bool init(struct lfc *lfc, void **pdata)
{
mmatic *mm;
struct ndpi *ndpi;
NDPI_PROTOCOL_BITMASK all;
mm = mmatic_create();
ndpi = mmatic_zalloc(mm, sizeof *ndpi);
ndpi->mm = mm;
ndpi->ids = thash_create_intkey(NULL, mm); // TODO: null ffn?
ndpi->ndpi = ndpi_init_detection_module(1000, ma, db); // TODO: 1000?
if (!ndpi->ndpi) {
dbg(0, "ndpi_init_detection_module() failed\n");
return false;
}
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi->ndpi, &all);
*pdata = ndpi;
printf("%%%% ndpi 0.1 - nDPI\n");
printf("@attribute ndpi_proto string\n");
return true;
}
static void setupDetection(void)
{
NDPI_PROTOCOL_BITMASK all;
// init global detection structure
ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper, free_wrapper, debug_printf);
if(ndpi_struct == NULL) {
printf("ERROR: global structure initialization failed\n");
exit(-1);
}
// enable all protocols
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all);
// allocate memory for id and flow tracking
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
// clear memory for results
memset(protocol_counter, 0, sizeof(protocol_counter));
memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes));
memset(protocol_flows, 0, sizeof(protocol_flows));
if(_protoFilePath != NULL)
ndpi_load_protocols_file(ndpi_struct, _protoFilePath);
raw_packet_count = ip_packet_count = total_bytes = 0;
ndpi_flow_count = 0;
}
/**
* @brief init ndpi detection context
* @param pp_ctx packet processor context to attach the dpi to
* @retval 0 on success
* @retval 1 on error
*/
int pp_ndpi_init(struct pp_context *pp_ctx) {
ndpi_protocol_bitmask_struct_t bm_all;
int i = 0;
pp_ctx->ndpi_ctx = ndpi_init_detection_module(PP_NDPI_TICKS_RESOLUTION,
&__pp_malloc,
&__pp_free,
NULL);
NDPI_BITMASK_SET_ALL(bm_all);
ndpi_set_protocol_detection_bitmask2(pp_ctx->ndpi_ctx, &bm_all);
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
if ((pp_ctx->ndpi_protocol_stats = calloc(pp_ctx->ndpi_ctx->ndpi_num_supported_protocols, sizeof(struct __pp_ndpi_protocol_stats)))) {
for (i = 0; i < pp_ctx->ndpi_ctx->ndpi_num_supported_protocols; i++) {
pp_ctx->ndpi_protocol_stats[i].proto_name = pp_ctx->ndpi_ctx->proto_defaults[i].protoName;
}
} else {
pp_ndpi_destroy(pp_ctx);
return 1;
}
return 0;
}
struct pm_ndpi_workflow *pm_ndpi_workflow_init()
{
struct ndpi_detection_module_struct *module = ndpi_init_detection_module();
struct pm_ndpi_workflow *workflow = ndpi_calloc(1, sizeof(struct pm_ndpi_workflow));
log_notification_init(&log_notifications.ndpi_cache_full);
log_notification_init(&log_notifications.ndpi_tmp_frag_warn);
workflow->prefs.decode_tunnels = FALSE;
if (config.ndpi_num_roots) workflow->prefs.num_roots = config.ndpi_num_roots;
else workflow->prefs.num_roots = NDPI_NUM_ROOTS;
if (config.ndpi_max_flows) workflow->prefs.max_ndpi_flows = config.ndpi_max_flows;
else workflow->prefs.max_ndpi_flows = NDPI_MAXFLOWS;
if (config.ndpi_proto_guess) workflow->prefs.protocol_guess = config.ndpi_proto_guess;
else workflow->prefs.protocol_guess = FALSE;
if (config.ndpi_idle_scan_period) workflow->prefs.idle_scan_period = config.ndpi_idle_scan_period;
else workflow->prefs.idle_scan_period = NDPI_IDLE_SCAN_PERIOD;
if (config.ndpi_idle_max_time) workflow->prefs.idle_max_time = config.ndpi_idle_max_time;
else workflow->prefs.idle_max_time = NDPI_IDLE_MAX_TIME;
if (config.ndpi_idle_scan_budget) workflow->prefs.idle_scan_budget = config.ndpi_idle_scan_budget;
else workflow->prefs.idle_scan_budget = NDPI_IDLE_SCAN_BUDGET;
if (config.ndpi_giveup_proto_tcp) workflow->prefs.giveup_proto_tcp = config.ndpi_giveup_proto_tcp;
else workflow->prefs.giveup_proto_tcp = NDPI_GIVEUP_PROTO_TCP;
if (config.ndpi_giveup_proto_udp) workflow->prefs.giveup_proto_udp = config.ndpi_giveup_proto_udp;
else workflow->prefs.giveup_proto_udp = NDPI_GIVEUP_PROTO_UDP;
if (config.ndpi_giveup_proto_other) workflow->prefs.giveup_proto_other = config.ndpi_giveup_proto_other;
else workflow->prefs.giveup_proto_other = NDPI_GIVEUP_PROTO_OTHER;
workflow->ndpi_struct = module;
if (workflow->ndpi_struct == NULL) {
Log(LOG_ERR, "ERROR ( %s/core ): nDPI global structure initialization failed.\n", config.name);
exit(1);
}
workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *));
return workflow;
}
void setupDetection()
{
//printf("in setup\n");
NDPI_PROTOCOL_BITMASK all;
ndpi_struct = ndpi_init_detection_module(detection_tick_resolution,
malloc_wrapper,free_wrapper,NULL);
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi_struct,&all);
// ndpi_load_protocols_file(ndpi_struct,);
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
raw_packet_count = ip_packet_count = total_bytes = 0;
//printf("out setup\n");
memset(protocol_counter, 0, sizeof(protocol_counter));
memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes));
memset(protocol_flows, 0, sizeof(protocol_flows));
}
int DissectInit(void)
{
char tmp_dir[256];
int i;
NDPI_PROTOCOL_BITMASK all;
/* part of file name */
incr = 0;
pthrs_ins = 0;
pthread_mutex_init(&pthrs_mux, NULL);
prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *));
prl_thrs_en = xmalloc(pthrs_dim*sizeof(char));
if (prl_thrs != NULL) {
memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *));
for (i=0; i!=pthrs_dim; i++) {
prl_thrs_en[i] = 0;
}
}
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
}
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
}
if (tcp_id != -1) {
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
syn_id = ProtAttrId(tcp_id, "tcp.syn");
}
