|
@ -0,0 +1,252 @@ |
|
|
|
|
|
From 0e09c2b5c573ad1fce7c8f13b6bf255e1f21d390 Mon Sep 17 00:00:00 2001 |
|
|
|
|
|
From: Luca <deri@ntop.org> |
|
|
|
|
|
Date: Tue, 11 Sep 2018 10:02:34 +0300 |
|
|
|
|
|
Subject: [PATCH] Fixes #600 Backport of recent fixes (e.g. #601) |
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
Makefile.am | 5 ++- |
|
|
|
|
|
autogen.sh | 2 +- |
|
|
|
|
|
configure.seed | 13 +++++-- |
|
|
|
|
|
src/lib/Makefile.in | 54 ++++++++++++++++++++++++++++++ |
|
|
|
|
|
src/lib/ndpi_main.c | 2 -- |
|
|
|
|
|
src/lib/protocols/ssl.c | 36 ++++++++++++++------ |
|
|
|
|
|
src/lib/third_party/include/hash.h | 1 + |
|
|
|
|
|
7 files changed, 94 insertions(+), 19 deletions(-) |
|
|
|
|
|
create mode 100644 src/lib/Makefile.in |
|
|
|
|
|
|
|
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
|
|
|
|
|
index 17c6748..37f0849 100644
|
|
|
|
|
|
--- a/Makefile.am
|
|
|
|
|
|
+++ b/Makefile.am
|
|
|
|
|
|
@@ -1,8 +1,7 @@
|
|
|
|
|
|
ACLOCAL_AMFLAGS = -I m4 |
|
|
|
|
|
-
|
|
|
|
|
|
SUBDIRS = src/lib example tests |
|
|
|
|
|
|
|
|
|
|
|
-pkgconfigdir = $(libdir)/pkgconfig
|
|
|
|
|
|
+pkgconfigdir = $(prefix)/libdata/pkgconfig
|
|
|
|
|
|
pkgconfig_DATA = libndpi.pc |
|
|
|
|
|
|
|
|
|
|
|
-EXTRA_DIST = libndpi.sym autogen.sh
|
|
|
|
|
|
+EXTRA_DIST = autogen.sh
|
|
|
|
|
|
diff --git a/autogen.sh b/autogen.sh
|
|
|
|
|
|
index 6596b2f..efeffc4 100755
|
|
|
|
|
|
--- a/autogen.sh
|
|
|
|
|
|
+++ b/autogen.sh
|
|
|
|
|
|
@@ -5,7 +5,7 @@ NDPI_MINOR="4"
|
|
|
|
|
|
NDPI_PATCH="0" |
|
|
|
|
|
NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" |
|
|
|
|
|
|
|
|
|
|
|
-rm -f configure config.h config.h.in src/lib/Makefile.in
|
|
|
|
|
|
+rm -f configure config.h config.h.in
|
|
|
|
|
|
|
|
|
|
|
|
AUTOCONF=$(command -v autoconf) |
|
|
|
|
|
AUTOMAKE=$(command -v automake) |
|
|
|
|
|
diff --git a/configure.seed b/configure.seed
|
|
|
|
|
|
index 6b85c66..8f8817f 100644
|
|
|
|
|
|
--- a/configure.seed
|
|
|
|
|
|
+++ b/configure.seed
|
|
|
|
|
|
@@ -10,6 +10,7 @@ AC_PROG_CC
|
|
|
|
|
|
AM_PROG_CC_C_O |
|
|
|
|
|
AX_PTHREAD |
|
|
|
|
|
|
|
|
|
|
|
+NDPI_VERSION_SHORT="@NDPI_VERSION_SHORT@"
|
|
|
|
|
|
NDPI_MAJOR="@NDPI_MAJOR@" |
|
|
|
|
|
NDPI_MINOR="@NDPI_MINOR@" |
|
|
|
|
|
NDPI_PATCH="@NDPI_PATCH@" |
|
|
|
|
|
@@ -51,11 +52,16 @@ else
|
|
|
|
|
|
AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
|
+if test -z `which clang`; then
|
|
|
|
|
|
+CC=gcc
|
|
|
|
|
|
+else
|
|
|
|
|
|
+CC=clang
|
|
|
|
|
|
+fi
|
|
|
|
|
|
+
|
|
|
|
|
|
HS_LIB= |
|
|
|
|
|
HS_INC= |
|
|
|
|
|
|
|
|
|
|
|
-AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan])
|
|
|
|
|
|
+AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan])
|
|
|
|
|
|
|
|
|
|
|
|
if test "${with_hyperscan+set}" = set; then |
|
|
|
|
|
BKP=$LIBS |
|
|
|
|
|
@@ -127,12 +133,13 @@ AC_ARG_ENABLE([debug-messages],
|
|
|
|
|
|
|
|
|
|
|
|
AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) |
|
|
|
|
|
|
|
|
|
|
|
-AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h])
|
|
|
|
|
|
+AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile])
|
|
|
|
|
|
AC_CONFIG_HEADERS(src/include/ndpi_config.h) |
|
|
|
|
|
AC_SUBST(GIT_RELEASE) |
|
|
|
|
|
AC_SUBST(NDPI_MAJOR) |
|
|
|
|
|
AC_SUBST(NDPI_MINOR) |
|
|
|
|
|
AC_SUBST(NDPI_PATCH) |
|
|
|
|
|
+AC_SUBST(NDPI_VERSION_SHORT)
|
|
|
|
|
|
AC_SUBST(SVN_DATE) |
|
|
|
|
|
