You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

286 lines
8.7 KiB

  1. From 6be5188ff93780a7f2acd48f41c4ac1846597091 Mon Sep 17 00:00:00 2001
  2. From: Luca <deri@ntop.org>
  3. Date: Tue, 11 Sep 2018 10:02:34 +0300
  4. Subject: [PATCH 2/9] Fixes #600 Backport of recent fixes (e.g. #601)
  5. ---
  6. Makefile.am | 5 ++-
  7. autogen.sh | 2 +-
  8. configure.seed | 13 +++++--
  9. src/lib/Makefile | 26 --------------
  10. src/lib/Makefile.in | 54 ++++++++++++++++++++++++++++++
  11. src/lib/ndpi_main.c | 2 --
  12. src/lib/protocols/ssl.c | 36 ++++++++++++++------
  13. src/lib/third_party/include/hash.h | 1 +
  14. 8 files changed, 94 insertions(+), 45 deletions(-)
  15. delete mode 100644 src/lib/Makefile
  16. create mode 100644 src/lib/Makefile.in
  17. diff --git a/Makefile.am b/Makefile.am
  18. index 17c6748..37f0849 100644
  19. --- a/Makefile.am
  20. +++ b/Makefile.am
  21. @@ -1,8 +1,7 @@
  22. ACLOCAL_AMFLAGS = -I m4
  23. -
  24. SUBDIRS = src/lib example tests
  25. -pkgconfigdir = $(libdir)/pkgconfig
  26. +pkgconfigdir = $(prefix)/libdata/pkgconfig
  27. pkgconfig_DATA = libndpi.pc
  28. -EXTRA_DIST = libndpi.sym autogen.sh
  29. +EXTRA_DIST = autogen.sh
  30. diff --git a/autogen.sh b/autogen.sh
  31. index 6596b2f..efeffc4 100755
  32. --- a/autogen.sh
  33. +++ b/autogen.sh
  34. @@ -5,7 +5,7 @@ NDPI_MINOR="4"
  35. NDPI_PATCH="0"
  36. NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH"
  37. -rm -f configure config.h config.h.in src/lib/Makefile.in
  38. +rm -f configure config.h config.h.in
  39. AUTOCONF=$(command -v autoconf)
  40. AUTOMAKE=$(command -v automake)
  41. diff --git a/configure.seed b/configure.seed
  42. index 6b85c66..8f8817f 100644
  43. --- a/configure.seed
  44. +++ b/configure.seed
  45. @@ -10,6 +10,7 @@ AC_PROG_CC
  46. AM_PROG_CC_C_O
  47. AX_PTHREAD
  48. +NDPI_VERSION_SHORT="@NDPI_VERSION_SHORT@"
  49. NDPI_MAJOR="@NDPI_MAJOR@"
  50. NDPI_MINOR="@NDPI_MINOR@"
  51. NDPI_PATCH="@NDPI_PATCH@"
  52. @@ -51,11 +52,16 @@ else
  53. AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"])
  54. fi
  55. -
  56. +if test -z `which clang`; then
  57. +CC=gcc
  58. +else
  59. +CC=clang
  60. +fi
  61. +
  62. HS_LIB=
  63. HS_INC=
  64. -AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan])
  65. +AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan])
  66. if test "${with_hyperscan+set}" = set; then
  67. BKP=$LIBS
  68. @@ -127,12 +133,13 @@ AC_ARG_ENABLE([debug-messages],
  69. AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np]))
  70. -AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h])
  71. +AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile])
  72. AC_CONFIG_HEADERS(src/include/ndpi_config.h)
  73. AC_SUBST(GIT_RELEASE)
  74. AC_SUBST(NDPI_MAJOR)
  75. AC_SUBST(NDPI_MINOR)
  76. AC_SUBST(NDPI_PATCH)
  77. +AC_SUBST(NDPI_VERSION_SHORT)
  78. AC_SUBST(SVN_DATE)
  79. AC_SUBST(JSON_C_LIB)
  80. AC_SUBST(PCAP_INC)
  81. diff --git a/src/lib/Makefile b/src/lib/Makefile
  82. deleted file mode 100644
  83. index 19c6f1c..0000000
  84. --- a/src/lib/Makefile
  85. +++ /dev/null
  86. @@ -1,26 +0,0 @@
  87. -#
  88. -# Simple non-autotools dependent makefile
  89. -#
  90. -# ./autogen.sh
  91. -# cd src/lib
  92. -# make -f Makefile.simple
  93. -#
  94. -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g
  95. -RANLIB = ranlib
  96. -
  97. -OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o
  98. -HEADERS = $(wildcard ../include/*.h)
  99. -
  100. -all: libndpi.a
  101. -
  102. -ndpi_main.c: ndpi_content_match.c.inc
  103. -
  104. -libndpi.a: $(OBJECTS)
  105. - ar rc $@ $(OBJECTS)
  106. - $(RANLIB) $@
  107. -
  108. -%.o: %.c $(HEADERS) Makefile
  109. - $(CC) $(CFLAGS) -c $< -o $@
  110. -
  111. -clean:
  112. - /bin/rm -f libndpi.a $(OBJECTS)
  113. diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
  114. new file mode 100644
  115. index 0000000..ca29001
  116. --- /dev/null
  117. +++ b/src/lib/Makefile.in
  118. @@ -0,0 +1,54 @@
  119. +#
  120. +# Simple non-autotools dependent makefile
  121. +#
  122. +# ./autogen.sh
  123. +# cd src/lib
  124. +# make Makefile
  125. +#
  126. +
  127. +
  128. +#
  129. +# Installation directories
  130. +#
  131. +prefix = /usr/local
  132. +libdir = ${prefix}/lib
  133. +includedir = ${prefix}/include/ndpi
  134. +CC = @CC@
  135. +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 # -g
  136. +RANLIB = ranlib
  137. +
  138. +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o
  139. +HEADERS = $(wildcard ../include/*.h)
  140. +NDPI_LIB_STATIC = libndpi.a
  141. +NDPI_LIB_SHARED_BASE = libndpi.so
  142. +NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@
