diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-10-30 15:48:45 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-11-02 15:48:45 +0100 |
| commit | 2b48eb051473e240735f61f41dce1c6614ca39fd (patch) | |
| tree | e7314df940c8be78adca1edba92a9cde3c85a045 /nDPId.c | |
| parent | ddc96ba614e4f6d1cd4ea9526ae1ccc9d71b8f49 (diff) | |
Added `vlan_id` dissection of the most outer (first) 802.1Q header. Fixes #50
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'nDPId.c')
| -rw-r--r-- | nDPId.c | 32 |
1 files changed, 26 insertions, 6 deletions
@@ -189,7 +189,7 @@ struct nDPId_flow_basic uint8_t tcp_fin_rst_seen : 1; uint8_t tcp_is_midstream_flow : 1; uint8_t reserved_00 : 6; - uint8_t reserved_01[2]; + uint16_t vlan_id; // ETHERTYPE_VLAN: 802.1Q VLAN uint16_t src_port; uint16_t dst_port; uint64_t last_pkt_time[FD_COUNT]; @@ -206,7 +206,6 @@ struct nDPId_flow_extended uint16_t min_l4_payload_len[FD_COUNT]; uint16_t max_l4_payload_len[FD_COUNT]; - ; unsigned long long int packets_processed[FD_COUNT]; uint64_t first_seen; @@ -1995,6 +1994,15 @@ static int ndpi_workflow_node_cmp(void const * const A, void const * const B) return 1; } + if (flow_basic_a->vlan_id < flow_basic_b->vlan_id) + { + return -1; + } + else if (flow_basic_a->vlan_id > flow_basic_b->vlan_id) + { + return 1; + } + /* flows have the same hash */ if (flow_basic_a->l4_protocol < flow_basic_b->l4_protocol) { @@ -2171,6 +2179,11 @@ static void jsonize_l3_l4(struct nDPId_workflow * const workflow, struct nDPId_f char src_name[48] = {}; char dst_name[48] = {}; + if (flow_basic->vlan_id != USHRT_MAX) + { + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "vlan_id", flow_basic->vlan_id); + } + switch (flow_basic->l3_type) { case L3_IP: @@ -2891,6 +2904,10 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa if (event == PACKET_EVENT_PAYLOAD_FLOW) { + if (flow_ext->flow_basic.vlan_id != USHRT_MAX) + { + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "vlan_id", flow_ext->flow_basic.vlan_id); + } ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_id", flow_ext->flow_id); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", @@ -3440,8 +3457,9 @@ static uint32_t calculate_ndpi_flow_struct_hash(struct ndpi_flow_struct const * static int process_datalink_layer(struct nDPId_reader_thread * const reader_thread, struct pcap_pkthdr const * const header, uint8_t const * const packet, - uint16_t * ip_offset, - uint16_t * layer3_type) + uint16_t * const ip_offset, + uint16_t * const layer3_type, + uint16_t * const vlan_id) { const uint16_t eth_offset = 0; int datalink_type; @@ -3734,6 +3752,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre } return 1; } + *vlan_id = ntohs(*(uint16_t *)&packet[*ip_offset]) & 0xFFF; *layer3_type = ntohs(*(uint16_t *)&packet[*ip_offset + 2]); *ip_offset += 4; } @@ -3916,7 +3935,7 @@ static void ndpi_process_packet(uint8_t * const args, { struct nDPId_reader_thread * const reader_thread = (struct nDPId_reader_thread *)args; struct nDPId_workflow * workflow; - struct nDPId_flow_basic flow_basic = {}; + struct nDPId_flow_basic flow_basic = {.vlan_id = USHRT_MAX}; enum nDPId_flow_direction direction; size_t hashed_index; @@ -3966,7 +3985,7 @@ static void ndpi_process_packet(uint8_t * const args, do_periodically_work(reader_thread); - if (process_datalink_layer(reader_thread, header, packet, &ip_offset, &type) != 0) + if (process_datalink_layer(reader_thread, header, packet, &ip_offset, &type, &flow_basic.vlan_id) != 0) { return; } @@ -4181,6 +4200,7 @@ static void ndpi_process_packet(uint8_t * const args, /* distribute flows to threads while keeping stability (same flow goes always to same thread) */ thread_index += (flow_basic.src_port < flow_basic.dst_port ? flow_basic.dst_port : flow_basic.src_port); + thread_index += flow_basic.vlan_id; thread_index %= GET_CMDARG_ULL(nDPId_options.reader_thread_count); if (thread_index != reader_thread->array_index) { |