AC_SUBST(JSON_C_LIB) |
|
|
|
|
|
AC_SUBST(PCAP_INC) |
|
|
|
|
|
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
|
|
|
|
|
|
new file mode 100644 |
|
|
|
|
|
index 0000000..ca29001
|
|
|
|
|
|
--- /dev/null
|
|
|
|
|
|
+++ b/src/lib/Makefile.in
|
|
|
|
|
|
@@ -0,0 +1,54 @@
|
|
|
|
|
|
+#
|
|
|
|
|
|
+# Simple non-autotools dependent makefile
|
|
|
|
|
|
+#
|
|
|
|
|
|
+# ./autogen.sh
|
|
|
|
|
|
+# cd src/lib
|
|
|
|
|
|
+# make Makefile
|
|
|
|
|
|
+#
|
|
|
|
|
|
+
|
|
|
|
|
|
+
|
|
|
|
|
|
+#
|
|
|
|
|
|
+# Installation directories
|
|
|
|
|
|
+#
|
|
|
|
|
|
+prefix = /usr
|
|
|
|
|
|
+libdir = ${prefix}/lib
|
|
|
|
|
|
+includedir = ${prefix}/include/ndpi
|
|
|
|
|
|
+CC = @CC@
|
|
|
|
|
|
+CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 # -g
|
|
|
|
|
|
+RANLIB = ranlib
|
|
|
|
|
|
+
|
|
|
|
|
|
+OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o
|
|
|
|
|
|
+HEADERS = $(wildcard ../include/*.h)
|
|
|
|
|
|
+NDPI_LIB_STATIC = libndpi.a
|
|
|
|
|
|
+NDPI_LIB_SHARED_BASE = libndpi.so
|
|
|
|
|
|
+NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@
|
|
|
|
|
|
+NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED)
|
|
|
|
|
|
+
|
|
|
|
|
|
+ifeq ($(OS),Darwin)
|
|
|
|
|
|
+CC=clang
|
|
|
|
|
|
+endif
|
|
|
|
|
|
+
|
|
|
|
|
|
+all: $(NDPI_LIBS)
|
|
|
|
|
|
+
|
|
|
|
|
|
+ndpi_main.c: ndpi_content_match.c.inc
|
|
|
|
|
|
+
|
|
|
|
|
|
+$(NDPI_LIB_STATIC): $(OBJECTS)
|
|
|
|
|
|
+ ar rc $@ $(OBJECTS)
|
|
|
|
|
|
+ $(RANLIB) $@
|
|
|
|
|
|
+
|
|
|
|
|
|
+$(NDPI_LIB_SHARED): $(OBJECTS)
|
|
|
|
|
|
+ $(CC) -shared -fPIC -o $@ $(OBJECTS)
|
|
|
|
|
|
+ ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE)
|
|
|
|
|
|
+
|
|
|
|
|
|
+%.o: %.c $(HEADERS) Makefile
|
|
|
|
|
|
+ $(CC) $(CFLAGS) -c $< -o $@
|
|
|
|
|
|
+
|
|
|
|
|
|
+clean:
|
|
|
|
|
|
+ /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo
|
|
|
|
|
|
+
|
|
|
|
|
|
+install: $(NDPI_LIBS)
|
|
|
|
|
|
+ mkdir -p $(DESTDIR)$(libdir)
|
|
|
|
|
|
+ cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/
|
|
|
|
|
|
+ ln -Fs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE)
|
|
|
|
|
|
+ mkdir -p $(DESTDIR)$(includedir)
|
|
|
|
|
|
+ cp ../include/*.h $(DESTDIR)$(includedir)
|
|
|
|
|
|
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
|
|
|
|
|
|
index b002126..5beb6b4 100644
|
|
|
|
|
|
--- a/src/lib/ndpi_main.c
|
|
|
|
|
|
+++ b/src/lib/ndpi_main.c
|
|
|
|
|
|
@@ -43,9 +43,7 @@
|
|
|
|
|
|
|
|
|
|
|
|
#include "ndpi_content_match.c.inc" |
|
|
|
|
|
#include "third_party/include/ndpi_patricia.h" |
|
|
|
|
|
-#include "third_party/src/ndpi_patricia.c"
|
|
|
|
|
|
#include "third_party/include/hash.h" |
|
|
|
|
|
-#include "third_party/src/hash.c"
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_HYPERSCAN |
|
|
|
|
|
#include <hs/hs.h> |
|
|
|
|
|
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
|
|
|
|
|
|
index b8c3697..59aedcb 100644
|
|
|
|
|
|
--- a/src/lib/protocols/ssl.c
|
|
|
|
|
|
+++ b/src/lib/protocols/ssl.c
|
|
|
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
|
|
|
|
|
|
|
#include "ndpi_api.h" |
|
|
|
|
|
|
|
|
|
|
|
-/* #define CERTIFICATE_DEBUG 1 */
|
|
|
|
|
|
+// #define CERTIFICATE_DEBUG 1
|
|
|
|
|
|
#define NDPI_MAX_SSL_REQUEST_SIZE 10000 |
|
|
|
|
|
|
|
|
|
|
|
/* Skype.c */ |
|
|
|
|
|
@@ -246,28 +246,43 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
|
