diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cf84390dd..3fc1fa416 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2055,6 +2055,17 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa } } break; + + case INFO_FASTCGI: + if (flow->fast_cgi.url[0] != '\0') + { + fprintf(out, "[Url: %s]", flow->fast_cgi.url); + } + if (flow->fast_cgi.user_agent[0] != '\0') + { + fprintf(out, "[User-agent: %s]", flow->fast_cgi.user_agent); + } + break; } if(flow->ssh_tls.advertised_alpns) diff --git a/example/reader_util.c b/example/reader_util.c index a8efe5a71..be826e6d6 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1594,6 +1594,13 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } } + /* FASTCGI */ + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_FASTCGI)) { + flow->info_type = INFO_FASTCGI; + flow->fast_cgi.method = flow->ndpi_flow->protos.fast_cgi.method; + ndpi_snprintf(flow->fast_cgi.user_agent, sizeof(flow->fast_cgi.user_agent), "%s", flow->ndpi_flow->protos.fast_cgi.user_agent); + ndpi_snprintf(flow->fast_cgi.url, sizeof(flow->fast_cgi.url), "%s", flow->ndpi_flow->protos.fast_cgi.url); + } if(flow->ndpi_flow->tls_quic.obfuscated_heur_state && flow->ndpi_flow->tls_quic.obfuscated_heur_matching_set) memcpy(&flow->ssh_tls.obfuscated_heur_matching_set, flow->ndpi_flow->tls_quic.obfuscated_heur_matching_set, diff --git a/example/reader_util.h b/example/reader_util.h index e404fad01..41be9b442 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -171,6 +171,7 @@ enum info_type { INFO_FTP_IMAP_POP_SMTP, INFO_NATPMP, INFO_SIP, + INFO_FASTCGI, }; typedef struct { @@ -270,6 +271,12 @@ typedef struct ndpi_flow_info { char to[256]; char to_imsi[16]; } sip; + + struct { + ndpi_http_method method; + char user_agent[32]; + char url[64]; + } fast_cgi; }; ndpi_serializer ndpi_flow_serializer; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 95c295108..0a831cf7f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1609,6 +1609,12 @@ struct ndpi_flow_struct { char *user_agent; } ssdp; + struct { + ndpi_http_method method; + char user_agent[32]; + char url[64]; + } fast_cgi; + } protos; /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */ diff --git a/src/lib/protocols/fastcgi.c b/src/lib/protocols/fastcgi.c index 699b61123..570728ae8 100644 --- a/src/lib/protocols/fastcgi.c +++ b/src/lib/protocols/fastcgi.c @@ -136,20 +136,13 @@ static int fcgi_parse_params(struct ndpi_flow_struct * const flow, return 1; } - flow->http.method = ndpi_http_str2method((const char*)packet->http_method.ptr, - (u_int16_t)packet->http_method.len); + flow->protos.fast_cgi.method = ndpi_http_str2method((const char*)packet->http_method.ptr, + (u_int16_t)packet->http_method.len); ndpi_hostname_sni_set(flow, packet->host_line.ptr, packet->host_line.len, NDPI_HOSTNAME_NORM_ALL); - ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len); - - if (flow->http.url == NULL && packet->http_url_name.len > 0) - { - flow->http.url = ndpi_malloc(packet->http_url_name.len + 1); - if (flow->http.url != NULL) - { - strncpy(flow->http.url, (char const *)packet->http_url_name.ptr, packet->http_url_name.len); - flow->http.url[packet->http_url_name.len] = '\0'; - } - } + strncpy(flow->protos.fast_cgi.user_agent, (char *)packet->user_agent_line.ptr, + ndpi_min(sizeof(flow->protos.fast_cgi.user_agent) - 1, packet->user_agent_line.len)); + strncpy(flow->protos.fast_cgi.url, (char *)packet->http_url_name.ptr, + ndpi_min(sizeof(flow->protos.fast_cgi.url) - 1, packet->http_url_name.len)); return 0; } diff --git a/tests/cfgs/default/result/fastcgi.pcap.out b/tests/cfgs/default/result/fastcgi.pcap.out index df406fac1..b9f627e3f 100644 --- a/tests/cfgs/default/result/fastcgi.pcap.out +++ b/tests/cfgs/default/result/fastcgi.pcap.out @@ -24,4 +24,4 @@ FastCGI 102 72243 1 Safe 102 72243 1 - 1 TCP 10.0.0.9:38254 <-> 10.0.0.11:9000 [proto: 310/FastCGI][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][48 pkts/4271 bytes <-> 54 pkts/67972 bytes][Goodput ratio: 26/95][3.42 sec][Hostname/SNI: api.openstreetmap.org][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/81 1257/2019 204/358][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1259 1121/1514 151/523][User-Agent: dummy_agent dummy_agent][TCP Fingerprint: 2_64_5840_8c07a80cc645/Unknown][PLAIN TEXT (SCRIPT)][Plen Bins: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,85,0,0] + 1 TCP 10.0.0.9:38254 <-> 10.0.0.11:9000 [proto: 310/FastCGI][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][48 pkts/4271 bytes <-> 54 pkts/67972 bytes][Goodput ratio: 26/95][3.42 sec][Hostname/SNI: api.openstreetmap.org][Url: /api/0.6/map][User-agent: dummy_agent dummy_agent][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/81 1257/2019 204/358][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1259 1121/1514 151/523][TCP Fingerprint: 2_64_5840_8c07a80cc645/Unknown][PLAIN TEXT (SCRIPT)][Plen Bins: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,85,0,0]