/**
* @brief init ndpi detection context
* @param pp_ctx packet processor context to attach the dpi to
* @retval 0 on success
* @retval 1 on error
*/
int pp_ndpi_init(struct pp_context *pp_ctx) {
ndpi_protocol_bitmask_struct_t bm_all;
int i = 0;
pp_ctx->ndpi_ctx = ndpi_init_detection_module(PP_NDPI_TICKS_RESOLUTION,
&__pp_malloc,
&__pp_free,
NULL);
NDPI_BITMASK_SET_ALL(bm_all);
ndpi_set_protocol_detection_bitmask2(pp_ctx->ndpi_ctx, &bm_all);
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
if ((pp_ctx->ndpi_protocol_stats = calloc(pp_ctx->ndpi_ctx->ndpi_num_supported_protocols, sizeof(struct __pp_ndpi_protocol_stats)))) {
for (i = 0; i < pp_ctx->ndpi_ctx->ndpi_num_supported_protocols; i++) {
pp_ctx->ndpi_protocol_stats[i].proto_name = pp_ctx->ndpi_ctx->proto_defaults[i].protoName;
}
} else {
pp_ndpi_destroy(pp_ctx);
return 1;
}
return 0;
}
static void setupDetection(void)
{
NDPI_PROTOCOL_BITMASK all;
// init global detection structure
ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper, free_wrapper, debug_printf);
if(ndpi_struct == NULL) {
printf("ERROR: global structure initialization failed\n");
exit(-1);
}
// enable all protocols
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all);
// allocate memory for id and flow tracking
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
// clear memory for results
memset(protocol_counter, 0, sizeof(protocol_counter));
memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes));
memset(protocol_flows, 0, sizeof(protocol_flows));
if(_protoFilePath != NULL)
ndpi_load_protocols_file(ndpi_struct, _protoFilePath);
raw_packet_count = ip_packet_count = total_bytes = 0;
ndpi_flow_count = 0;
}
// We will start speed printer
void firehose_start() {
my_ndpi_struct = init_ndpi();
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
pthread_t thread;
pthread_create(&thread, NULL, speed_printer, NULL);
pthread_detach(thread);
}
int main(int argc, char** argv) {
my_ndpi_struct = init_ndpi();
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
if (argc != 2) {
printf("Please specify path to dump file\n");
exit(-1);
}
const char* path = argv[1];
//pcap_reader(path, pcap_parse_packet);
}
void setupDetection()
{
//printf("in setup\n");
NDPI_PROTOCOL_BITMASK all;
ndpi_struct = ndpi_init_detection_module(detection_tick_resolution,
malloc_wrapper,free_wrapper,NULL);
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi_struct,&all);
// ndpi_load_protocols_file(ndpi_struct,);
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
raw_packet_count = ip_packet_count = total_bytes = 0;
//printf("out setup\n");
memset(protocol_counter, 0, sizeof(protocol_counter));
memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes));
memset(protocol_flows, 0, sizeof(protocol_flows));
}
void pkt(struct lfc *lfc, void *pdata,
struct lfc_flow *lf, void *data,
double ts, bool up, bool is_new, libtrace_packet_t *pkt)
{
struct ndpi *nd = pdata;
struct flow *f = data;
struct ndpi_id_struct *srcid, *dstid;
uint8_t *iph;
uint16_t et;
uint32_t rem;
uint64_t time;
if (!f->ndpi_flow)
f->ndpi_flow = mmatic_zalloc(nd->mm, ndpi_detection_get_sizeof_ndpi_flow_struct());
iph = trace_get_layer3(pkt, &et, &rem);
time = ts * 1000;
srcid = getid(nd, &lf->src);
dstid = getid(nd, &lf->dst);
f->proto = ndpi_detection_process_packet(
nd->ndpi, f->ndpi_flow, iph, rem, time, srcid, dstid);
}
// We will start speed printer
void firehose_start() {
my_ndpi_struct = init_ndpi();
// Connect to the Redis
redis_context = redis_init_connection();
if (!redis_context) {
printf("Can't connect to the Redis\n");
}
// Tune timer
set_tsc_freq_fallback();
// Set call time
last_timestamp = (double)rte_rdtsc() / system_tsc_resolution_hz;
size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
pthread_t thread;
pthread_create(&thread, NULL, speed_printer, NULL);
pthread_detach(thread);
}
int DissectInit(void)
{
char tmp_dir[256];
int i;
NDPI_PROTOCOL_BITMASK all;
/* part of file name */
incr = 0;
pthrs_ins = 0;
pthread_mutex_init(&pthrs_mux, NULL);
prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *));
prl_thrs_en = xmalloc(pthrs_dim*sizeof(char));
if (prl_thrs != NULL) {
memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *));
for (i=0; i!=pthrs_dim; i++) {
prl_thrs_en[i] = 0;
}
}
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
}
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
}
if (tcp_id != -1) {
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
syn_id = ProtAttrId(tcp_id, "tcp.syn");
}
tcp_ca_id = ProtId("tcp-ca");
/* pei id */
pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src");
pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst");
pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns");
pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src");
pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst");
pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot");
pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat");
pei_long_id = ProtPeiComptId(tcp_ca_id, "long");
pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code");
pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent");
pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv");
pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent");
pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv");
pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent");
pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv");
pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent");
pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv");
pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata");
pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img");
/* tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
/* ndpi */
ndpi = ndpi_init_detection_module();
if (ndpi == NULL) {
LogPrintf(LV_ERROR, "nDPi initializzation failed");
return -1;
}
/* enable all protocols */
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi, &all);
ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();
return 0;
}
int DissectInit(void)
{
char tmp_dir[256];
unsigned short i;
NDPI_PROTOCOL_BITMASK all;
/* part of file name */
incr = 0;
incr_dig = 0;
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
}
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
}
if (tcp_id != -1) {
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
}
tcp_grb_id = ProtId("tcp-grb");
/* pei id */
pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot");
pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt");
pei_size_id = ProtPeiComptId(tcp_grb_id, "size");
pei_file_id = ProtPeiComptId(tcp_grb_id, "file");
pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype");
/* tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
/* init dig */
if (enable_dig) {
for (i=0; i!=dig_type_dim; i++) {
if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) {
dig_tbl[i].start = strdup(dig_tbl[i].starttxt);
if (dig_tbl[i].start == NULL) {
LogPrintf(LV_FATAL, "No memory!");
return -1;
}
dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start);
}
if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) {
dig_tbl[i].end = strdup(dig_tbl[i].endtxt);
if (dig_tbl[i].end == NULL) {
LogPrintf(LV_FATAL, "No memory!");
return -1;
}
dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end);
}
//printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen);
}
}
/* ndpi */
pthread_mutex_init(&ndpi_mux, NULL);
ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf);
if (ndpi == NULL) {
LogPrintf(LV_ERROR, "nDPi initializzation failed");
return -1;
}
/* enable all protocols */
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi, &all);
ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();
return 0;
}
