vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-19 07:54:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Follow-up of c1d372860 (TCP fingerprint format) (#2850)

Browse source
This commit is contained in:
Ivan Nardi 2025-05-26 12:32:47 +02:00 committed by GitHub
parent 3e3cef6213
commit 8df79a7354
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
doc/configuration_parameters.md
View file

@ -17,6 +17,7 @@ List of the supported configuration options:
| NULL | "fpc" | enable | NULL | NULL | Enable/disable First Packet Classification |
| NULL | "metadata.tcp_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of TCP fingerprint for all TCP flows
| NULL | "metadata.tcp_fingerprint_raw" | disable | NULL | NULL | Enable/disable computation and export of raw TCP fingerprint for all TCP flows
| NULL | "metadata.tcp_fingerprint_format" | 0 | 0 | 1 | Specify the format of the TCP fingerprint. Possible values: 0 = native nDPI format, 1 = MuonOF (https://github.com/sundruid/muonfp) |
| NULL | "dpi.guess_on_giveup" | 0x03 | 0x00 | 0x03 | Tell the library to guess flow classification, if any DPI algorithms/logics fail. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable guessing by port; 0x02 = enable guessing by ip |
| NULL | "dpi.guess_ip_before_port" | disable | NULL | NULL | Enable/disable guessing by IP first when guessing flow classifcation. Disabled = guess by port first. |
| NULL | "flow_risk.$FLOWRISK_NAME_OR_ID" | enable | NULL | NULL | Enable/disable the specific flow risk. Use "any" as flow risk name if you want to easily enable/disable all flow risks. The names of the flow risks are available at `src/include/ndpi_typedefs.h`: look for `ndpi_risk_shortnames` |

10
fuzz/fuzz_config.cpp
View file

@ -472,6 +472,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
snprintf(cfg_value, sizeof(cfg_value), "%d", value);
ndpi_set_config(ndpi_info_mod, NULL, "metadata.tcp_fingerprint", cfg_value);
}
if(fuzzed_data.ConsumeBool()) {
value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);
snprintf(cfg_value, sizeof(cfg_value), "%d", value);
ndpi_set_config(ndpi_info_mod, NULL, "metadata.tcp_fingerprint_raw", cfg_value);
}
if(fuzzed_data.ConsumeBool()) {
value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);
snprintf(cfg_value, sizeof(cfg_value), "%d", value);
ndpi_set_config(ndpi_info_mod, NULL, "metadata.tcp_fingerprint_format", cfg_value);
}
if(fuzzed_data.ConsumeBool()) {
pid = fuzzed_data.ConsumeIntegralInRange<u_int16_t>(0, NDPI_MAX_RISK + 1); /* + 1 to trigger invalid pid */
value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);