profile: init profile stats
This commit is contained in:
zhuzhenjun
@@ -3,6 +3,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <sys/socket.h>
|
||||
|
||||
@@ -145,6 +146,11 @@ typedef struct Packet_ {
|
||||
int vlan_layer;
|
||||
} Packet;
|
||||
|
||||
typedef struct EthernetHdr_ {
|
||||
uint8_t eth_dst[6];
|
||||
uint8_t eth_src[6];
|
||||
uint16_t eth_type;
|
||||
} __attribute__((__packed__)) EthernetHdr;
|
||||
|
||||
unsigned char *fp_file_path;
|
||||
unsigned char *fp_output_file_path;
|
||||
@@ -159,6 +165,12 @@ pcap_t *pcap_handle;
|
||||
int processed_packet;
|
||||
int link_type;
|
||||
|
||||
struct osfp_profile_counter identify_profile;
|
||||
|
||||
unsigned int identify_failed_count = 0;
|
||||
unsigned int identify_count = 0;
|
||||
unsigned int result_os_count[OSFP_OS_CLASS_MAX];
|
||||
|
||||
void usage(void) {
|
||||
fprintf(stderr,
|
||||
"Usage: osfp_match [ ...options... ] [ 'filter rule' ]\n"
|
||||
@@ -172,13 +184,6 @@ void usage(void) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
typedef struct EthernetHdr_ {
|
||||
uint8_t eth_dst[6];
|
||||
uint8_t eth_src[6];
|
||||
uint16_t eth_type;
|
||||
} __attribute__((__packed__)) EthernetHdr;
|
||||
|
||||
|
||||
int packet_decode_tcp(Packet *p, const unsigned char *data, unsigned int len)
|
||||
{
|
||||
int ret = -1;
|
||||
@@ -434,13 +439,16 @@ void example_detect(struct osfp_db *osfp_db, Packet *p)
|
||||
unsigned int tcph_len;
|
||||
struct osfp_result *result = NULL;
|
||||
|
||||
printf("Example ipv4 header detect: --------------------------\n");
|
||||
|
||||
iph = (struct iphdr *)p->iph;
|
||||
ip6h = (struct ip6_hdr *)p->ip6h;
|
||||
tcph = (struct tcphdr *)p->tcph;
|
||||
tcph_len = tcph->doff << 2;
|
||||
|
||||
osfp_profile_cycle(c1);
|
||||
osfp_profile_cycle(c2);
|
||||
|
||||
|
||||
osfp_profile_get_cycle(c1);
|
||||
if (iph) {
|
||||
result = osfp_ipv4_identify(osfp_db, iph, tcph, tcph_len);
|
||||
} else if (ip6h) {
|
||||
@@ -448,17 +456,28 @@ void example_detect(struct osfp_db *osfp_db, Packet *p)
|
||||
} else {
|
||||
goto exit;
|
||||
}
|
||||
osfp_profile_get_cycle(c2);
|
||||
osfp_profile_counter_update(&identify_profile, c2 - c1);
|
||||
|
||||
identify_count++;
|
||||
|
||||
if (result == NULL) {
|
||||
identify_failed_count++;
|
||||
printf("osfp header match failed, erro: %s\n", "?");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
|
||||
printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
|
||||
result_os_count[result->likely_os_class]++;
|
||||
|
||||
printf("Details:\n");
|
||||
printf("%s\n", osfp_result_score_detail_export(result));
|
||||
char *json = osfp_result_score_detail_export(result);
|
||||
|
||||
if (1) {
|
||||
printf("Example ipv4 header detect: --------------------------\n");
|
||||
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
|
||||
printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
|
||||
printf("Details:\n");
|
||||
printf("%s\n", json);
|
||||
}
|
||||
|
||||
exit:
|
||||
if (result) {
|
||||
@@ -499,7 +518,10 @@ void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
|
||||
}
|
||||
|
||||
// tcp/ip header detect example for user
|
||||
example_detect(osfp_db, p);
|
||||
int i;
|
||||
for (i = 0; i < 1; i++) {
|
||||
example_detect(osfp_db, p);
|
||||
}
|
||||
|
||||
printf("--------------------------- processed packet count %d\n", ++processed_packet);
|
||||
|
||||
@@ -507,10 +529,35 @@ exit:
|
||||
return;
|
||||
}
|
||||
|
||||
static void signal_handler(int signum)
|
||||
{
|
||||
printf("profile identify: avg: %lu max: %lu min: %lu curr: %lu total: %lu count: %lu\n",
|
||||
identify_profile.total_cycle / identify_profile.count,
|
||||
identify_profile.max_cycle,
|
||||
identify_profile.min_cycle,
|
||||
identify_profile.curr_cycle,
|
||||
identify_profile.total_cycle,
|
||||
identify_profile.count);
|
||||
|
||||
osfp_profile_print_stats();
|
||||
|
||||
printf("total %u, failed %u\n",
|
||||
identify_count, identify_failed_count);
|
||||
int i;
|
||||
for (i = 0; i < OSFP_OS_CLASS_MAX; i++) {
|
||||
printf("%s: %u\n", osfp_os_class_id_to_name(i), result_os_count[i]);
|
||||
}
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int r;
|
||||
|
||||
signal(SIGINT, signal_handler);
|
||||
signal(SIGTERM, signal_handler);
|
||||
|
||||
while ((r = getopt(argc, argv, "+f:i:r:o:d")) != -1) {
|
||||
switch(r) {
|
||||
case 'f':
|
||||
@@ -621,6 +668,8 @@ int main(int argc, char *argv[])
|
||||
osfp_log_level_set(OSFP_LOG_LEVEL_DEBUG);
|
||||
}
|
||||
|
||||
osfp_profile_set(1);
|
||||
|
||||
struct osfp_db *osfp_db = osfp_db_new(fp_file_path);
|
||||
if (osfp_db == NULL) {
|
||||
printf("could not create osfp context. fingerprints file: %s\n", fp_file_path);
|
||||
|
||||
Reference in New Issue
Block a user