bool init(struct lfc *lfc, void **pdata) { mmatic *mm; struct ndpi *ndpi; NDPI_PROTOCOL_BITMASK all; mm = mmatic_create(); ndpi = mmatic_zalloc(mm, sizeof *ndpi); ndpi->mm = mm; ndpi->ids = thash_create_intkey(NULL, mm); // TODO: null ffn? ndpi->ndpi = ndpi_init_detection_module(1000, ma, db); // TODO: 1000? if (!ndpi->ndpi) { dbg(0, "ndpi_init_detection_module() failed\n"); return false; } NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi->ndpi, &all); *pdata = ndpi; printf("%%%% ndpi 0.1 - nDPI\n"); printf("@attribute ndpi_proto string\n"); return true; }
static void setupDetection(void) { NDPI_PROTOCOL_BITMASK all; // init global detection structure ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper, free_wrapper, debug_printf); if(ndpi_struct == NULL) { printf("ERROR: global structure initialization failed\n"); exit(-1); } // enable all protocols NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); // allocate memory for id and flow tracking size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); // clear memory for results memset(protocol_counter, 0, sizeof(protocol_counter)); memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes)); memset(protocol_flows, 0, sizeof(protocol_flows)); if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_struct, _protoFilePath); raw_packet_count = ip_packet_count = total_bytes = 0; ndpi_flow_count = 0; }
/** * @brief init ndpi detection context * @param pp_ctx packet processor context to attach the dpi to * @retval 0 on success * @retval 1 on error */ int pp_ndpi_init(struct pp_context *pp_ctx) { ndpi_protocol_bitmask_struct_t bm_all; int i = 0; pp_ctx->ndpi_ctx = ndpi_init_detection_module(PP_NDPI_TICKS_RESOLUTION, &__pp_malloc, &__pp_free, NULL); NDPI_BITMASK_SET_ALL(bm_all); ndpi_set_protocol_detection_bitmask2(pp_ctx->ndpi_ctx, &bm_all); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); if ((pp_ctx->ndpi_protocol_stats = calloc(pp_ctx->ndpi_ctx->ndpi_num_supported_protocols, sizeof(struct __pp_ndpi_protocol_stats)))) { for (i = 0; i < pp_ctx->ndpi_ctx->ndpi_num_supported_protocols; i++) { pp_ctx->ndpi_protocol_stats[i].proto_name = pp_ctx->ndpi_ctx->proto_defaults[i].protoName; } } else { pp_ndpi_destroy(pp_ctx); return 1; } return 0; }
void setupDetection() { //printf("in setup\n"); NDPI_PROTOCOL_BITMASK all; ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper,free_wrapper,NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct,&all); // ndpi_load_protocols_file(ndpi_struct,); size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); raw_packet_count = ip_packet_count = total_bytes = 0; //printf("out setup\n"); memset(protocol_counter, 0, sizeof(protocol_counter)); memset(protocol_counter_bytes, 0, sizeof(protocol_counter_bytes)); memset(protocol_flows, 0, sizeof(protocol_flows)); }
int DissectInit(void) { char tmp_dir[256]; int i; NDPI_PROTOCOL_BITMASK all; /* part of file name */ incr = 0; pthrs_ins = 0; pthread_mutex_init(&pthrs_mux, NULL); prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *)); prl_thrs_en = xmalloc(pthrs_dim*sizeof(char)); if (prl_thrs != NULL) { memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *)); for (i=0; i!=pthrs_dim; i++) { prl_thrs_en[i] = 0; } } /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); } if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); } if (tcp_id != -1) { port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); syn_id = ProtAttrId(tcp_id, "tcp.syn"); } tcp_ca_id = ProtId("tcp-ca"); /* pei id */ pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src"); pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst"); pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns"); pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src"); pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst"); pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot"); pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat"); pei_long_id = ProtPeiComptId(tcp_ca_id, "long"); pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code"); pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent"); pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv"); pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent"); pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv"); pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent"); pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv"); pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent"); pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv"); pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata"); pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img"); /* tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR); mkdir(tmp_dir, 0x01FF); /* ndpi */ ndpi = ndpi_init_detection_module(); if (ndpi == NULL) { LogPrintf(LV_ERROR, "nDPi initializzation failed"); return -1; } /* enable all protocols */ NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi, &all); ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct(); ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct(); return 0; }
