Beispiel #1
0
bool init(struct lfc *lfc, void **pdata)
{
	mmatic *mm;
	struct ndpi *ndpi;
	NDPI_PROTOCOL_BITMASK all;

	mm = mmatic_create();
	ndpi = mmatic_zalloc(mm, sizeof *ndpi);
	ndpi->mm = mm;
	ndpi->ids = thash_create_intkey(NULL, mm); // TODO: null ffn?

	ndpi->ndpi = ndpi_init_detection_module(1000, ma, db); // TODO: 1000?
	if (!ndpi->ndpi) {
		dbg(0, "ndpi_init_detection_module() failed\n");
		return false;
	}

	NDPI_BITMASK_SET_ALL(all);
	ndpi_set_protocol_detection_bitmask2(ndpi->ndpi, &all);

	*pdata = ndpi;

	printf("%%%% ndpi 0.1 - nDPI\n");
	printf("@attribute ndpi_proto string\n");

	return true;
}
Beispiel #2
0
static void setupDetection(void)
{
  NDPI_PROTOCOL_BITMASK all;

  // init global detection structure
  ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper, free_wrapper, debug_printf);
  if(ndpi_struct == NULL) {
    printf("ERROR: global structure initialization failed\n");
    exit(-1);
  }
  // enable all protocols
  NDPI_BITMASK_SET_ALL(all);
  ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all);

  // allocate memory for id and flow tracking
  size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
  size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();

  // clear memory for results
  memset(protocol_counter, 0, sizeof(protocol_counter));
  memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes));
  memset(protocol_flows, 0, sizeof(protocol_flows));

  if(_protoFilePath != NULL)
    ndpi_load_protocols_file(ndpi_struct, _protoFilePath);

  raw_packet_count = ip_packet_count = total_bytes = 0;
  ndpi_flow_count = 0;
}
Beispiel #3
0
/**
 * @brief init ndpi detection context
 * @param pp_ctx packet processor context to attach the dpi to
 * @retval 0 on success
 * @retval 1 on error
 */
int pp_ndpi_init(struct pp_context *pp_ctx) {

	ndpi_protocol_bitmask_struct_t bm_all;
	int i = 0;

	pp_ctx->ndpi_ctx = ndpi_init_detection_module(PP_NDPI_TICKS_RESOLUTION,
											 &__pp_malloc,
											 &__pp_free,
											 NULL);

	NDPI_BITMASK_SET_ALL(bm_all);
	ndpi_set_protocol_detection_bitmask2(pp_ctx->ndpi_ctx, &bm_all);

	size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
	size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();

	if ((pp_ctx->ndpi_protocol_stats = calloc(pp_ctx->ndpi_ctx->ndpi_num_supported_protocols, sizeof(struct __pp_ndpi_protocol_stats)))) {
		for (i = 0; i < pp_ctx->ndpi_ctx->ndpi_num_supported_protocols; i++) {
			pp_ctx->ndpi_protocol_stats[i].proto_name = pp_ctx->ndpi_ctx->proto_defaults[i].protoName;
		}
	} else {
		pp_ndpi_destroy(pp_ctx);
		return 1;
	}

	return 0;
}
Beispiel #4
0
struct pm_ndpi_workflow *pm_ndpi_workflow_init()
{
  struct ndpi_detection_module_struct *module = ndpi_init_detection_module();
  struct pm_ndpi_workflow *workflow = ndpi_calloc(1, sizeof(struct pm_ndpi_workflow));

  log_notification_init(&log_notifications.ndpi_cache_full);
  log_notification_init(&log_notifications.ndpi_tmp_frag_warn);

  workflow->prefs.decode_tunnels = FALSE;

  if (config.ndpi_num_roots) workflow->prefs.num_roots = config.ndpi_num_roots;
  else workflow->prefs.num_roots = NDPI_NUM_ROOTS;

  if (config.ndpi_max_flows) workflow->prefs.max_ndpi_flows = config.ndpi_max_flows;
  else workflow->prefs.max_ndpi_flows = NDPI_MAXFLOWS;

  if (config.ndpi_proto_guess) workflow->prefs.protocol_guess = config.ndpi_proto_guess;
  else workflow->prefs.protocol_guess = FALSE;

  if (config.ndpi_idle_scan_period) workflow->prefs.idle_scan_period = config.ndpi_idle_scan_period; 
  else workflow->prefs.idle_scan_period = NDPI_IDLE_SCAN_PERIOD;

  if (config.ndpi_idle_max_time) workflow->prefs.idle_max_time = config.ndpi_idle_max_time;
  else workflow->prefs.idle_max_time = NDPI_IDLE_MAX_TIME;

  if (config.ndpi_idle_scan_budget) workflow->prefs.idle_scan_budget = config.ndpi_idle_scan_budget;
  else workflow->prefs.idle_scan_budget = NDPI_IDLE_SCAN_BUDGET; 