|
|
|
|
|
u_int16_t compression_len; |
|
|
|
|
|
u_int16_t extensions_len; |
|
|
|
|
|
|
|
|
|
|
|
- compression_len = packet->payload[offset+1];
|
|
|
|
|
|
- offset += compression_len + 3;
|
|
|
|
|
|
+ offset++;
|
|
|
|
|
|
+ compression_len = packet->payload[offset];
|
|
|
|
|
|
+ offset++;
|
|
|
|
|
|
+
|
|
|
|
|
|
+#ifdef CERTIFICATE_DEBUG
|
|
|
|
|
|
+ printf("SSL [compression_len: %u]\n", compression_len);
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
+
|
|
|
|
|
|
+ // offset += compression_len + 3;
|
|
|
|
|
|
+ offset += compression_len;
|
|
|
|
|
|
|
|
|
|
|
|
if(offset < total_len) { |
|
|
|
|
|
- extensions_len = packet->payload[offset];
|
|
|
|
|
|
+ extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset]));
|
|
|
|
|
|
+ offset += 2;
|
|
|
|
|
|
+
|
|
|
|
|
|
+#ifdef CERTIFICATE_DEBUG
|
|
|
|
|
|
+ printf("SSL [extensions_len: %u]\n", extensions_len);
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
|
|
- if((extensions_len+offset) < total_len) {
|
|
|
|
|
|
+ if((extensions_len+offset) <= total_len) {
|
|
|
|
|
|
/* Move to the first extension |
|
|
|
|
|
Type is u_int to avoid possible overflow on extension_len addition */ |
|
|
|
|
|
- u_int extension_offset = 1;
|
|
|
|
|
|
+ u_int extension_offset = 0;
|
|
|
|
|
|
|
|
|
|
|
|
while(extension_offset < extensions_len) { |
|
|
|
|
|
u_int16_t extension_id, extension_len; |
|
|
|
|
|
|
|
|
|
|
|
- memcpy(&extension_id, &packet->payload[offset+extension_offset], 2);
|
|
|
|
|
|
+ extension_id = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset]));
|
|
|
|
|
|
extension_offset += 2; |
|
|
|
|
|
|
|
|
|
|
|
- memcpy(&extension_len, &packet->payload[offset+extension_offset], 2);
|
|
|
|
|
|
+ extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset]));
|
|
|
|
|
|
extension_offset += 2; |
|
|
|
|
|
|
|
|
|
|
|
- extension_id = ntohs(extension_id), extension_len = ntohs(extension_len);
|
|
|
|
|
|
-
|
|
|
|
|
|
+#ifdef CERTIFICATE_DEBUG
|
|
|
|
|
|
+ printf("SSL [extension_id: %u][extension_len: %u]\n", extension_id, extension_len);
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
+
|
|
|
|
|
|
if(extension_id == 0) { |
|
|
|
|
|
u_int begin = 0,len; |
|
|
|
|
|
char *server_name = (char*)&packet->payload[offset+extension_offset]; |
|
|
|
|
|
@@ -316,6 +331,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi
|
|
|
|
|
|
if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { |
|
|
|
|
|
char certificate[64]; |
|
|
|
|
|
int rc; |
|
|
|
|
|
+
|
|
|
|
|
|
certificate[0] = '\0'; |
|
|
|
|
|
rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate)); |
|
|
|
|
|
packet->ssl_certificate_num_checks++; |
|
|
|
|
|
diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/hash.h
|
|
|
|
|
|
index 4f53e5a..2251706 100644
|
|
|
|
|
|
--- a/src/lib/third_party/include/hash.h
|
|
|
|
|
|
+++ b/src/lib/third_party/include/hash.h
|
|
|
|
|
|
@@ -25,5 +25,6 @@ extern int ht_hash( hashtable_t *hashtable, char *key );
|
|
|
|
|
|
extern entry_t *ht_newpair( char *key, u_int16_t value ); |
|
|
|
|
|
extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value ); |
|
|
|
|
|
extern u_int16_t ht_get( hashtable_t *hashtable, char *key ); |
|
|
|
|
|
+extern void ht_free( hashtable_t *hashtable );
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* _HASH_H_ */ |
|
|
|
|
|
--
|
|
|
|
|
|
2.19.1 |
|
|
|
|
|
|