v0.0.2
This commit is contained in:
zhuzhenjun
@@ -1,4 +1,4 @@
|
|||||||
AC_INIT([libosfp],[0.0.0],[zhuzhenjun@geedgenetworks.com])
|
AC_INIT([libosfp],[0.0.2],[zhuzhenjun@geedgenetworks.com])
|
||||||
AM_INIT_AUTOMAKE([foreign])
|
AM_INIT_AUTOMAKE([foreign])
|
||||||
|
|
||||||
#m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
|
#m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
|
||||||
@@ -7,7 +7,7 @@ AC_CONFIG_MACRO_DIR([m4])
|
|||||||
AC_ARG_ENABLE([debug], [AS_HELP_STRING([--enable-debug], [enable debug info])], [enable_debug=$enableval], [enable_debug=no])
|
AC_ARG_ENABLE([debug], [AS_HELP_STRING([--enable-debug], [enable debug info])], [enable_debug=$enableval], [enable_debug=no])
|
||||||
|
|
||||||
AS_IF([test "x$enable_debug" = xyes],
|
AS_IF([test "x$enable_debug" = xyes],
|
||||||
[CFLAGS="-ggdb3 -O0"],
|
[CFLAGS="-ggdb3 -O0 -fsanitize=address -fno-omit-frame-pointer"],
|
||||||
[CFLAGS="-g -O2"])
|
[CFLAGS="-g -O2"])
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -15,6 +15,7 @@
|
|||||||
#include <pcap.h>
|
#include <pcap.h>
|
||||||
|
|
||||||
#include "libosfp.h"
|
#include "libosfp.h"
|
||||||
|
#include "libosfp_fingerprint.h"
|
||||||
#include "libosfp_score_db.h"
|
#include "libosfp_score_db.h"
|
||||||
|
|
||||||
#define DEFAULT_FP_FILE_PATH "./fp.json"
|
#define DEFAULT_FP_FILE_PATH "./fp.json"
|
||||||
@@ -483,7 +484,7 @@ void example_detect_fingerprint(libosfp_context_t *libosfp_context, Packet *p)
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
libosfp_fingerprint_to_json_buf(&fp, str_buf, sizeof(str_buf));
|
libosfp_fingerprint_to_json_buf(&fp, str_buf, sizeof(str_buf), 1);
|
||||||
printf("%s\n", str_buf);
|
printf("%s\n", str_buf);
|
||||||
|
|
||||||
// output fingerprint with connection info line
|
// output fingerprint with connection info line
|
||||||
|
|||||||
@@ -132,4 +132,4 @@ void libosfp_context_destroy(libosfp_context_t *libosfp_context)
|
|||||||
}
|
}
|
||||||
free(libosfp_context);
|
free(libosfp_context);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -101,6 +101,27 @@
|
|||||||
} \
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
static inline unsigned long long libosfp_rdtsc(void)
|
||||||
|
{
|
||||||
|
union {
|
||||||
|
unsigned long long tsc_64;
|
||||||
|
struct {
|
||||||
|
unsigned int lo_32;
|
||||||
|
unsigned int hi_32;
|
||||||
|
};
|
||||||
|
} tsc;
|
||||||
|
|
||||||
|
asm volatile("rdtsc" :
|
||||||
|
"=a" (tsc.lo_32),
|
||||||
|
"=d" (tsc.hi_32));
|
||||||
|
return tsc.tsc_64;
|
||||||
|
}
|
||||||
|
|
||||||
|
#define libosfp_profile_cycle(x) volatile unsigned long long x = 0
|
||||||
|
#define libosfp_profile_get_cycle(x) do { \
|
||||||
|
x = libosfp_rdtsc(); \
|
||||||
|
} while(0)
|
||||||
|
|
||||||
#define LIBOSFP_BIT_U32(n) (1UL << (n))
|
#define LIBOSFP_BIT_U32(n) (1UL << (n))
|
||||||
|
|
||||||
typedef enum libosfp_error_code {
|
typedef enum libosfp_error_code {
|
||||||
|
|||||||
@@ -124,7 +124,7 @@ static unsigned int decode_tcp_options(libosfp_tcp_opt_t *tcp_opts, unsigned int
|
|||||||
return tcp_opt_cnt;
|
return tcp_opt_cnt;
|
||||||
}
|
}
|
||||||
|
|
||||||
int libosfp_fingerprint_to_json_buf(libosfp_fingerprint_t *fp, char *strbuf, unsigned int buf_len)
|
int libosfp_fingerprint_to_json_buf(libosfp_fingerprint_t *fp, char *strbuf, unsigned int buf_len, unsigned int format)
|
||||||
{
|
{
|
||||||
int rlen = 0, ret, i;
|
int rlen = 0, ret, i;
|
||||||
cJSON *root;
|
cJSON *root;
|
||||||
@@ -155,7 +155,7 @@ int libosfp_fingerprint_to_json_buf(libosfp_fingerprint_t *fp, char *strbuf, uns
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!cJSON_PrintPreallocated(root, strbuf, buf_len, 1)) {
|
if (!cJSON_PrintPreallocated(root, strbuf, buf_len, format)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -308,7 +308,7 @@ int libosfp_fingerprinting_tcp(struct tcphdr *tcph, libosfp_fingerprint_t *fp)
|
|||||||
|
|
||||||
// tcp options
|
// tcp options
|
||||||
if (tcp_off > LIBOSFP_TCP_HEADER_LEN) {
|
if (tcp_off > LIBOSFP_TCP_HEADER_LEN) {
|
||||||
libosfp_fingerprinting_tcp_option((unsigned char *)tcph + LIBOSFP_TCP_HEADER_LEN, 20 + tcp_off - LIBOSFP_TCP_HEADER_LEN, fp);
|
libosfp_fingerprinting_tcp_option((unsigned char *)tcph + LIBOSFP_TCP_HEADER_LEN, tcp_off - LIBOSFP_TCP_HEADER_LEN, fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@@ -398,3 +398,44 @@ int libosfp_fingerprinting(unsigned char *iph, unsigned char *tcph, libosfp_fing
|
|||||||
exit:
|
exit:
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef UNITTEST
|
||||||
|
int test_libosfp_fingerprinting(void)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
char iph[] = {
|
||||||
|
0x45, 0x00, 0x00, 0x34, 0x51, 0xc4, 0x40, 0x00,
|
||||||
|
0x80, 0x06, 0xe7, 0x27, 0xc0, 0xa8, 0x73, 0x08,
|
||||||
|
0x6a, 0xb9, 0x23, 0x6e
|
||||||
|
};
|
||||||
|
|
||||||
|
char tcph[] = {
|
||||||
|
0xc1, 0xbd, 0x00, 0x50, 0x3d, 0x58, 0x51, 0x60,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00,
|
||||||
|
0x3d, 0x3a, 0x00, 0x00, 0x02, 0x04, 0x04, 0xec,
|
||||||
|
0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02
|
||||||
|
};
|
||||||
|
|
||||||
|
char str_buf[2048] = "";
|
||||||
|
const char *target_buf = "{\"ip_id\":1,\"ip_tos\":0,\"ip_total_length\":52,\"ip_ttl\":128,\"tcp_off\":32,\"tcp_timestamp\":null,\"tcp_timestamp_echo_reply\":null,\"tcp_window_scaling\":8,\"tcp_window_size\":8192,\"tcp_flags\":2,\"tcp_mss\":1260,\"tcp_options\":\"M1260,N,W8,N,N,S,\",\"tcp_options_ordered\":\"MNWNNS\",\"os\":\"LIBOSFP_UNKNOWN\"}";
|
||||||
|
libosfp_fingerprint_t fp = {0};
|
||||||
|
|
||||||
|
ret = libosfp_fingerprinting(iph, tcph, &fp);
|
||||||
|
if (ret != 0) {
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = libosfp_fingerprint_to_json_buf(&fp, str_buf, 2048, 0);
|
||||||
|
if (ret <= 0) {
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (0 != memcmp(str_buf, target_buf, strlen(target_buf))) {
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
exit:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ typedef struct libosfp_fingerprint_field {
|
|||||||
typedef struct libosfp_fingerprint {
|
typedef struct libosfp_fingerprint {
|
||||||
libosfp_fingerprint_field_t fields[LIBOSFP_FIELD_MAX];
|
libosfp_fingerprint_field_t fields[LIBOSFP_FIELD_MAX];
|
||||||
char value_buffer[LIBOSFP_FINGERPRINT_VALUE_BUFFER_MAX];
|
char value_buffer[LIBOSFP_FINGERPRINT_VALUE_BUFFER_MAX];
|
||||||
unsigned value_buffer_used;
|
unsigned int value_buffer_used;
|
||||||
} libosfp_fingerprint_t;
|
} libosfp_fingerprint_t;
|
||||||
|
