vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 19:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Added ndpi_dpi2json() API call

Browse source
This commit is contained in:
Luca Deri 2020-06-05 16:08:23 +02:00
parent 16ca69733a
commit 07c54f9992
2 changed files with 78 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/include/ndpi_api.h.in
View file

@ -258,7 +258,7 @@ extern "C" {
*/
void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct,
const NDPI_PROTOCOL_BITMASK * detection_bitmask);
/**
* Function to be called before we give up with detection for a given flow.
* This function reduces the NDPI_UNKNOWN_PROTOCOL detection
@ -330,7 +330,7 @@ extern "C" {
*/
u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/**
* API call that is called internally by ndpi_detection_process_packet or by apps
* that want to avoid calling ndpi_detection_process_packet as they have already
@ -431,7 +431,7 @@ extern "C" {
char *string_to_match,
u_int string_to_match_len,
ndpi_protocol_match_result *ret_match,
u_int16_t master_protocol_id);
u_int16_t master_protocol_id);
/**
* Check if the string content passed match with a protocol
@ -558,7 +558,7 @@ extern "C" {
*/
int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_mod,
struct ndpi_flow_struct *flow,
u_int16_t master_protocol,
u_int16_t master_protocol,
char *name, u_int name_len);
/**
@ -838,7 +838,7 @@ extern "C" {
/* Tells to called on what l4 protocol given application protocol can be found */
ndpi_l4_proto_info ndpi_get_l4_proto_info(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t ndpi_proto_id);
const char* ndpi_get_l4_proto_name(ndpi_l4_proto_info proto);
ndpi_proto_defaults_t* ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod);
u_int ndpi_get_ndpi_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod);
u_int ndpi_get_ndpi_num_custom_protocols(struct ndpi_detection_module_struct *ndpi_mod);
@ -851,7 +851,7 @@ extern "C" {
u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key,
u_int16_t *value, u_int8_t clean_key_when_found);
void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t value);
/**
* Find a protocol id associated with a string automata
*
@ -886,7 +886,7 @@ extern "C" {
u_int16_t src_port, u_int16_t dst_port, u_int8_t icmp_type, u_int8_t icmp_code,
u_char *hash_buf, u_int8_t hash_buf_len);
u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
struct ndpi_flow_struct *flow);
u_int8_t ndpi_is_safe_ssl_cipher(u_int32_t cipher);
const char* ndpi_cipher2str(u_int32_t cipher);
const char* ndpi_tunnel2str(ndpi_packet_tunnel tt);
@ -904,7 +904,10 @@ extern "C" {
char* ndpi_base64_encode(unsigned char const* bytes_to_encode, size_t in_len);
int ndpi_load_ipv4_ptree(struct ndpi_detection_module_struct *ndpi_str,
const char *path, u_int16_t protocol_id);
int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
ndpi_protocol l7_protocol,
ndpi_serializer *serializer);
int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int8_t ip_version,
@ -949,7 +952,7 @@ extern "C" {
int ndpi_serialize_string_int32(ndpi_serializer *serializer,
const char *key, int32_t value);
int ndpi_serialize_string_int64(ndpi_serializer *serializer,
const char *key, int64_t value);
const char *key, int64_t value);
int ndpi_serialize_string_uint32(ndpi_serializer *serializer,
const char *key, u_int32_t value);
int ndpi_serialize_string_uint32_format(ndpi_serializer *serializer,
@ -987,14 +990,14 @@ extern "C" {
void ndpi_serializer_create_snapshot(ndpi_serializer *serializer);
void ndpi_serializer_rollback_snapshot(ndpi_serializer *serializer);
/* Deserializer */
int ndpi_init_deserializer(ndpi_deserializer *deserializer,
ndpi_serializer *serializer);
int ndpi_init_deserializer_buf(ndpi_deserializer *deserializer,
u_int8_t *serialized_buffer,
u_int32_t serialized_buffer_len);
ndpi_serialization_format ndpi_deserialize_get_format(ndpi_deserializer *_deserializer);
ndpi_serialization_type ndpi_deserialize_get_item_type(ndpi_deserializer *deserializer, ndpi_serialization_type *key_type);
int ndpi_deserialize_next(ndpi_deserializer *deserializer);
@ -1020,16 +1023,16 @@ extern "C" {
float ndpi_data_average(struct ndpi_analyze_struct *s);
float ndpi_data_window_average(struct ndpi_analyze_struct *s);
float ndpi_data_entropy(struct ndpi_analyze_struct *s);
float ndpi_data_variance(struct ndpi_analyze_struct *s);
float ndpi_data_stddev(struct ndpi_analyze_struct *s);
u_int32_t ndpi_data_min(struct ndpi_analyze_struct *s);
u_int32_t ndpi_data_max(struct ndpi_analyze_struct *s);
float ndpi_data_ratio(u_int32_t sent, u_int32_t rcvd);
const char* ndpi_data_ratio2str(float ratio);
void ndpi_data_print_window_values(struct ndpi_analyze_struct *s); /* debug */
ndpi_risk_enum ndpi_validate_url(char *url);