  if (config.ndpi_giveup_proto_tcp) workflow->prefs.giveup_proto_tcp = config.ndpi_giveup_proto_tcp;
  else workflow->prefs.giveup_proto_tcp = NDPI_GIVEUP_PROTO_TCP;

  if (config.ndpi_giveup_proto_udp) workflow->prefs.giveup_proto_udp = config.ndpi_giveup_proto_udp;
  else workflow->prefs.giveup_proto_udp = NDPI_GIVEUP_PROTO_UDP;

  if (config.ndpi_giveup_proto_other) workflow->prefs.giveup_proto_other = config.ndpi_giveup_proto_other;
  else workflow->prefs.giveup_proto_other = NDPI_GIVEUP_PROTO_OTHER;

  workflow->ndpi_struct = module;

  if (workflow->ndpi_struct == NULL) {
    Log(LOG_ERR, "ERROR ( %s/core ): nDPI global structure initialization failed.\n", config.name);
    exit(1);
  }

  workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *));

  return workflow;
}
Beispiel #5
0
void setupDetection()
{
//printf("in setup\n");
  NDPI_PROTOCOL_BITMASK all;
  ndpi_struct = ndpi_init_detection_module(detection_tick_resolution,
      malloc_wrapper,free_wrapper,NULL);
  NDPI_BITMASK_SET_ALL(all);
  ndpi_set_protocol_detection_bitmask2(ndpi_struct,&all);
//  ndpi_load_protocols_file(ndpi_struct,);
  size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
  size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
  raw_packet_count = ip_packet_count = total_bytes = 0;
//printf("out setup\n");
	memset(protocol_counter, 0, sizeof(protocol_counter));
	memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes));
	memset(protocol_flows, 0, sizeof(protocol_flows));
}
Beispiel #6
0
int DissectInit(void)
{
    char tmp_dir[256];
    int i;
    NDPI_PROTOCOL_BITMASK all;

    /* part of file name */
    incr = 0;
    pthrs_ins = 0;
    pthread_mutex_init(&pthrs_mux, NULL);
    
    prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *));
    prl_thrs_en = xmalloc(pthrs_dim*sizeof(char));
    if (prl_thrs != NULL) {
        memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *));
        for (i=0; i!=pthrs_dim; i++) {
            prl_thrs_en[i] = 0;
        }
    }
    
    /* info id */
    ppp_id = ProtId("ppp");
    eth_id = ProtId("eth");
    ip_id = ProtId("ip");
    ipv6_id = ProtId("ipv6");
    tcp_id = ProtId("tcp");
    if (ip_id != -1) {
        ip_dst_id = ProtAttrId(ip_id, "ip.dst");
        ip_src_id = ProtAttrId(ip_id, "ip.src");
        ip_offset_id = ProtAttrId(ip_id, "ip.offset");
    }
    if (ipv6_id != -1) {
        ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
        ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
        ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
    }
    if (tcp_id != -1) {
        port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
        port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
        lost_id = ProtAttrId(tcp_id, "tcp.lost");
        syn_id = ProtAttrId(tcp_id, "tcp.syn");
    }
    tcp_ca_id = ProtId("tcp-ca");
    
    /* pei id */
    pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src");
    pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst");
    pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns");
    pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src");
    pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst");
    pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot");
    pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat");
    pei_long_id = ProtPeiComptId(tcp_ca_id, "long");
    pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code");
    pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent");
    pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv");
    pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent");
    pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv");
    pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent");
    pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv");
    pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent");
    pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv");
    pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata");
    pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img");

    /* tmp directory */
    sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR);
    mkdir(tmp_dir, 0x01FF);

    /* ndpi */
    ndpi = ndpi_init_detection_module();
    if (ndpi == NULL) {
        LogPrintf(LV_ERROR, "nDPi initializzation failed");

        return -1;
    }
    /* enable all protocols */
    NDPI_BITMASK_SET_ALL(all);
    ndpi_set_protocol_detection_bitmask2(ndpi, &all);
    ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
    ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();

    return 0;
}
Beispiel #7
0
NetworkInterface::NetworkInterface(const char *name) {
  char pcap_error_buffer[PCAP_ERRBUF_SIZE];
  NDPI_PROTOCOL_BITMASK all;
  u_int32_t num_hashes;
  char _ifname[64];

#ifdef WIN32
  if(name == NULL) name = "1"; /* First available interface */
#endif

  purge_idle_flows_hosts = true;

  if(name == NULL) {
    if(!help_printed)
      ntop->getTrace()->traceEvent(TRACE_WARNING, "No capture interface specified");

    printAvailableInterfaces(false, 0, NULL, 0);

    name = pcap_lookupdev(pcap_error_buffer);

    if(name == NULL) {
      ntop->getTrace()->traceEvent(TRACE_ERROR,
				   "Unable to locate default interface (%s)\n",
				   pcap_error_buffer);
      exit(0);
    }
  } else {
    if(isNumber(name)) {
      /* We need to convert this numeric index into an interface name */
      int id = atoi(name);

