test: show prefilter stats
This commit is contained in:
zhuzhenjun
@@ -431,7 +431,7 @@ const char *PrintInet(int af, const void *src, char *dst, socklen_t size)
|
||||
void example_detect(struct osfp_db *osfp_db, Packet *p)
|
||||
{
|
||||
int ret;
|
||||
char str_buf[1024] = "";
|
||||
char str_buf[2048] = "";
|
||||
//unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
|
||||
struct iphdr *iph;
|
||||
struct ip6_hdr *ip6h;
|
||||
@@ -449,14 +449,19 @@ void example_detect(struct osfp_db *osfp_db, Packet *p)
|
||||
|
||||
|
||||
struct osfp_fingerprint fp = {0};
|
||||
if (iph) {
|
||||
osfp_fingerprinting((unsigned char*)iph, (unsigned char*)tcph, tcph_len, &fp, 4);
|
||||
} else if (ip6h) {
|
||||
osfp_fingerprinting((unsigned char*)iph, (unsigned char*)tcph, tcph_len, &fp, 6);
|
||||
} else {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
osfp_profile_get_cycle(c1);
|
||||
if (iph) {
|
||||
result = osfp_ipv4_identify(osfp_db, iph, tcph, tcph_len);
|
||||
osfp_fingerprinting(iph, tcph, tcph_len, &fp, 4);
|
||||
} else if (ip6h) {
|
||||
result = osfp_ipv6_identify(osfp_db, ip6h, tcph, tcph_len);
|
||||
osfp_fingerprinting(iph, tcph, tcph_len, &fp, 6);
|
||||
} else {
|
||||
goto exit;
|
||||
}
|
||||
@@ -475,15 +480,20 @@ void example_detect(struct osfp_db *osfp_db, Packet *p)
|
||||
|
||||
char *json = osfp_result_score_detail_export(result);
|
||||
|
||||
osfp_fingerprint_to_json_buf(&fp, str_buf, 2048, 0);
|
||||
printf("%s\n", str_buf);
|
||||
|
||||
if (1) {
|
||||
if (debug_enable) {
|
||||
if (p->tcph->ack) {
|
||||
printf("--------------------------- SYN/ACK\n");
|
||||
} else {
|
||||
printf("--------------------------- SYN\n");
|
||||
}
|
||||
osfp_fingerprint_to_json_buf(&fp, str_buf, 2048, 0);
|
||||
printf("%s\n", str_buf);
|
||||
printf("Example ipv4 header detect: --------------------------\n");
|
||||
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
|
||||
printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
|
||||
printf("Details:\n");
|
||||
printf("%s\n", json);
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
exit:
|
||||
@@ -510,11 +520,6 @@ void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (p->tcph->ack) {
|
||||
printf("--------------------------- SYN/ACK\n");
|
||||
} else {
|
||||
printf("--------------------------- SYN\n");
|
||||
}
|
||||
|
||||
if (p->iph) {
|
||||
PrintInet(AF_INET, (const void *)&(p->src.addr_data32[0]), p->srcip, sizeof(p->srcip));
|
||||
@@ -555,6 +560,8 @@ static void signal_handler(int signum)
|
||||
printf("%s: %u\n", osfp_os_class_id_to_name(i), result_os_count[i]);
|
||||
}
|
||||
|
||||
fflush(stdout);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user