tcp_ca_id = ProtId("tcp-ca");
/* pei id */
pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src");
pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst");
pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns");
pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src");
pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst");
pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot");
pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat");
pei_long_id = ProtPeiComptId(tcp_ca_id, "long");
pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code");
pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent");
pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv");
pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent");
pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv");
pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent");
pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv");
pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent");
pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv");
pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata");
pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img");
/* tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
/* ndpi */
ndpi = ndpi_init_detection_module();
if (ndpi == NULL) {
LogPrintf(LV_ERROR, "nDPi initializzation failed");
return -1;
}
/* enable all protocols */
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi, &all);
ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();
return 0;
}
NetworkInterface::NetworkInterface(const char *name) {
char pcap_error_buffer[PCAP_ERRBUF_SIZE];
NDPI_PROTOCOL_BITMASK all;
u_int32_t num_hashes;
char _ifname[64];
#ifdef WIN32
if(name == NULL) name = "1"; /* First available interface */
#endif
purge_idle_flows_hosts = true;
if(name == NULL) {
if(!help_printed)
ntop->getTrace()->traceEvent(TRACE_WARNING, "No capture interface specified");
printAvailableInterfaces(false, 0, NULL, 0);
name = pcap_lookupdev(pcap_error_buffer);
if(name == NULL) {
ntop->getTrace()->traceEvent(TRACE_ERROR,
"Unable to locate default interface (%s)\n",
pcap_error_buffer);
exit(0);
}
} else {
if(isNumber(name)) {
/* We need to convert this numeric index into an interface name */
int id = atoi(name);
_ifname[0] = '\0';
printAvailableInterfaces(false, id, _ifname, sizeof(_ifname));
if(_ifname[0] == '\0') {
ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate interface Id %d", id);
printAvailableInterfaces(false, 0, NULL, 0);
exit(0);
}
name = _ifname;
}
}
ifname = strdup(name);
num_hashes = max_val(4096, ntop->getPrefs()->get_max_num_flows()/4);
flows_hash = new FlowHash(this, num_hashes, ntop->getPrefs()->get_max_num_flows());
num_hashes = max_val(4096, ntop->getPrefs()->get_max_num_hosts()/4);
hosts_hash = new HostHash(this, num_hashes, ntop->getPrefs()->get_max_num_hosts());
strings_hash = new StringHash(this, num_hashes, ntop->getPrefs()->get_max_num_hosts());
// init global detection structure
ndpi_struct = ndpi_init_detection_module(ntop->getGlobals()->get_detection_tick_resolution(),
malloc_wrapper, free_wrapper, debug_printf);
if(ndpi_struct == NULL) {
ntop->getTrace()->traceEvent(TRACE_ERROR, "Global structure initialization failed");
exit(-1);
}
if(ntop->getCustomnDPIProtos() != NULL)
ndpi_load_protocols_file(ndpi_struct, ntop->getCustomnDPIProtos());
ndpi_port_range d_port[MAX_DEFAULT_PORTS];
memset(d_port, 0, sizeof(d_port));
ndpi_set_proto_defaults(ndpi_struct, NTOPNG_NDPI_OS_PROTO_ID,
(char*)"Operating System", d_port, d_port);
// enable all protocols
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all);
last_pkt_rcvd = 0;
next_idle_flow_purge = next_idle_host_purge = next_idle_aggregated_host_purge = 0;
cpu_affinity = -1;
running = false;
#ifdef HAVE_SQLITE
db = new DB(this);
#endif
}
int DissectInit(void)
{
char tmp_dir[256];
unsigned short i;
NDPI_PROTOCOL_BITMASK all;
/* part of file name */
incr = 0;
incr_dig = 0;
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
}
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
}
if (tcp_id != -1) {
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
}
tcp_grb_id = ProtId("tcp-grb");
/* pei id */
pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot");
pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt");
pei_size_id = ProtPeiComptId(tcp_grb_id, "size");
pei_file_id = ProtPeiComptId(tcp_grb_id, "file");
pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype");
/* tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
/* init dig */
if (enable_dig) {
for (i=0; i!=dig_type_dim; i++) {
if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) {
dig_tbl[i].start = strdup(dig_tbl[i].starttxt);
if (dig_tbl[i].start == NULL) {
LogPrintf(LV_FATAL, "No memory!");
return -1;
}
dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start);
}
if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) {
dig_tbl[i].end = strdup(dig_tbl[i].endtxt);
if (dig_tbl[i].end == NULL) {
LogPrintf(LV_FATAL, "No memory!");
return -1;
}
dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end);
}
//printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen);
}
}
/* ndpi */
pthread_mutex_init(&ndpi_mux, NULL);
ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf);
if (ndpi == NULL) {
LogPrintf(LV_ERROR, "nDPi initializzation failed");
return -1;
}
/* enable all protocols */
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi, &all);
ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();
return 0;
}