ndpiReader: fix export of HTTP attributes (#1982)

ntop · May 20, 2023 · 9004d5c · 9004d5c
1 parent 1ab5318
commit 9004d5c
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 13 deletions.
diff --git a/example/reader_util.c b/example/reader_util.c
@@ -1237,19 +1237,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
                   sizeof(flow->kerberos.username),
                   "%s", flow->ndpi_flow->protos.kerberos.username);
   }
-  /* HTTP */
-  else if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP)
-	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_PROXY)
-	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_CONNECT)) {
-    if(flow->ndpi_flow->http.url != NULL) {
-      ndpi_snprintf(flow->http.url, sizeof(flow->http.url), "%s", flow->ndpi_flow->http.url);
-    }
-    flow->http.response_status_code = flow->ndpi_flow->http.response_status_code;
-    ndpi_snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : "");
-    ndpi_snprintf(flow->http.server, sizeof(flow->http.server), "%s", flow->ndpi_flow->http.server ? flow->ndpi_flow->http.server : "");
-    ndpi_snprintf(flow->http.request_content_type, sizeof(flow->http.request_content_type), "%s", flow->ndpi_flow->http.request_content_type ? flow->ndpi_flow->http.request_content_type : "");
-    ndpi_snprintf(flow->http.nat_ip, sizeof(flow->http.nat_ip), "%s", flow->ndpi_flow->http.nat_ip ? flow->ndpi_flow->http.nat_ip : "");
-  }
   /* RTP */
   else if(is_ndpi_proto(flow, NDPI_PROTOCOL_RTP)) {
     flow->info_type = INFO_RTP;
@@ -1348,6 +1335,21 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     }
   }
 
+  /* HTTP metadata are "global" not in `flow->ndpi_flow->protos` union; for example, we can have
+     HTTP/BitTorrent and in that case we want to export also HTTP attributes */
+  if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP)
+	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_PROXY)
+	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_CONNECT)) {
+    if(flow->ndpi_flow->http.url != NULL) {
+      ndpi_snprintf(flow->http.url, sizeof(flow->http.url), "%s", flow->ndpi_flow->http.url);
+    }
+    flow->http.response_status_code = flow->ndpi_flow->http.response_status_code;
+    ndpi_snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : "");
+    ndpi_snprintf(flow->http.server, sizeof(flow->http.server), "%s", flow->ndpi_flow->http.server ? flow->ndpi_flow->http.server : "");
+    ndpi_snprintf(flow->http.request_content_type, sizeof(flow->http.request_content_type), "%s", flow->ndpi_flow->http.request_content_type ? flow->ndpi_flow->http.request_content_type : "");
+    ndpi_snprintf(flow->http.nat_ip, sizeof(flow->http.nat_ip), "%s", flow->ndpi_flow->http.nat_ip ? flow->ndpi_flow->http.nat_ip : "");
+  }
+
   ndpi_snprintf(flow->http.user_agent,
                 sizeof(flow->http.user_agent),
                 "%s", (flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : ""));

diff --git a/tests/cfgs/default/pcap/bt-http.pcapng b/tests/cfgs/default/pcap/bt-http.pcapng
diff --git a/tests/cfgs/default/result/bt-http.pcapng.out b/tests/cfgs/default/result/bt-http.pcapng.out
@@ -0,0 +1,25 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	7	(7.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 15 (15.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 5/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          1/0 (search/found)
+Automa domain:        1/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+
+BitTorrent	14	1492	1
+
+	1	TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]