diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-11-10 06:25:16 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-11-15 06:25:16 +0100 |
| commit | ce567ae5b75b0620da9b6f0460685ae732073a1e (patch) | |
| tree | a0caa786a244b06c9499adc6a9504c8ff9aac42b /nDPId.c | |
| parent | 36e428fc8917d61a6957a385a4e0b189be36b830 (diff) | |
Improved the point of time when to append the raw packet base64 data to the serializer.
* nDPId-test: Increased the max-packets-per-flow-to-send from 3 to 5.
This is quite useful for TCP as the first 3 packets are usually part of the three-way-handshake.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'nDPId.c')
| -rw-r--r-- | nDPId.c | 32 |
1 files changed, 21 insertions, 11 deletions
@@ -2570,22 +2570,22 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa get_l4_protocol_idle_time_external(flow_ext->flow_basic.l4_protocol)); } + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_caplen", header->caplen); + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_type", pkt_type); + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l3_offset", pkt_l3_offset); + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_offset", pkt_l4_offset); + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_len", header->len); + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_len", pkt_l4_len); + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_usec", workflow->last_thread_time); + size_t const serializer_buffer_len = ndpi_serializer_get_buffer_len(&workflow->ndpi_serializer); - if (serializer_buffer_len < NETWORK_BUFFER_MAX_SIZE) + size_t const required_len = NETWORK_BUFFER_MAX_SIZE - nDPIsrvd_STRLEN_SZ("pkt") - sizeof(':') - sizeof('"') * 4; + if (serializer_buffer_len < required_len) { - char base64_data[NETWORK_BUFFER_MAX_SIZE - serializer_buffer_len]; + char base64_data[required_len - serializer_buffer_len]; size_t base64_data_len = sizeof(base64_data); base64encode(packet, header->caplen, base64_data, &base64_data_len); - ndpi_serialize_string_boolean(&workflow->ndpi_serializer, "pkt_oversize", header->caplen > base64_data_len); - ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_caplen", header->caplen); - ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_type", pkt_type); - ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l3_offset", pkt_l3_offset); - ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_offset", pkt_l4_offset); - ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_len", header->len); - ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_len", pkt_l4_len); - ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_usec", workflow->last_thread_time); - if (base64_data_len > 0) { if (ndpi_serialize_string_binary(&workflow->ndpi_serializer, "pkt", base64_data, base64_data_len) != 0) @@ -2604,6 +2604,16 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa reader_thread->array_index); } } + else + { + logger(1, + "[%8llu, %zu] Could not append base64 encoded raw packet data to the serializer (%zu bytes occupied), " + "because the network buffer (%zu bytes) is too small. Consider increasing NETWORK_BUFFER_MAX_SIZEK.", + reader_thread->workflow->packets_captured, + reader_thread->array_index, + serializer_buffer_len, + required_len); + } serialize_and_send(reader_thread); } |