Skip to content

Commit f5c3757

Browse files
IvanNardiIvanNardi
committed
Merge branch 'dev' into config2
2 parents db8778a + 99d4838 commit f5c3757

File tree

164 files changed

+1595
-1227
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

164 files changed

+1595
-1227
lines changed

example/ndpiReader.c

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1867,6 +1867,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
18671867
if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client,
18681868
print_cipher(flow->ssh_tls.client_unsafe_cipher));
18691869

1870+
if(flow->ssh_tls.ja4_client[0] != '\0') fprintf(out, "[JA4: %s%s]", flow->ssh_tls.ja4_client,
1871+
print_cipher(flow->ssh_tls.client_unsafe_cipher));
1872+
18701873
if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info);
18711874

18721875
if(flow->ssh_tls.server_names) fprintf(out, "[ServerNames: %s]", flow->ssh_tls.server_names);
@@ -2919,7 +2922,7 @@ static void printFlowsStats() {
29192922
ndpi_ja3_info *info_of_element = NULL;
29202923
ndpi_host_ja3_fingerprints *tmp = NULL;
29212924
ndpi_ja3_info *tmp2 = NULL;
2922-
unsigned int num_ja3_client;
2925+
unsigned int num_ja3_ja4_client;
29232926
unsigned int num_ja3_server;
29242927

29252928
fprintf(out, "\n");
@@ -3085,14 +3088,14 @@ static void printFlowsStats() {
30853088

30863089
for(ja3ByHost_element = ja3ByHostsHashT; ja3ByHost_element != NULL;
30873090
ja3ByHost_element = ja3ByHost_element->hh.next) {
3088-
num_ja3_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht);
3091+
num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht);
30893092
num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht);
30903093

3091-
if(num_ja3_client > 0) {
3094+
if(num_ja3_ja4_client > 0) {
30923095
fprintf(out, "\t%d\t %-24s \t %-7u\n",
30933096
i,
30943097
ja3ByHost_element->ip_string,
3095-
num_ja3_client
3098+
num_ja3_ja4_client
30963099
);
30973100
i++;
30983101
}
@@ -3117,10 +3120,10 @@ static void printFlowsStats() {
31173120
//ja3ByHost_element: element of ja3ByHostsHashT
31183121
//info_of_element: element of the inner hash table of ja3ByHost_element
31193122
HASH_ITER(hh, ja3ByHostsHashT, ja3ByHost_element, tmp) {
3120-
num_ja3_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht);
3123+
num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht);
31213124
num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht);
31223125
againstRepeat = 0;
3123-
if(num_ja3_client > 0) {
3126+
if(num_ja3_ja4_client > 0) {
31243127
HASH_ITER(hh, ja3ByHost_element->host_client_info_hasht, info_of_element, tmp2) {
31253128
fprintf(out, "\t%-7d %-24s %s %s\n",
31263129
i,

example/reader_util.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1322,6 +1322,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
13221322
flow->ssh_tls.notAfter = flow->ndpi_flow->protos.tls_quic.notAfter;
13231323
ndpi_snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s",
13241324
flow->ndpi_flow->protos.tls_quic.ja3_client);
1325+
ndpi_snprintf(flow->ssh_tls.ja4_client, sizeof(flow->ssh_tls.ja4_client), "%s",
1326+
flow->ndpi_flow->protos.tls_quic.ja4_client);
13251327
ndpi_snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s",
13261328
flow->ndpi_flow->protos.tls_quic.ja3_server);
13271329
flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.tls_quic.server_unsafe_cipher;

example/reader_util.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -273,7 +273,7 @@ typedef struct ndpi_flow_info {
273273
client_hassh[33], server_hassh[33], *server_names,
274274
*advertised_alpns, *negotiated_alpn, *tls_supported_versions,
275275
*tls_issuerDN, *tls_subjectDN,
276-
ja3_client[33], ja3_server[33],
276+
ja3_client[33], ja3_server[33], ja4_client[37],
277277
sha1_cert_fingerprint[20];
278278
u_int8_t sha1_cert_fingerprint_set;
279279
struct tls_heuristics browser_heuristics;

src/include/ndpi_api.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1654,6 +1654,8 @@ extern "C" {
16541654
/* ******************************* */
16551655

16561656
void ndpi_md5(const u_char *data, size_t data_len, u_char hash[16]);
1657+
void ndpi_sha256(const u_char *data, size_t data_len, u_int8_t sha_hash[32]);
1658+
16571659
u_int16_t ndpi_crc16_ccit(const void* data, size_t n_bytes);
16581660
u_int16_t ndpi_crc16_ccit_false(const void *data, size_t n_bytes);
16591661
u_int16_t ndpi_crc16_xmodem(const void *data, size_t n_bytes);

src/include/ndpi_typedefs.h

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1386,7 +1386,7 @@ struct ndpi_flow_struct {
13861386
struct {
13871387
char *server_names, *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *issuerDN, *subjectDN;
13881388
u_int32_t notBefore, notAfter;
1389-
char ja3_client[33], ja3_server[33];
1389+
char ja3_client[33], ja3_server[33], ja4_client[37];
13901390
u_int16_t server_cipher;
13911391
u_int8_t sha1_certificate_fingerprint[20];
13921392
u_int8_t hello_processed:1, ch_direction:1, subprotocol_detected:1, fingerprint_set:1, _pad:4;
@@ -1570,11 +1570,11 @@ struct ndpi_flow_struct {
15701570

15711571
#if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__)
15721572
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
1573-
_Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 216,
1574-
"Size of the struct member protocols increased to more than 216 bytes, "
1573+
_Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 256,
1574+
"Size of the struct member protocols increased to more than 256 bytes, "
15751575
"please check if this change is necessary.");
1576-
_Static_assert(sizeof(struct ndpi_flow_struct) <= 968,
1577-
"Size of the flow struct increased to more than 968 bytes, "
1576+
_Static_assert(sizeof(struct ndpi_flow_struct) <= 1008,
1577+
"Size of the flow struct increased to more than 1008 bytes, "
15781578
"please check if this change is necessary.");
15791579
#endif
15801580
#endif

src/lib/ndpi_main.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,7 @@
125125
/* Third party libraries */
126126
#include "third_party/include/ndpi_patricia.h"
127127
#include "third_party/include/ndpi_md5.h"
128+
#include "third_party/include/ndpi_sha256.h"
128129

129130
#ifdef HAVE_NBPF
130131
#include "nbpf.h"
@@ -9926,6 +9927,16 @@ void ndpi_md5(const u_char *data, size_t data_len, u_char hash[16]) {
99269927

99279928
/* ******************************************************************** */
99289929

9930+
void ndpi_sha256(const u_char *data, size_t data_len, u_int8_t sha_hash[32]) {
9931+
ndpi_SHA256_CTX sha_ctx;
9932+
9933+
ndpi_sha256_init(&sha_ctx);
9934+
ndpi_sha256_update(&sha_ctx, data, data_len);
9935+
ndpi_sha256_final(&sha_ctx, sha_hash);
9936+
}
9937+
9938+
/* ******************************************************************** */
9939+
99299940
static int enough(int a, int b) {
99309941
u_int8_t percentage = 20;
99319942

0 commit comments

Comments
 (0)