110
src/lib/ndpi_utils.c
View file

@ -924,63 +924,22 @@ void ndpi_serialize_risk(ndpi_serializer *serializer,
/* ********************************** */
/* ********************************** */
int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int8_t ip_version,
u_int8_t l4_protocol, u_int16_t vlan_id,
u_int32_t src_v4, u_int32_t dst_v4,
struct ndpi_in6_addr *src_v6, struct ndpi_in6_addr *dst_v6,
u_int16_t src_port, u_int16_t dst_port,
ndpi_protocol l7_protocol,
ndpi_serializer *serializer) {
char buf[64], src_name[32], dst_name[32];
/* NOTE: serializer must have been already initialized */
int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
ndpi_protocol l7_protocol,
ndpi_serializer *serializer) {
char buf[64];
if(ndpi_init_serializer(serializer, ndpi_serialization_format_json) == -1)
return(-1);
if(ip_version == 4) {
inet_ntop(AF_INET, &src_v4, src_name, sizeof(src_name));
inet_ntop(AF_INET, &dst_v4, dst_name, sizeof(dst_name));
} else {
inet_ntop(AF_INET6, src_v6, src_name, sizeof(src_name));
inet_ntop(AF_INET6, dst_v6, dst_name, sizeof(dst_name));
/* For consistency across platforms replace :0: with :: */
ndpi_patchIPv6Address(src_name), ndpi_patchIPv6Address(dst_name);
}
ndpi_serialize_string_string(serializer, "src_ip", src_name);
ndpi_serialize_string_string(serializer, "dest_ip", dst_name);
if(src_port) ndpi_serialize_string_uint32(serializer, "src_port", src_port);
if(dst_port) ndpi_serialize_string_uint32(serializer, "dst_port", dst_port);
switch(l4_protocol) {
case IPPROTO_TCP:
ndpi_serialize_string_string(serializer, "proto", "TCP");
break;
case IPPROTO_UDP:
ndpi_serialize_string_string(serializer, "proto", "UDP");
break;
case IPPROTO_ICMP:
ndpi_serialize_string_string(serializer, "proto", "ICMP");
break;
default:
ndpi_serialize_string_uint32(serializer, "proto", l4_protocol);
break;
}
ndpi_serialize_risk(serializer, flow);
if(flow == NULL) return(-1);
ndpi_serialize_start_of_block(serializer, "ndpi");
ndpi_serialize_risk(serializer, flow);
ndpi_serialize_string_string(serializer, "proto", ndpi_protocol2name(ndpi_struct, l7_protocol, buf, sizeof(buf)));
if(l7_protocol.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
ndpi_serialize_string_string(serializer, "category", ndpi_category_get_name(ndpi_struct, l7_protocol.category));
ndpi_serialize_end_of_block(serializer);
if(flow == NULL) return(0);
switch(l7_protocol.master_protocol ? l7_protocol.master_protocol : l7_protocol.app_protocol) {
case NDPI_PROTOCOL_DHCP:
ndpi_serialize_start_of_block(serializer, "dhcp");
@ -1170,6 +1129,59 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
/* ********************************** */
/* NOTE: serializer is initialized by the function */
int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int8_t ip_version,
u_int8_t l4_protocol, u_int16_t vlan_id,
u_int32_t src_v4, u_int32_t dst_v4,
struct ndpi_in6_addr *src_v6, struct ndpi_in6_addr *dst_v6,
u_int16_t src_port, u_int16_t dst_port,
ndpi_protocol l7_protocol,
ndpi_serializer *serializer) {
char src_name[32], dst_name[32];
if(ndpi_init_serializer(serializer, ndpi_serialization_format_json) == -1)
return(-1);
if(ip_version == 4) {
inet_ntop(AF_INET, &src_v4, src_name, sizeof(src_name));
inet_ntop(AF_INET, &dst_v4, dst_name, sizeof(dst_name));
} else {
inet_ntop(AF_INET6, src_v6, src_name, sizeof(src_name));
inet_ntop(AF_INET6, dst_v6, dst_name, sizeof(dst_name));
/* For consistency across platforms replace :0: with :: */
ndpi_patchIPv6Address(src_name), ndpi_patchIPv6Address(dst_name);
}
ndpi_serialize_string_string(serializer, "src_ip", src_name);
ndpi_serialize_string_string(serializer, "dest_ip", dst_name);
if(src_port) ndpi_serialize_string_uint32(serializer, "src_port", src_port);
if(dst_port) ndpi_serialize_string_uint32(serializer, "dst_port", dst_port);
switch(l4_protocol) {
case IPPROTO_TCP:
ndpi_serialize_string_string(serializer, "proto", "TCP");
break;
case IPPROTO_UDP:
ndpi_serialize_string_string(serializer, "proto", "UDP");
break;
case IPPROTO_ICMP:
ndpi_serialize_string_string(serializer, "proto", "ICMP");
break;
default:
ndpi_serialize_string_uint32(serializer, "proto", l4_protocol);
break;
}
return(ndpi_dpi2json(ndpi_struct, flow, l7_protocol, serializer));
}
/* ********************************** */
const char* ndpi_tunnel2str(ndpi_packet_tunnel tt) {
switch(tt) {
case ndpi_no_tunnel: