test: show prefilter stats
This commit is contained in:
zhuzhenjun
@@ -431,7 +431,7 @@ const char *PrintInet(int af, const void *src, char *dst, socklen_t size)
|
|||||||
void example_detect(struct osfp_db *osfp_db, Packet *p)
|
void example_detect(struct osfp_db *osfp_db, Packet *p)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
char str_buf[1024] = "";
|
char str_buf[2048] = "";
|
||||||
//unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
|
//unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
|
||||||
struct iphdr *iph;
|
struct iphdr *iph;
|
||||||
struct ip6_hdr *ip6h;
|
struct ip6_hdr *ip6h;
|
||||||
@@ -449,14 +449,19 @@ void example_detect(struct osfp_db *osfp_db, Packet *p)
|
|||||||
|
|
||||||
|
|
||||||
struct osfp_fingerprint fp = {0};
|
struct osfp_fingerprint fp = {0};
|
||||||
|
if (iph) {
|
||||||
|
osfp_fingerprinting((unsigned char*)iph, (unsigned char*)tcph, tcph_len, &fp, 4);
|
||||||
|
} else if (ip6h) {
|
||||||
|
osfp_fingerprinting((unsigned char*)iph, (unsigned char*)tcph, tcph_len, &fp, 6);
|
||||||
|
} else {
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
osfp_profile_get_cycle(c1);
|
osfp_profile_get_cycle(c1);
|
||||||
if (iph) {
|
if (iph) {
|
||||||
result = osfp_ipv4_identify(osfp_db, iph, tcph, tcph_len);
|
result = osfp_ipv4_identify(osfp_db, iph, tcph, tcph_len);
|
||||||
osfp_fingerprinting(iph, tcph, tcph_len, &fp, 4);
|
|
||||||
} else if (ip6h) {
|
} else if (ip6h) {
|
||||||
result = osfp_ipv6_identify(osfp_db, ip6h, tcph, tcph_len);
|
result = osfp_ipv6_identify(osfp_db, ip6h, tcph, tcph_len);
|
||||||
osfp_fingerprinting(iph, tcph, tcph_len, &fp, 6);
|
|
||||||
} else {
|
} else {
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
@@ -475,15 +480,20 @@ void example_detect(struct osfp_db *osfp_db, Packet *p)
|
|||||||
|
|
||||||
char *json = osfp_result_score_detail_export(result);
|
char *json = osfp_result_score_detail_export(result);
|
||||||
|
|
||||||
osfp_fingerprint_to_json_buf(&fp, str_buf, 2048, 0);
|
if (debug_enable) {
|
||||||
printf("%s\n", str_buf);
|
if (p->tcph->ack) {
|
||||||
|
printf("--------------------------- SYN/ACK\n");
|
||||||
if (1) {
|
} else {
|
||||||
|
printf("--------------------------- SYN\n");
|
||||||
|
}
|
||||||
|
osfp_fingerprint_to_json_buf(&fp, str_buf, 2048, 0);
|
||||||
|
printf("%s\n", str_buf);
|
||||||
printf("Example ipv4 header detect: --------------------------\n");
|
printf("Example ipv4 header detect: --------------------------\n");
|
||||||
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
|
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
|
||||||
printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
|
printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
|
||||||
printf("Details:\n");
|
printf("Details:\n");
|
||||||
printf("%s\n", json);
|
printf("%s\n", json);
|
||||||
|
fflush(stdout);
|
||||||
}
|
}
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
@@ -510,11 +520,6 @@ void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (p->tcph->ack) {
|
|
||||||
printf("--------------------------- SYN/ACK\n");
|
|
||||||
} else {
|
|
||||||
printf("--------------------------- SYN\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (p->iph) {
|
if (p->iph) {
|
||||||
PrintInet(AF_INET, (const void *)&(p->src.addr_data32[0]), p->srcip, sizeof(p->srcip));
|
PrintInet(AF_INET, (const void *)&(p->src.addr_data32[0]), p->srcip, sizeof(p->srcip));
|
||||||
@@ -555,6 +560,8 @@ static void signal_handler(int signum)
|
|||||||
printf("%s: %u\n", osfp_os_class_id_to_name(i), result_os_count[i]);
|
printf("%s: %u\n", osfp_os_class_id_to_name(i), result_os_count[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fflush(stdout);
|
||||||
|
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
21
test/test.c
21
test/test.c
@@ -181,6 +181,8 @@ void test_miss_rate()
|
|||||||
unsigned int other_count = 0;
|
unsigned int other_count = 0;
|
||||||
unsigned int unknown_count = 0;
|
unsigned int unknown_count = 0;
|
||||||
unsigned int identify_failed_count = 0;
|
unsigned int identify_failed_count = 0;
|
||||||
|
unsigned int prefiltered_count = 0;
|
||||||
|
unsigned int prefiltered_wrong_count = 0;
|
||||||
unsigned int wrong_count = 0;
|
unsigned int wrong_count = 0;
|
||||||
unsigned int verified_count = 0;
|
unsigned int verified_count = 0;
|
||||||
unsigned int fingerprint_count = 0;
|
unsigned int fingerprint_count = 0;
|
||||||
@@ -221,6 +223,12 @@ void test_miss_rate()
|
|||||||
|
|
||||||
const char *fp_str = cJSON_PrintUnformatted(entry);
|
const char *fp_str = cJSON_PrintUnformatted(entry);
|
||||||
|
|
||||||
|
struct osfp_fingerprint fp = {0};
|
||||||
|
osfp_fingerprint_from_json(&fp, (char*)fp_str);
|
||||||
|
char str_buf[2048] = "";
|
||||||
|
osfp_fingerprint_to_json_buf(&fp, str_buf, 2048, 0);
|
||||||
|
fprintf(log_file_ptr, "%s\n", str_buf);
|
||||||
|
|
||||||
struct osfp_result *result = osfp_json_identify(osfp_db, fp_str);
|
struct osfp_result *result = osfp_json_identify(osfp_db, fp_str);
|
||||||
if (result == NULL) {
|
if (result == NULL) {
|
||||||
identify_failed_count++;
|
identify_failed_count++;
|
||||||
@@ -229,12 +237,19 @@ void test_miss_rate()
|
|||||||
|
|
||||||
testresult[result->likely_os_class][os_class]++;
|
testresult[result->likely_os_class][os_class]++;
|
||||||
|
|
||||||
|
if (result->details[result->likely_os_class].score == 100) {
|
||||||
|
prefiltered_count++;
|
||||||
|
}
|
||||||
|
|
||||||
if (os_class == result->likely_os_class) {
|
if (os_class == result->likely_os_class) {
|
||||||
verified_count++;
|
verified_count++;
|
||||||
osfp_result_free(result);
|
osfp_result_free(result);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (result->details[result->likely_os_class].score == 100) {
|
||||||
|
prefiltered_wrong_count++;
|
||||||
|
}
|
||||||
wrong_count++;
|
wrong_count++;
|
||||||
|
|
||||||
if (result->likely_os_class == OSFP_OS_CLASS_OTHERS) {
|
if (result->likely_os_class == OSFP_OS_CLASS_OTHERS) {
|
||||||
@@ -245,7 +260,7 @@ void test_miss_rate()
|
|||||||
unknown_count++;
|
unknown_count++;
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(log_file_ptr, "expect: %s, result: %s\n", os_class_json->valuestring, osfp_result_os_name_get(result));
|
fprintf(log_file_ptr, "expect: %s, result: %s, \n", os_class_json->valuestring, osfp_result_os_name_get(result));
|
||||||
|
|
||||||
char *result_json = osfp_result_score_detail_export(result);
|
char *result_json = osfp_result_score_detail_export(result);
|
||||||
if (result_json) {
|
if (result_json) {
|
||||||
@@ -258,8 +273,8 @@ void test_miss_rate()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("total %u, failed %u, pass %u, wrong %u, other %u, unknown %u\n",
|
printf("total %u, failed %u, pass %u, prefiltered %u (wrong: %u), wrong %u, other %u, unknown %u\n",
|
||||||
fingerprint_count, identify_failed_count, verified_count, wrong_count, other_count, unknown_count);
|
fingerprint_count, identify_failed_count, verified_count, prefiltered_count, prefiltered_wrong_count, wrong_count, other_count, unknown_count);
|
||||||
|
|
||||||
//printf("miss rate: %d%%\n", 100 - (verified_count * 100 / fingerprint_count));
|
//printf("miss rate: %d%%\n", 100 - (verified_count * 100 / fingerprint_count));
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user