|
||||||
|
|
||||||
@@ -48,7 +48,7 @@ char *libosfp_fingerprint_get_field_name(libosfp_field_id_t field_id);
|
|||||||
unsigned int libosfp_fingerprint_get_field_enabled(libosfp_field_id_t field_id);
|
unsigned int libosfp_fingerprint_get_field_enabled(libosfp_field_id_t field_id);
|
||||||
unsigned int libosfp_fingerprint_get_field_importance(libosfp_field_id_t field_id);
|
unsigned int libosfp_fingerprint_get_field_importance(libosfp_field_id_t field_id);
|
||||||
unsigned int libosfp_fingerprint_get_field_type(libosfp_field_id_t field_id);
|
unsigned int libosfp_fingerprint_get_field_type(libosfp_field_id_t field_id);
|
||||||
int libosfp_fingerprint_to_json_buf(libosfp_fingerprint_t *fp, char *strbuf, unsigned int buf_len);
|
int libosfp_fingerprint_to_json_buf(libosfp_fingerprint_t *fp, char *strbuf, unsigned int buf_len, unsigned int format);
|
||||||
void libosfp_fingerprint_setup_field(libosfp_fingerprint_t *fp, libosfp_field_id_t field_id, void *value, unsigned int len);
|
void libosfp_fingerprint_setup_field(libosfp_fingerprint_t *fp, libosfp_field_id_t field_id, void *value, unsigned int len);
|
||||||
|
|
||||||
void libosfp_fingerprinting_tcp_option(unsigned char *pkt, unsigned int pktlen, libosfp_fingerprint_t *fp);
|
void libosfp_fingerprinting_tcp_option(unsigned char *pkt, unsigned int pktlen, libosfp_fingerprint_t *fp);
|
||||||
@@ -57,4 +57,7 @@ int libosfp_fingerprinting_ipv4(struct iphdr *iph, libosfp_fingerprint_t *fp);
|
|||||||
int libosfp_fingerprinting_ipv6(struct ipv6hdr *iph, libosfp_fingerprint_t *fp);
|
int libosfp_fingerprinting_ipv6(struct ipv6hdr *iph, libosfp_fingerprint_t *fp);
|
||||||
int libosfp_fingerprinting(unsigned char *iphdr, unsigned char *tcphdr, libosfp_fingerprint_t *fp);
|
int libosfp_fingerprinting(unsigned char *iphdr, unsigned char *tcphdr, libosfp_fingerprint_t *fp);
|
||||||
|
|
||||||
|
#ifdef UNITTEST
|
||||||
|
int test_libosfp_fingerprinting(void);
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -458,7 +458,7 @@ int libosfp_score_db_score(libosfp_score_db_t *score_db, unsigned int flags, lib
|
|||||||
entry_count = score_db->os_class_entry_count[i];
|
entry_count = score_db->os_class_entry_count[i];
|
||||||
os_class_score = result_score->os_class_score[i];
|
os_class_score = result_score->os_class_score[i];
|
||||||
|
|
||||||
if (entry_count == 0 || perfect_score == 0) {
|
if (entry_count == 0) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -491,7 +491,7 @@ void libosfp_score_db_debug_print(libosfp_score_db_t *score_db)
|
|||||||
|
|
||||||
for (i = 0; i < LIBOSFP_OS_CLASS_MAX; i++) {
|
for (i = 0; i < LIBOSFP_OS_CLASS_MAX; i++) {
|
||||||
const char *name = libosfp_os_class_id_to_name(i);
|
const char *name = libosfp_os_class_id_to_name(i);
|
||||||
printf("os class %p ", name);
|
printf("os class %s ", name);
|
||||||
|
|
||||||
printf("entry_count: %u\n", score_db->os_class_entry_count[i]);
|
printf("entry_count: %u\n", score_db->os_class_entry_count[i]);
|
||||||
printf("os class %s entry_count: %u\n", libosfp_os_class_id_to_name(i), score_db->os_class_entry_count[i]);
|
printf("os class %s entry_count: %u\n", libosfp_os_class_id_to_name(i), score_db->os_class_entry_count[i]);
|
||||||
|
|||||||
Reference in New Issue
Block a user