From 9e07a57566cc45bf92a845d8cee968d72e0f314e Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 15 Dec 2021 23:25:32 +0100 Subject: Major nDPId extension. Sorry for the huge commit. - nDPId: fixed invalid IP4/IP6 tuple compare - nDPIsrvd: fixed caching issue (finally) - added tiny c example (can be used to check flow manager sanity) - c-captured: use flow_last_seen timestamp from `struct nDPIsrvd_flow` - README.md update: added example JSON sequence - nDPId: added new flow event `update` necessary for correct timeout handling (and other future use-cases) - nDPIsrvd.h and nDPIsrvd.py: switched to an instance (consists of an alias/source tuple) based flow manager - every flow related event **must** now serialize `alias`, `source`, `flow_id`, `flow_last_seen` and `flow_idle_time` to make the timeout handling and verification process work correctly - nDPIsrvd.h: ability to profile any dynamic memory (de-)allocation - nDPIsrvd.py: removed PcapPacket class (unused) - py-flow-dashboard and py-flow-multiprocess: fixed race condition - py-flow-info: print statusbar with probably useful information - nDPId/nDPIsrvd.h: switched from packet-flow only timestamps (`pkt_*sec`) to a generic flow event timestamp `ts_msec` - nDPId-test: added additional checks - nDPId: increased ICMP flow timeout - nDPId: using event based i/o if capturing packets from a device - nDPIsrvd: fixed memory leak on shutdown if remote descriptors were still connected Signed-off-by: Toni Uhlig --- examples/py-ja3-checker/py-ja3-checker.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'examples/py-ja3-checker/py-ja3-checker.py') diff --git a/examples/py-ja3-checker/py-ja3-checker.py b/examples/py-ja3-checker/py-ja3-checker.py index 3e7e9418f..b7f9df5b1 100755 --- a/examples/py-ja3-checker/py-ja3-checker.py +++ b/examples/py-ja3-checker/py-ja3-checker.py @@ -105,7 +105,7 @@ def getInfoFromJA3ER(ja3_hash): print('No fingerprint for JA3 {} found.'.format(ja3_hash)) -def onJsonLineRecvd(json_dict, current_flow, global_user_data): +def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data): if 'tls' in json_dict and 'ja3' in json_dict['tls']: if json_dict['tls']['client_requested_server_name'] == 'ja3er.com': @@ -139,7 +139,7 @@ if __name__ == '__main__': nsock = nDPIsrvdSocket() nsock.connect(address) try: - nsock.loop(onJsonLineRecvd, None) + nsock.loop(onJsonLineRecvd, None, None) except nDPIsrvd.SocketConnectionBroken as err: sys.stderr.write('\n{}\n'.format(err)) except KeyboardInterrupt: -- cgit v1.2.3