      _ifname[0] = '\0';
      printAvailableInterfaces(false, id, _ifname, sizeof(_ifname));

      if(_ifname[0] == '\0') {
	ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate interface Id %d", id);
	printAvailableInterfaces(false, 0, NULL, 0);
	exit(0);
      }
      name = _ifname;
    }
  }

  ifname = strdup(name);

  num_hashes = max_val(4096, ntop->getPrefs()->get_max_num_flows()/4);
  flows_hash = new FlowHash(this, num_hashes, ntop->getPrefs()->get_max_num_flows());

  num_hashes = max_val(4096, ntop->getPrefs()->get_max_num_hosts()/4);
  hosts_hash = new HostHash(this, num_hashes, ntop->getPrefs()->get_max_num_hosts());
  strings_hash = new StringHash(this, num_hashes, ntop->getPrefs()->get_max_num_hosts());

  // init global detection structure
  ndpi_struct = ndpi_init_detection_module(ntop->getGlobals()->get_detection_tick_resolution(),
					   malloc_wrapper, free_wrapper, debug_printf);
  if(ndpi_struct == NULL) {
    ntop->getTrace()->traceEvent(TRACE_ERROR, "Global structure initialization failed");
    exit(-1);
  }

  if(ntop->getCustomnDPIProtos() != NULL)
    ndpi_load_protocols_file(ndpi_struct, ntop->getCustomnDPIProtos());

  ndpi_port_range d_port[MAX_DEFAULT_PORTS];
  memset(d_port, 0, sizeof(d_port));
  ndpi_set_proto_defaults(ndpi_struct, NTOPNG_NDPI_OS_PROTO_ID,
			  (char*)"Operating System", d_port, d_port);


  // enable all protocols
  NDPI_BITMASK_SET_ALL(all);
  ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all);

  last_pkt_rcvd = 0;
  next_idle_flow_purge = next_idle_host_purge = next_idle_aggregated_host_purge = 0;
  cpu_affinity = -1;
  running = false;

#ifdef HAVE_SQLITE
  db = new DB(this);
#endif
}
Beispiel #8
0
int DissectInit(void)
{
    char tmp_dir[256];
    unsigned short i;
    NDPI_PROTOCOL_BITMASK all;

    /* part of file name */
    incr = 0;
    incr_dig = 0;

    /* info id */
    ppp_id = ProtId("ppp");
    eth_id = ProtId("eth");
    ip_id = ProtId("ip");
    ipv6_id = ProtId("ipv6");
    tcp_id = ProtId("tcp");
    if (ip_id != -1) {
        ip_dst_id = ProtAttrId(ip_id, "ip.dst");
        ip_src_id = ProtAttrId(ip_id, "ip.src");
        ip_offset_id = ProtAttrId(ip_id, "ip.offset");
    }
    if (ipv6_id != -1) {
        ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
        ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
        ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
    }
    if (tcp_id != -1) {
        port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
        port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
        lost_id = ProtAttrId(tcp_id, "tcp.lost");
    }
    tcp_grb_id = ProtId("tcp-grb");
    
    /* pei id */
    pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot");
    pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt");
    pei_size_id = ProtPeiComptId(tcp_grb_id, "size");
    pei_file_id = ProtPeiComptId(tcp_grb_id, "file");
    pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype");

    /* tmp directory */
    sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR);
    mkdir(tmp_dir, 0x01FF);

    /* init dig */
    if (enable_dig) {
        for (i=0; i!=dig_type_dim; i++) {
            if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) {
                dig_tbl[i].start = strdup(dig_tbl[i].starttxt);
                if (dig_tbl[i].start == NULL) {
                    LogPrintf(LV_FATAL, "No memory!");
                    return -1;
                }
                dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start);
            }
            if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) {
                dig_tbl[i].end = strdup(dig_tbl[i].endtxt);
                if (dig_tbl[i].end == NULL) {
                    LogPrintf(LV_FATAL, "No memory!");
                    return -1;
                }
                dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end);
            }
            //printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen);
        }
    }

    /* ndpi */
    pthread_mutex_init(&ndpi_mux, NULL);
    ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf);
    if (ndpi == NULL) {
        LogPrintf(LV_ERROR, "nDPi initializzation failed");

        return -1;
    }
    /* enable all protocols */
    NDPI_BITMASK_SET_ALL(all);
    ndpi_set_protocol_detection_bitmask2(ndpi, &all);
    ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
    ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();

    return 0;
}