL; static uint8_t process_guessed = 0; static uint8_t process_undetected = 0; -static uint8_t process_risky = 0; +static ndpi_risk process_risky = NDPI_NO_RISK; static uint8_t process_midstream = 0; static uint8_t ignore_empty_flows = 0; @@ -95,6 +97,35 @@ static void packet_data_dtor(void * elt) static const UT_icd packet_data_icd = {sizeof(struct packet_data), NULL, packet_data_copy, packet_data_dtor}; +static void set_ndpi_risk(ndpi_risk * const risk, nDPIsrvd_ull risk_to_add) +{ + if (risk_to_add == 0) + { + *risk = (ndpi_risk)-1; + } + else + { + *risk |= 1ull << --risk_to_add; + } +} + +static void unset_ndpi_risk(ndpi_risk * const risk, nDPIsrvd_ull risk_to_del) +{ + if (risk_to_del == 0) + { + *risk = 0; + } + else + { + *risk &= ~(1ull << --risk_to_del); + } +} + +static int has_ndpi_risk(ndpi_risk * const risk, nDPIsrvd_ull risk_to_check) +{ + return (*risk & (1ull << --risk_to_check)) != 0; +} + static char * generate_pcap_filename(struct nDPIsrvd_flow const * const flow, struct flow_user_data const * const flow_user, char * const dest, @@ -348,7 +379,8 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock if (flow_event_name != NULL) { - perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_tot_l4_payload_len"), &flow_user->flow_tot_l4_payload_len), + perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_tot_l4_payload_len"), + &flow_user->flow_tot_l4_payload_len), "flow_tot_l4_payload_len"); } @@ -378,11 +410,26 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock } else if (TOKEN_VALUE_EQUALS_SZ(flow_event_name, "detected") != 0) { + struct nDPIsrvd_json_token const * const flow_risk = TOKEN_GET_SZ(sock, "flow_risk"); + struct nDPIsrvd_json_token const * current = NULL; + int next_child_index = -1; + flow_user->detected = 1; flow_user->detection_finished = 1; - if (TOKEN_GET_SZ(sock, "flow_risk") != NULL) + + if (flow_risk != NULL) { - flow_user->risky = 1; + while ((current = token_get_next_child(sock, flow_risk, &next_child_index)) != NULL) + { + nDPIsrvd_ull numeric_risk_value = 0ull; + + if (TOKEN_KEY_TO_ULL(current, &numeric_risk_value) == CONVERSION_OK && + numeric_risk_value < NDPI_MAX_RISK && + has_ndpi_risk(&process_risky, numeric_risk_value) != 0) + { + flow_user->risky = 1; + } + } } } @@ -453,13 +500,12 @@ static void captured_flow_end_callback(struct nDPIsrvd_socket * const sock, stru } } -static int parse_options(int argc, char ** argv) +static void print_usage(char const * const arg0) { - int opt; - static char const usage[] = "Usage: %s " - "[-d] [-p pidfile] [-s host] [-r rotate-every-n-seconds] [-u user] [-g group] [-D dir] [-G] [-U] [-R] [-M]\n\n" + "[-d] [-p pidfile] [-s host] [-r rotate-every-n-seconds]\n" + "\t \t[-u user] [-g group] [-D dir] [-G] [-U] [-R risk] [-M]\n\n" "\t-d\tForking into background after initialization.\n" "\t-p\tWrite the daemon PID to the given file path.\n" "\t-s\tDestination where nDPIsrvd is listening on.\n" @@ -470,11 +516,33 @@ static int parse_options(int argc, char ** argv) "\t-D\tDatadir - Where to store PCAP files.\n" "\t-G\tGuessed - Dump guessed flows to a PCAP file.