  143. +NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED)
  144. +
  145. +ifeq ($(OS),Darwin)
  146. +CC=clang
  147. +endif
  148. +
  149. +all: $(NDPI_LIBS)
  150. +
  151. +ndpi_main.c: ndpi_content_match.c.inc
  152. +
  153. +$(NDPI_LIB_STATIC): $(OBJECTS)
  154. + ar rc $@ $(OBJECTS)
  155. + $(RANLIB) $@
  156. +
  157. +$(NDPI_LIB_SHARED): $(OBJECTS)
  158. + $(CC) -shared -fPIC -o $@ $(OBJECTS)
  159. + ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE)
  160. +
  161. +%.o: %.c $(HEADERS) Makefile
  162. + $(CC) $(CFLAGS) -c $< -o $@
  163. +
  164. +clean:
  165. + /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo
  166. +
  167. +install: $(NDPI_LIBS)
  168. + mkdir -p $(DESTDIR)$(libdir)
  169. + cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/
  170. + ln -Fs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE)
  171. + mkdir -p $(DESTDIR)$(includedir)
  172. + cp ../include/*.h $(DESTDIR)$(includedir)
  173. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
  174. index 8061aa1..540e158 100644
  175. --- a/src/lib/ndpi_main.c
  176. +++ b/src/lib/ndpi_main.c
  177. @@ -43,9 +43,7 @@
  178. #include "ndpi_content_match.c.inc"
  179. #include "third_party/include/ndpi_patricia.h"
  180. -#include "third_party/src/ndpi_patricia.c"
  181. #include "third_party/include/hash.h"
  182. -#include "third_party/src/hash.c"
  183. #ifdef HAVE_HYPERSCAN
  184. #include <hs/hs.h>
  185. diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
  186. index b8c3697..59aedcb 100644
  187. --- a/src/lib/protocols/ssl.c
  188. +++ b/src/lib/protocols/ssl.c
  189. @@ -27,7 +27,7 @@
  190. #include "ndpi_api.h"
  191. -/* #define CERTIFICATE_DEBUG 1 */
  192. +// #define CERTIFICATE_DEBUG 1
  193. #define NDPI_MAX_SSL_REQUEST_SIZE 10000
  194. /* Skype.c */
  195. @@ -246,28 +246,43 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
  196. u_int16_t compression_len;
  197. u_int16_t extensions_len;
  198. - compression_len = packet->payload[offset+1];
  199. - offset += compression_len + 3;
  200. + offset++;
  201. + compression_len = packet->payload[offset];
  202. + offset++;
  203. +
  204. +#ifdef CERTIFICATE_DEBUG
  205. + printf("SSL [compression_len: %u]\n", compression_len);
  206. +#endif
  207. +
  208. + // offset += compression_len + 3;
  209. + offset += compression_len;
  210. if(offset < total_len) {
  211. - extensions_len = packet->payload[offset];
  212. + extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset]));
  213. + offset += 2;
  214. +
  215. +#ifdef CERTIFICATE_DEBUG
  216. + printf("SSL [extensions_len: %u]\n", extensions_len);
  217. +#endif
  218. - if((extensions_len+offset) < total_len) {
  219. + if((extensions_len+offset) <= total_len) {
  220. /* Move to the first extension
  221. Type is u_int to avoid possible overflow on extension_len addition */
  222. - u_int extension_offset = 1;
  223. + u_int extension_offset = 0;
  224. while(extension_offset < extensions_len) {
  225. u_int16_t extension_id, extension_len;
  226. - memcpy(&extension_id, &packet->payload[offset+extension_offset], 2);
  227. + extension_id = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset]));
  228. extension_offset += 2;
  229. - memcpy(&extension_len, &packet->payload[offset+extension_offset], 2);
  230. + extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset]));
  231. extension_offset += 2;
  232. - extension_id = ntohs(extension_id), extension_len = ntohs(extension_len);
  233. -
  234. +#ifdef CERTIFICATE_DEBUG
  235. + printf("SSL [extension_id: %u][extension_len: %u]\n", extension_id, extension_len);
  236. +#endif
  237. +
  238. if(extension_id == 0) {
  239. u_int begin = 0,len;
  240. char *server_name = (char*)&packet->payload[offset+extension_offset];
  241. @@ -316,6 +331,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi
  242. if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) {
  243. char certificate[64];
  244. int rc;
  245. +
  246. certificate[0] = '\0';
  247. rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate));
  248. packet->ssl_certificate_num_checks++;
  249. diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/hash.h
  250. index 4f53e5a..2251706 100644
  251. --- a/src/lib/third_party/include/hash.h
  252. +++ b/src/lib/third_party/include/hash.h
  253. @@ -25,5 +25,6 @@ extern int ht_hash( hashtable_t *hashtable, char *key );
  254. extern entry_t *ht_newpair( char *key, u_int16_t value );
  255. extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value );
  256. extern u_int16_t ht_get( hashtable_t *hashtable, char *key );
  257. +extern void ht_free( hashtable_t *hashtable );
  258. #endif /* _HASH_H_ */
  259. --
  260. 2.19.1