HTTP: improve extraction of metadata of flow risks

ntop · May 1, 2023 · 6c8f68f · 6c8f68f
1 parent bb370f5
commit 6c8f68f
Show file tree

Hide file tree

Showing 25 changed files with 410 additions and 367 deletions.
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
@@ -1640,13 +1640,16 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
 
       fprintf(out, "[URL: %s][StatusCode: %u]",
 	      flow->http.url, flow->http.response_status_code);
+    }
 
-      if(flow->http.request_content_type[0] != '\0')
-	fprintf(out, "[Req Content-Type: %s]", flow->http.request_content_type);
+    if(flow->http.request_content_type[0] != '\0')
+      fprintf(out, "[Req Content-Type: %s]", flow->http.request_content_type);
 
-      if(flow->http.content_type[0] != '\0')
-	fprintf(out, "[Content-Type: %s]", flow->http.content_type);
-    }
+    if(flow->http.content_type[0] != '\0')
+      fprintf(out, "[Content-Type: %s]", flow->http.content_type);
+
+    if(flow->http.nat_ip[0] != '\0')
+      fprintf(out, "[Nat-IP: %s]", flow->http.nat_ip);
 
     if(flow->http.server[0] != '\0')
       fprintf(out, "[Server: %s]", flow->http.server);
@@ -4013,6 +4016,7 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi
 /**
  * @brief Check pcap packet
  */
+int pkt = 0;
 static void ndpi_process_packet(u_char *args,
 				const struct pcap_pkthdr *header,
 				const u_char *packet) {
@@ -4026,6 +4030,7 @@ static void ndpi_process_packet(u_char *args,
   if(packet_checked == NULL) {
     return ;
   }
+  pkt++;
 
   memcpy(packet_checked, packet, header->caplen);
   p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked, &flow_risk);

diff --git a/example/reader_util.c b/example/reader_util.c
@@ -1247,6 +1247,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
       ndpi_snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : "");
       ndpi_snprintf(flow->http.server, sizeof(flow->http.server), "%s", flow->ndpi_flow->http.server ? flow->ndpi_flow->http.server : "");
       ndpi_snprintf(flow->http.request_content_type, sizeof(flow->http.request_content_type), "%s", flow->ndpi_flow->http.request_content_type ? flow->ndpi_flow->http.request_content_type : "");
+      ndpi_snprintf(flow->http.nat_ip, sizeof(flow->http.nat_ip), "%s", flow->ndpi_flow->http.nat_ip ? flow->ndpi_flow->http.nat_ip : "");
     }
   }
   /* RTP */

diff --git a/example/reader_util.h b/example/reader_util.h
@@ -281,7 +281,7 @@ typedef struct ndpi_flow_info {
   } rtp;
 
   struct {
-    char url[256], request_content_type[64], content_type[64], user_agent[256], server[128];
+    char url[256], request_content_type[64], content_type[64], user_agent[256], server[128], nat_ip[32];
     u_int response_status_code;
   } http;
 

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -742,7 +742,6 @@ struct ndpi_flow_tcp_struct {
 
   /* NDPI_PROTOCOL_HTTP */
   u_int32_t http_stage:2;
-  u_int32_t http_empty_line_seen:1;
 
   /* NDPI_PROTOCOL_GNUTELLA */
   u_int32_t gnutella_stage:2;		       // 0 - 2