Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keep separating public and private API #2157

Merged
merged 1 commit into from
Nov 29, 2023
Merged

Keep separating public and private API #2157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions fuzz/Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ fuzz_quic_get_crypto_data_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS)
$(fuzz_quic_get_crypto_data_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@

fuzz_config_SOURCES = fuzz_config.cpp fuzz_common_code.c
fuzz_config_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_config_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_config_CXXFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION
fuzz_config_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION
fuzz_config_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
fuzz_config_LDFLAGS = $(LIBS)
if HAS_FUZZLDFLAGS
Expand Down
3 changes: 2 additions & 1 deletion fuzz/fuzz_config.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "ndpi_classify.h"
#include "fuzz_common_code.h"

Expand Down Expand Up @@ -204,7 +205,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_get_http_method(ndpi_info_mod, bool_value ? &flow : NULL);
ndpi_get_http_url(ndpi_info_mod, &flow);
ndpi_get_http_content_type(ndpi_info_mod, &flow);
ndpi_check_for_email_address(ndpi_info_mod, 0);
check_for_email_address(ndpi_info_mod, 0);
ndpi_get_flow_name(bool_value ? &flow : NULL);
/* ndpi_guess_undetected_protocol() is a "strange" function. Try fuzzing it, here */
if(!ndpi_is_protocol_detected(ndpi_info_mod, p)) {
Expand Down
35 changes: 23 additions & 12 deletions src/include/ndpi_api.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,18 +241,6 @@ extern "C" {
*/
void ndpi_free_flow(struct ndpi_flow_struct *flow);

/**
* Enables cache support.
* In nDPI is used for some protocol (i.e. Skype)
*
* @par ndpi_mod = the struct created for the protocol detection
* @par host = string for the host name
* @par port = unsigned int for the port number
*
*/
void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod,
char* host, u_int port);

/**
* Destroys the detection module
*
Expand Down Expand Up @@ -2164,6 +2152,29 @@ extern "C" {
*/
void *ndpi_get_user_data(struct ndpi_detection_module_struct *ndpi_str);

/* ******************************* */

/* Can't call libc functions from kernel space, define some stub instead */
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just out of curiosity: Running nDPI in kernel space is officially supported?

Copy link
Collaborator Author

@IvanNardi IvanNardi Nov 29, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That line has been simply copied around...
I don't think that nDPI is "officially" supported in kernel-space, but the original OpenDPI was.
And, more important, there is at least one active fork https://github.com/vel21ripn/nDPI (by @vel21ripn) which, AFAIK, works in kernel-space. Since that fork is maintained and quite in sync with upstream, I think that there are no huge issues in upstream code preventing nDPI from working in kernel-mode. But I never investigate it...

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could add a simple kernel module to examples/ and the CI so we know at least if nDPI is able to build in such environments.


#define ndpi_isalpha(ch) (((ch) >= 'a' && (ch) <= 'z') || ((ch) >= 'A' && (ch) <= 'Z'))
#define ndpi_isdigit(ch) ((ch) >= '0' && (ch) <= '9')
#define ndpi_isalnum(ch) (ndpi_isalpha(ch) != 0 || ndpi_isdigit(ch) != 0)
#define ndpi_isspace(ch) (((ch) >= '\t' && (ch) <= '\r') || ((ch) == ' '))
#define ndpi_isprint(ch) ((ch) >= 0x20 && (ch) <= 0x7e)
#define ndpi_ispunct(ch) (((ch) >= '!' && (ch) <= '/') || \
((ch) >= ':' && (ch) <= '@') || \
((ch) >= '[' && (ch) <= '`') || \
((ch) >= '{' && (ch) <= '~'))

/* ******************************* */

int ndpi_vsnprintf(char * str, size_t size, char const * format, va_list va_args);
int ndpi_snprintf(char * str, size_t size, char const * format, ...);
struct tm *ndpi_gmtime_r(const time_t *timep,
struct tm *result);

/* ******************************* */

#ifdef __cplusplus
}
#endif
Expand Down
63 changes: 4 additions & 59 deletions src/include/ndpi_main.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,7 @@
#include "ndpi_protocol_ids.h"
#include "ndpi_typedefs.h"
#include "ndpi_api.h"
#include "ndpi_protocols.h"

/* used by ndpi_set_proto_subprotocols */
#define NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS (-1)
#define NDPI_PROTOCOL_MATCHED_BY_CONTENT (-2)

#ifdef __cplusplus
extern "C" {
Expand All @@ -54,12 +50,8 @@ extern "C" {
int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a);
void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a);

extern u_int8_t ndpi_net_match(u_int32_t ip_to_check,
u_int32_t net,
u_int32_t num_bits);

extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst,
u_int32_t net, u_int32_t num_bits);


u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str,
u_int16_t max_chars_to_read,
Expand All @@ -78,34 +70,8 @@ extern "C" {
u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read,
u_int16_t * bytes_read);

void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int16_t upper_detected_protocol,
u_int16_t lower_detected_protocol,
ndpi_confidence_t confidence);

void ndpi_reset_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);

void ndpi_set_detected_protocol_keeping_master(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
u_int16_t detected_protocol,
ndpi_confidence_t confidence);

extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);

extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct,
u_int16_t counter);

extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
ndpi_protocol_category_t protocol_category);

extern void ndpi_set_proto_subprotocols(struct ndpi_detection_module_struct *ndpi_mod,
int protoId, ...);
int protoId, ...);

extern int ndpi_parse_ip_string(const char *ip_str, ndpi_ip_addr_t *parsed_ip);
extern char *ndpi_get_ip_string(const ndpi_ip_addr_t * ip, char *buf, u_int buf_len);
Expand All @@ -114,20 +80,10 @@ extern "C" {
extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name);

extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int8_t proto, u_int16_t sport, u_int16_t dport,
u_int8_t *user_defined_proto);

extern u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p);

extern void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);

#ifdef NDPI_ENABLE_DEBUG_MESSAGES
void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct,
const char **file, const char **func, u_int32_t * line);
#endif

/** Checks when the @p payload starts with the string literal @p str.
* When the string is larger than the payload, check fails.
* @return non-zero if check succeeded
Expand All @@ -149,7 +105,7 @@ extern "C" {
u_int16_t protoId, char *protoName,
ndpi_protocol_category_t protoCategory,
ndpi_port_range *tcpDefPorts,
ndpi_port_range *udpDefPorts);
ndpi_port_range *udpDefPorts);
void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow, ndpi_risk_enum r,
char *risk_message);
Expand All @@ -161,18 +117,7 @@ extern "C" {
int ndpi_normalize_printable_string(char * const str, size_t len);
int ndpi_is_valid_hostname(char * const str, size_t len);
#define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f)
float ndpi_entropy(u_int8_t const * const buf, size_t len);
u_int16_t ndpi_calculate_icmp4_checksum(u_int8_t const * const buf, size_t len);
void load_common_alpns(struct ndpi_detection_module_struct *ndpi_str);
u_int8_t is_a_common_alpn(struct ndpi_detection_module_struct *ndpi_str,
const char *alpn_to_check, u_int alpn_to_check_len);

char *ndpi_hostname_sni_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len);
char *ndpi_user_agent_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len);

int64_t ndpi_asn1_ber_decode_length(const unsigned char *payload, int payload_len, u_int16_t *value_len);
char* ndpi_intoav4(unsigned int addr, char* buf, u_int16_t bufLen);
int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow);
float ndpi_entropy(u_int8_t const * const buf, size_t len);

#ifdef __cplusplus
}
Expand Down
Loading
Loading