From 0e09c2b5c573ad1fce7c8f13b6bf255e1f21d390 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 11 Sep 2018 10:02:34 +0300 Subject: [PATCH] Fixes #600 Backport of recent fixes (e.g. #601) --- Makefile.am | 5 ++- autogen.sh | 2 +- configure.seed | 13 +++++-- src/lib/Makefile.in | 54 ++++++++++++++++++++++++++++++ src/lib/ndpi_main.c | 2 -- src/lib/protocols/ssl.c | 36 ++++++++++++++------ src/lib/third_party/include/hash.h | 1 + 7 files changed, 94 insertions(+), 19 deletions(-) create mode 100644 src/lib/Makefile.in diff --git a/Makefile.am b/Makefile.am index 17c6748..37f0849 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ACLOCAL_AMFLAGS = -I m4 - SUBDIRS = src/lib example tests -pkgconfigdir = $(libdir)/pkgconfig +pkgconfigdir = $(prefix)/libdata/pkgconfig pkgconfig_DATA = libndpi.pc -EXTRA_DIST = libndpi.sym autogen.sh +EXTRA_DIST = autogen.sh diff --git a/autogen.sh b/autogen.sh index 6596b2f..efeffc4 100755 --- a/autogen.sh +++ b/autogen.sh @@ -5,7 +5,7 @@ NDPI_MINOR="4" NDPI_PATCH="0" NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" -rm -f configure config.h config.h.in src/lib/Makefile.in +rm -f configure config.h config.h.in AUTOCONF=$(command -v autoconf) AUTOMAKE=$(command -v automake) diff --git a/configure.seed b/configure.seed index 6b85c66..8f8817f 100644 --- a/configure.seed +++ b/configure.seed @@ -10,6 +10,7 @@ AC_PROG_CC AM_PROG_CC_C_O AX_PTHREAD +NDPI_VERSION_SHORT="@NDPI_VERSION_SHORT@" NDPI_MAJOR="@NDPI_MAJOR@" NDPI_MINOR="@NDPI_MINOR@" NDPI_PATCH="@NDPI_PATCH@" @@ -51,11 +52,16 @@ else AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) fi - +if test -z `which clang`; then +CC=gcc +else +CC=clang +fi + HS_LIB= HS_INC= -AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan]) +AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable nDPI build with Intel Hyperscan]) if test "${with_hyperscan+set}" = set; then BKP=$LIBS @@ -127,12 +133,13 @@ AC_ARG_ENABLE([debug-messages], AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) -AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile]) AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) AC_SUBST(NDPI_MINOR) AC_SUBST(NDPI_PATCH) +AC_SUBST(NDPI_VERSION_SHORT) AC_SUBST(SVN_DATE) AC_SUBST(JSON_C_LIB) AC_SUBST(PCAP_INC) diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in new file mode 100644 index 0000000..ca29001 --- /dev/null +++ b/src/lib/Makefile.in @@ -0,0 +1,54 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make Makefile +# + + +# +# Installation directories +# +prefix = /usr +libdir = ${prefix}/lib +includedir = ${prefix}/include/ndpi +CC = @CC@ +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 # -g +RANLIB = ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o +HEADERS = $(wildcard ../include/*.h) +NDPI_LIB_STATIC = libndpi.a +NDPI_LIB_SHARED_BASE = libndpi.so +NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@ +NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED) + +ifeq ($(OS),Darwin) +CC=clang +endif + +all: $(NDPI_LIBS) + +ndpi_main.c: ndpi_content_match.c.inc + +$(NDPI_LIB_STATIC): $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +$(NDPI_LIB_SHARED): $(OBJECTS) + $(CC) -shared -fPIC -o $@ $(OBJECTS) + ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo + +install: $(NDPI_LIBS) + mkdir -p $(DESTDIR)$(libdir) + cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ + ln -Fs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + mkdir -p $(DESTDIR)$(includedir) + cp ../include/*.h $(DESTDIR)$(includedir) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b002126..5beb6b4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -43,9 +43,7 @@ #include "ndpi_content_match.c.inc" #include "third_party/include/ndpi_patricia.h" -#include "third_party/src/ndpi_patricia.c" #include "third_party/include/hash.h" -#include "third_party/src/hash.c" #ifdef HAVE_HYPERSCAN #include diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index b8c3697..59aedcb 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" -/* #define CERTIFICATE_DEBUG 1 */ +// #define CERTIFICATE_DEBUG 1 #define NDPI_MAX_SSL_REQUEST_SIZE 10000 /* Skype.c */ @@ -246,28 +246,43 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t compression_len; u_int16_t extensions_len; - compression_len = packet->payload[offset+1]; - offset += compression_len + 3; + offset++; + compression_len = packet->payload[offset]; + offset++; + +#ifdef CERTIFICATE_DEBUG + printf("SSL [compression_len: %u]\n", compression_len); +#endif + + // offset += compression_len + 3; + offset += compression_len; if(offset < total_len) { - extensions_len = packet->payload[offset]; + extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset])); + offset += 2; + +#ifdef CERTIFICATE_DEBUG + printf("SSL [extensions_len: %u]\n", extensions_len); +#endif - if((extensions_len+offset) < total_len) { + if((extensions_len+offset) <= total_len) { /* Move to the first extension Type is u_int to avoid possible overflow on extension_len addition */ - u_int extension_offset = 1; + u_int extension_offset = 0; while(extension_offset < extensions_len) { u_int16_t extension_id, extension_len; - memcpy(&extension_id, &packet->payload[offset+extension_offset], 2); + extension_id = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset])); extension_offset += 2; - memcpy(&extension_len, &packet->payload[offset+extension_offset], 2); + extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset])); extension_offset += 2; - extension_id = ntohs(extension_id), extension_len = ntohs(extension_len); - +#ifdef CERTIFICATE_DEBUG + printf("SSL [extension_id: %u][extension_len: %u]\n", extension_id, extension_len); +#endif + if(extension_id == 0) { u_int begin = 0,len; char *server_name = (char*)&packet->payload[offset+extension_offset]; @@ -316,6 +331,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { char certificate[64]; int rc; + certificate[0] = '\0'; rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate)); packet->ssl_certificate_num_checks++; diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/hash.h index 4f53e5a..2251706 100644 --- a/src/lib/third_party/include/hash.h +++ b/src/lib/third_party/include/hash.h @@ -25,5 +25,6 @@ extern int ht_hash( hashtable_t *hashtable, char *key ); extern entry_t *ht_newpair( char *key, u_int16_t value ); extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value ); extern u_int16_t ht_get( hashtable_t *hashtable, char *key ); +extern void ht_free( hashtable_t *hashtable ); #endif /* _HASH_H_ */ -- 2.19.1