Skip to content

Commit

Permalink
Cleaned up mining datastructure
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucaderi
lucaderi committed Sep 27, 2023
1 parent ef3adb9 commit 77e5daf
Show file tree
Hide file tree
Showing 8 changed files with 92 additions and 86 deletions.
2 changes: 1 addition & 1 deletion example/ndpiReader.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1787,7 +1787,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
if(flow->ssh_tls.tls_supported_versions)
fprintf(out, "[TLS Supported Versions: %s]", flow->ssh_tls.tls_supported_versions);

if(flow->flow_extra_info[0] != '\0') fprintf(out, "[%s]", flow->flow_extra_info);
if(flow->mining.currency[0] != '\0') fprintf(out, "[currency: %s]", flow->mining.currency);

if(flow->dns.geolocation_iata_code[0] != '\0') fprintf(out, "[GeoLocation: %s]", flow->dns.geolocation_iata_code);

Expand Down
8 changes: 5 additions & 3 deletions example/reader_util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1147,9 +1147,11 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
ndpi_snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s",
flow->ndpi_flow->host_server_name);

ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s",
flow->ndpi_flow->flow_extra_info);

if(is_ndpi_proto(flow, NDPI_PROTOCOL_MINING)) {
ndpi_snprintf(flow->mining.currency, sizeof(flow->mining.currency), "%s",
flow->ndpi_flow->protos.mining.currency);
}

flow->risk = flow->ndpi_flow->risk;

if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP)) {
Expand Down
5 changes: 4 additions & 1 deletion example/reader_util.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,12 +257,15 @@ typedef struct ndpi_flow_info {

ndpi_serializer ndpi_flow_serializer;

char flow_extra_info[16];
char host_server_name[80]; /* Hostname/SNI */
char *bittorent_hash;
char *dhcp_fingerprint;
char *dhcp_class_ident;
ndpi_risk risk;

struct {
char currency[16];
} mining;

struct {
u_int16_t ssl_version;
Expand Down
7 changes: 4 additions & 3 deletions src/include/ndpi_typedefs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1480,9 +1480,6 @@ struct ndpi_flow_struct {
/* Some protocols calculate the entropy. */
float entropy;

/* Place textual flow info here */
char flow_extra_info[16];

/* General purpose field used to save mainly hostname/SNI information.
* In details it used for: MGCP, COLLECTD, DNS, SSDP and NETBIOS name, HTTP, MUNIN and DHCP hostname,
* WHOIS request, TLS/QUIC server name, XIAOMI domain and STUN realm.
Expand Down Expand Up @@ -1562,6 +1559,10 @@ struct ndpi_flow_struct {
char fqdn[48];
} softether;

struct {
char currency[16];
} mining;

struct {
char *server_names, *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *issuerDN, *subjectDN;
u_int32_t notBefore, notAfter;
Expand Down
8 changes: 4 additions & 4 deletions src/lib/protocols/mining.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ static void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_str
else if(packet->iphv6 && ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000)
;
else {
ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_snprintf(flow->protos.mining.currency, sizeof(flow->protos.mining.currency), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
cacheMiningHostTwins(ndpi_struct, flow);
return;
Expand Down Expand Up @@ -102,7 +102,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
&& (packet->payload_packet_len < 600)
&& (packet->payload[2] == 0x04)) {
if(isEthPort(ntohs(packet->tcp->dest)) /* Ethereum port */) {
ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_snprintf(flow->protos.mining.currency, sizeof(flow->protos.mining.currency), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
cacheMiningHostTwins(ndpi_struct, flow);
return;
Expand All @@ -120,7 +120,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
{ "id": 2, "jsonrpc":"2.0","result":true}
{"worker": "", "jsonrpc": "2.0", "params": [], "id": 3, "method": "eth_getWork"}
*/
ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_snprintf(flow->protos.mining.currency, sizeof(flow->protos.mining.currency), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
cacheMiningHostTwins(ndpi_struct, flow);
return;
Expand All @@ -143,7 +143,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
{"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"479059546883218","job":{"blob":"0606e89883d205a65d8ee78991838a1cf3ec2ebbc5fb1fa43dec5fa1cd2bee4069212a549cd731000000005a88235653097aa3e97ef2ceef4aee610751a828f9be1a0758a78365fb0a4c8c05","job_id":"722134174127131","target":"dc460300"},"status":"OK"}}
{"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1}
*/
ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero");
ndpi_snprintf(flow->protos.mining.currency, sizeof(flow->protos.mining.currency), "%s", "ZCash/Monero");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
cacheMiningHostTwins(ndpi_struct, flow);
return;
Expand Down
Loading

0 comments on commit 77e5daf

Please sign in to comment.