NetworkInterface::NetworkInterface(const char *name) { char pcap_error_buffer[PCAP_ERRBUF_SIZE]; NDPI_PROTOCOL_BITMASK all; u_int32_t num_hashes; char _ifname[64]; #ifdef WIN32 if(name == NULL) name = "1"; /* First available interface */ #endif purge_idle_flows_hosts = true; if(name == NULL) { if(!help_printed) ntop->getTrace()->traceEvent(TRACE_WARNING, "No capture interface specified"); printAvailableInterfaces(false, 0, NULL, 0); name = pcap_lookupdev(pcap_error_buffer); if(name == NULL) { ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to locate default interface (%s)\n", pcap_error_buffer); exit(0); } } else { if(isNumber(name)) { /* We need to convert this numeric index into an interface name */ int id = atoi(name); _ifname[0] = '\0'; printAvailableInterfaces(false, id, _ifname, sizeof(_ifname)); if(_ifname[0] == '\0') { ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate interface Id %d", id); printAvailableInterfaces(false, 0, NULL, 0); exit(0); } name = _ifname; } } ifname = strdup(name); num_hashes = max_val(4096, ntop->getPrefs()->get_max_num_flows()/4); flows_hash = new FlowHash(this, num_hashes, ntop->getPrefs()->get_max_num_flows()); num_hashes = max_val(4096, ntop->getPrefs()->get_max_num_hosts()/4); hosts_hash = new HostHash(this, num_hashes, ntop->getPrefs()->get_max_num_hosts()); strings_hash = new StringHash(this, num_hashes, ntop->getPrefs()->get_max_num_hosts()); // init global detection structure ndpi_struct = ndpi_init_detection_module(ntop->getGlobals()->get_detection_tick_resolution(), malloc_wrapper, free_wrapper, debug_printf); if(ndpi_struct == NULL) { ntop->getTrace()->traceEvent(TRACE_ERROR, "Global structure initialization failed"); exit(-1); } if(ntop->getCustomnDPIProtos() != NULL) ndpi_load_protocols_file(ndpi_struct, ntop->getCustomnDPIProtos()); ndpi_port_range d_port[MAX_DEFAULT_PORTS]; memset(d_port, 0, sizeof(d_port)); ndpi_set_proto_defaults(ndpi_struct, NTOPNG_NDPI_OS_PROTO_ID, (char*)"Operating System", d_port, d_port); // enable all protocols NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); last_pkt_rcvd = 0; next_idle_flow_purge = next_idle_host_purge = next_idle_aggregated_host_purge = 0; cpu_affinity = -1; running = false; #ifdef HAVE_SQLITE db = new DB(this); #endif }
int DissectInit(void) { char tmp_dir[256]; unsigned short i; NDPI_PROTOCOL_BITMASK all; /* part of file name */ incr = 0; incr_dig = 0; /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); } if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); } if (tcp_id != -1) { port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); } tcp_grb_id = ProtId("tcp-grb"); /* pei id */ pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot"); pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt"); pei_size_id = ProtPeiComptId(tcp_grb_id, "size"); pei_file_id = ProtPeiComptId(tcp_grb_id, "file"); pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype"); /* tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR); mkdir(tmp_dir, 0x01FF); /* init dig */ if (enable_dig) { for (i=0; i!=dig_type_dim; i++) { if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) { dig_tbl[i].start = strdup(dig_tbl[i].starttxt); if (dig_tbl[i].start == NULL) { LogPrintf(LV_FATAL, "No memory!"); return -1; } dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start); } if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) { dig_tbl[i].end = strdup(dig_tbl[i].endtxt); if (dig_tbl[i].end == NULL) { LogPrintf(LV_FATAL, "No memory!"); return -1; } dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end); } //printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen); } } /* ndpi */ pthread_mutex_init(&ndpi_mux, NULL); ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf); if (ndpi == NULL) { LogPrintf(LV_ERROR, "nDPi initializzation failed"); return -1; } /* enable all protocols */ NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi, &all); ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct(); ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct(); return 0; }