\n" "\t-U\tUndetected - Dump undetected flows to a PCAP file.\n" - "\t-R\tRisky - Dump risky flows to a PCAP file.\n" + "\t-R\tRisky - Dump risky flows to a PCAP file. See additional help below.\n" "\t-M\tMidstream - Dump midstream flows to a PCAP file.\n" - "\t-E\tEmpty - Ignore flows w/o any layer 4 payload\n"; + "\t-E\tEmpty - Ignore flows w/o any layer 4 payload\n\n" + "\tPossible options for `-R' (can be specified multiple times, processed from left to right, ~ disables a risk):\n" + "\t \tExample: -R0 -R~15 would enable all risks except risk with id 15\n"; + + fprintf(stderr, usage, arg0); +#ifndef LIBNDPI_STATIC + fprintf(stderr, "\t\t%d - %s\n", 0, "Capture all risks"); +#else + fprintf(stderr, "\t\t%d - %s\n\t\t", 0, "Capture all risks"); +#endif + for (int risk = NDPI_NO_RISK + 1; risk < NDPI_MAX_RISK; ++risk) + { +#ifndef LIBNDPI_STATIC + fprintf(stderr, "\t\t%d - %s%s", risk, ndpi_risk2str(risk), (risk == NDPI_MAX_RISK - 1 ? "\n\n" : "\n")); +#else + fprintf(stderr, "%d%s", risk, (risk == NDPI_MAX_RISK - 1 ? "\n" : ",")); +#endif + } +} + +static int parse_options(int argc, char ** argv) +{ + int opt; - while ((opt = getopt(argc, argv, "hdp:s:r:u:g:D:GURME")) != -1) + while ((opt = getopt(argc, argv, "hdp:s:r:u:g:D:GUR:ME")) != -1) { switch (opt) { @@ -493,6 +561,7 @@ static int parse_options(int argc, char ** argv) if (perror_ull(str_value_to_ull(optarg, &pcap_filename_rotation), "pcap_filename_rotation") != CONVERSION_OK) { + fprintf(stderr, "%s: Argument for `-r' is not a number: %s\n", argv[0], optarg); return 1; } break; @@ -515,8 +584,27 @@ static int parse_options(int argc, char ** argv) process_undetected = 1; break; case 'R': - process_risky = 1; + { + char * value = (optarg[0] == '~' ? optarg + 1 : optarg); + nDPIsrvd_ull risk; + if (perror_ull(str_value_to_ull(value, &risk), "process_risky") != CONVERSION_OK) + { + fprintf(stderr, "%s: Argument for `-R' is not a number: %s\n", argv[0], optarg); + return 1; + } + if (risk >= NDPI_MAX_RISK) + { + fprintf(stderr, "%s: Invalid risk set: %s\n", argv[0], optarg); + return 1; + } + if (optarg[0] == '~') + { + unset_ndpi_risk(&process_risky, risk); + } else { + set_ndpi_risk(&process_risky, risk); + } break; + } case 'M': process_midstream = 1; break; @@ -524,7 +612,7 @@ static int parse_options(int argc, char ** argv) ignore_empty_flows = 1; break; default: - fprintf(stderr, usage, argv[0]); + print_usage(argv[0]); return 1; } } @@ -554,7 +642,7 @@ static int parse_options(int argc, char ** argv) if (optind < argc) { fprintf(stderr, "Unexpected argument after options\n\n"); - fprintf(stderr, usage, argv[0]); + print_usage(argv[0]); return 1; } diff --git a/examples/c-json-stdout/c-json-stdout.c b/examples/c-json-stdout/c-json-stdout.c index 51df70bfa..508e45588 100644 --- a/examples/c-json-stdout/c-json-stdout.c +++ b/examples/c-json-stdout/c-json-stdout.c @@ -115,6 +115,9 @@ int main(void) { if (i % 2 == 1) { +#ifdef JSMN_PARENT_LINKS + printf("[%d][%d]", i, tokens[i].parent); +#endif printf("[%.*s : ", tokens[i].end - tokens[i].start, (char *)(buf + json_start) + tokens[i].start); } else |