/** * @brief init ndpi detection context * @param pp_ctx packet processor context to attach the dpi to * @retval 0 on success * @retval 1 on error */ int pp_ndpi_init(struct pp_context *pp_ctx) { ndpi_protocol_bitmask_struct_t bm_all; int i = 0; pp_ctx->ndpi_ctx = ndpi_init_detection_module(PP_NDPI_TICKS_RESOLUTION, &__pp_malloc, &__pp_free, NULL); NDPI_BITMASK_SET_ALL(bm_all); ndpi_set_protocol_detection_bitmask2(pp_ctx->ndpi_ctx, &bm_all); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); if ((pp_ctx->ndpi_protocol_stats = calloc(pp_ctx->ndpi_ctx->ndpi_num_supported_protocols, sizeof(struct __pp_ndpi_protocol_stats)))) { for (i = 0; i < pp_ctx->ndpi_ctx->ndpi_num_supported_protocols; i++) { pp_ctx->ndpi_protocol_stats[i].proto_name = pp_ctx->ndpi_ctx->proto_defaults[i].protoName; } } else { pp_ndpi_destroy(pp_ctx); return 1; } return 0; }
static void setupDetection(void) { NDPI_PROTOCOL_BITMASK all; // init global detection structure ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper, free_wrapper, debug_printf); if(ndpi_struct == NULL) { printf("ERROR: global structure initialization failed\n"); exit(-1); } // enable all protocols NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); // allocate memory for id and flow tracking size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); // clear memory for results memset(protocol_counter, 0, sizeof(protocol_counter)); memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes)); memset(protocol_flows, 0, sizeof(protocol_flows)); if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_struct, _protoFilePath); raw_packet_count = ip_packet_count = total_bytes = 0; ndpi_flow_count = 0; }
// We will start speed printer void firehose_start() { my_ndpi_struct = init_ndpi(); size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); pthread_t thread; pthread_create(&thread, NULL, speed_printer, NULL); pthread_detach(thread); }
int main(int argc, char** argv) { my_ndpi_struct = init_ndpi(); size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); if (argc != 2) { printf("Please specify path to dump file\n"); exit(-1); } const char* path = argv[1]; //pcap_reader(path, pcap_parse_packet); }
void setupDetection() { //printf("in setup\n"); NDPI_PROTOCOL_BITMASK all; ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper,free_wrapper,NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct,&all); // ndpi_load_protocols_file(ndpi_struct,); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); raw_packet_count = ip_packet_count = total_bytes = 0; //printf("out setup\n"); memset(protocol_counter, 0, sizeof(protocol_counter)); memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes)); memset(protocol_flows, 0, sizeof(protocol_flows)); }
void pkt(struct lfc *lfc, void *pdata, struct lfc_flow *lf, void *data, double ts, bool up, bool is_new, libtrace_packet_t *pkt) { struct ndpi *nd = pdata; struct flow *f = data; struct ndpi_id_struct *srcid, *dstid; uint8_t *iph; uint16_t et; uint32_t rem; uint64_t time; if (!f->ndpi_flow) f->ndpi_flow = mmatic_zalloc(nd->mm, ndpi_detection_get_sizeof_ndpi_flow_struct()); iph = trace_get_layer3(pkt, &et, &rem); time = ts * 1000; srcid = getid(nd, &lf->src); dstid = getid(nd, &lf->dst); f->proto = ndpi_detection_process_packet( nd->ndpi, f->ndpi_flow, iph, rem, time, srcid, dstid); }
// We will start speed printer void firehose_start() { my_ndpi_struct = init_ndpi(); // Connect to the Redis redis_context = redis_init_connection(); if (!redis_context) { printf("Can't connect to the Redis\n"); } // Tune timer set_tsc_freq_fallback(); // Set call time last_timestamp = (double)rte_rdtsc() / system_tsc_resolution_hz; size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); pthread_t thread; pthread_create(&thread, NULL, speed_printer, NULL); pthread_detach(thread); }
int DissectInit(void) { char tmp_dir[256]; int i; NDPI_PROTOCOL_BITMASK all; /* part of file name */ incr = 0; pthrs_ins = 0; pthread_mutex_init(&pthrs_mux, NULL); prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *)); prl_thrs_en = xmalloc(pthrs_dim*sizeof(char)); if (prl_thrs != NULL) { memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *)); for (i=0; i!=pthrs_dim; i++) { prl_thrs_en[i] = 0; } } /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); } if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); } if (tcp_id != -1) { port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); syn_id = ProtAttrId(tcp_id, "tcp.syn"); } tcp_ca_id = ProtId("tcp-ca"); /* pei id */ pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src"); pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst"); pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns"); pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src"); pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst"); pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot"); pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat"); pei_long_id = ProtPeiComptId(tcp_ca_id, "long"); pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code"); pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent"); pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv"); pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent"); pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv"); pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent"); pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv"); pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent"); pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv"); pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata"); pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img"); /* tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR); mkdir(tmp_dir, 0x01FF); /* ndpi */ ndpi = ndpi_init_detection_module(); if (ndpi == NULL) { LogPrintf(LV_ERROR, "nDPi initializzation failed"); return -1; } /* enable all protocols */ NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi, &all); ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct(); ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct(); return 0; }
int DissectInit(void) { char tmp_dir[256]; unsigned short i; NDPI_PROTOCOL_BITMASK all; /* part of file name */ incr = 0; incr_dig = 0; /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); } if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); } if (tcp_id != -1) { port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); } tcp_grb_id = ProtId("tcp-grb"); /* pei id */ pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot"); pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt"); pei_size_id = ProtPeiComptId(tcp_grb_id, "size"); pei_file_id = ProtPeiComptId(tcp_grb_id, "file"); pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype"); /* tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR); mkdir(tmp_dir, 0x01FF); /* init dig */ if (enable_dig) { for (i=0; i!=dig_type_dim; i++) { if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) { dig_tbl[i].start = strdup(dig_tbl[i].starttxt); if (dig_tbl[i].start == NULL) { LogPrintf(LV_FATAL, "No memory!"); return -1; } dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start); } if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) { dig_tbl[i].end = strdup(dig_tbl[i].endtxt); if (dig_tbl[i].end == NULL) { LogPrintf(LV_FATAL, "No memory!"); return -1; } dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end); } //printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen); } } /* ndpi */ pthread_mutex_init(&ndpi_mux, NULL); ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf); if (ndpi == NULL) { LogPrintf(LV_ERROR, "nDPi initializzation failed"); return -1; } /* enable all protocols */ NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi, &all); ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct(); ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct(); return 0; }