Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1de666a56e | ||
|
|
168f931da6 |
@@ -40,10 +40,44 @@ struct osfp_fingerprint_field fp_fields[OSFP_FIELD_MAX] = {
|
||||
{OSFP_FINGERPRINT_FIELD_NAME_TCP_FLAGS, 1, OSFP_FIELD_TYPE_UINT, 25, NULL, 0},
|
||||
{OSFP_FINGERPRINT_FIELD_NAME_TCP_MSS, 1, OSFP_FIELD_TYPE_UINT, 150, NULL, 0},
|
||||
{OSFP_FINGERPRINT_FIELD_NAME_TCP_OPTIONS, 1, OSFP_FIELD_TYPE_STRING, 400, NULL, 0},
|
||||
{OSFP_FINGERPRINT_FIELD_NAME_TCP_OPTIONS_ORDERED, 0, OSFP_FIELD_TYPE_STRING, 250, NULL, 0},
|
||||
{OSFP_FINGERPRINT_FIELD_NAME_TCP_OPTIONS_ORDERED, 1, OSFP_FIELD_TYPE_STRING, 250, NULL, 0},
|
||||
{OSFP_FINGERPRINT_FIELD_NAME_OS, 0, OSFP_FIELD_TYPE_STRING, 0, NULL, 0},
|
||||
};
|
||||
|
||||
|
||||
static char *osfp_fingerprint_tcp_options_to_ordered(char *tcp_options, unsigned int len)
|
||||
{
|
||||
int i;
|
||||
char *tcp_options_ordered;
|
||||
unsigned tcp_options_ordered_offset;
|
||||
unsigned tcp_options_offset;
|
||||
|
||||
if (tcp_options == NULL && len == 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
tcp_options_ordered = malloc(len + 1);
|
||||
if (tcp_options_ordered == NULL) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
tcp_options_offset = 0;
|
||||
tcp_options_ordered_offset = 0;
|
||||
while(tcp_options_offset < len) {
|
||||
if (isalpha(tcp_options[tcp_options_offset])) {
|
||||
tcp_options_ordered[tcp_options_ordered_offset] = tcp_options[tcp_options_offset];
|
||||
tcp_options_ordered_offset++;
|
||||
}
|
||||
tcp_options_offset++;
|
||||
}
|
||||
|
||||
tcp_options_ordered[tcp_options_ordered_offset] = 0;
|
||||
|
||||
return tcp_options_ordered;
|
||||
exit:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static char option_to_ascii(unsigned char type)
|
||||
{
|
||||
switch (type) {
|
||||
@@ -392,6 +426,19 @@ int osfp_fingerprint_from_json(struct osfp_fingerprint *fp, char *json_str)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
field = cJSON_GetObjectItem(root, osfp_fingerprint_get_field_name(OSFP_FIELD_TCP_OPTIONS_ORDERED));
|
||||
if (field == NULL) {
|
||||
field = cJSON_GetObjectItem(root, osfp_fingerprint_get_field_name(OSFP_FIELD_TCP_OPTIONS));
|
||||
if (field) {
|
||||
char *tcp_options_ordered_str = osfp_fingerprint_tcp_options_to_ordered(field->valuestring, strlen(field->valuestring));
|
||||
if (tcp_options_ordered_str) {
|
||||
cJSON_AddItemToObject(root, osfp_fingerprint_get_field_name(OSFP_FIELD_TCP_OPTIONS_ORDERED),
|
||||
cJSON_CreateString(tcp_options_ordered_str));
|
||||
free(tcp_options_ordered_str);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < OSFP_FIELD_OS; i++) {
|
||||
if (!fp_fields[i].enabled) {
|
||||
continue;
|
||||
@@ -421,8 +468,11 @@ int osfp_fingerprint_from_json(struct osfp_fingerprint *fp, char *json_str)
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
ret = 0;
|
||||
exit:
|
||||
if (root) {
|
||||
cJSON_Delete(root);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -494,6 +544,7 @@ int test_osfp_fingerprinting_ipv4(void)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = -1;
|
||||
if (0 != memcmp(str_buf, target, strlen(target))) {
|
||||
goto exit;
|
||||
}
|
||||
@@ -533,6 +584,7 @@ int test_osfp_fingerprinting_ipv6(void)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = -1;
|
||||
if (0 != memcmp(str_buf, target, strlen(target))) {
|
||||
goto exit;
|
||||
}
|
||||
@@ -561,6 +613,7 @@ int test_osfp_fingerprinting_tcp_option(void)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = -1;
|
||||
if (fp.fields[OSFP_FIELD_TCP_OPTIONS].value_len != strlen(target_options) + 1)
|
||||
{
|
||||
goto exit;
|
||||
|
||||
@@ -373,7 +373,7 @@ int osfp_score_db_load(struct osfp_score_db *score_db, char *fp_file)
|
||||
|
||||
for (i = 0; i < OSFP_FIELD_MAX; i++) {
|
||||
field_score_db = &score_db->field_score_dbs[i];
|
||||
if (field_score_db->enabled && i != OSFP_FIELD_TCP_OPTIONS) {
|
||||
if (field_score_db->enabled && i != OSFP_FIELD_TCP_OPTIONS_ORDERED) {
|
||||
score_db->perfect_score += osfp_fingerprint_get_field_importance(i);
|
||||
}
|
||||
}
|
||||
@@ -447,6 +447,11 @@ int osfp_score_db_score(struct osfp_score_db *score_db, unsigned int flags, stru
|
||||
result_score->scores[j] += ((OSFP_PERCENTILE * importance / perfect_score) * tmp_score) / entry_count;
|
||||
}
|
||||
}
|
||||
|
||||
if (i == OSFP_FIELD_TCP_OPTIONS) {
|
||||
// if OSFP_FIELD_TCP_OPTIONS matched OSFP_FIELD_TCP_OPTIONS_ORDERED is not needed
|
||||
i++;
|
||||
}
|
||||
}
|
||||
|
||||
return OSFP_NOERR;
|
||||
|
||||
108
test/test.c
108
test/test.c
@@ -18,6 +18,9 @@
|
||||
#define TEST_FILE_PATH "./test.json"
|
||||
#define LOG_FILE_PATH "./osfp_test.log"
|
||||
|
||||
#define OSFP_OS_CLASS_MERGED_MAX (OSFP_OS_CLASS_MAX - 2)
|
||||
#define EntryWidth 8
|
||||
|
||||
unsigned char *data_file_path = DATA_FILE_PATH;
|
||||
unsigned char *db_file_path;
|
||||
unsigned char *test_file_path;
|
||||
@@ -29,6 +32,101 @@ FILE *log_file_ptr;
|
||||
|
||||
unsigned int debug_enable;
|
||||
|
||||
//enum osfp_os_class_id {
|
||||
// OSFP_OS_CLASS_UNKNOWN, // 未知
|
||||
// OSFP_OS_CLASS_WINDOWS, // Windows
|
||||
// OSFP_OS_CLASS_LINUX, // Linux
|
||||
// OSFP_OS_CLASS_MAC_OS, // Mac OS
|
||||
// OSFP_OS_CLASS_IOS, // iOS
|
||||
// OSFP_OS_CLASS_ANDROID, // Android
|
||||
// OSFP_OS_CLASS_OTHERS, // 其他
|
||||
// OSFP_OS_CLASS_MAX,
|
||||
//};
|
||||
// merged classes: unknown 0 windows-like 1 unix-like 2 apple-like 3 others 4
|
||||
|
||||
unsigned int testresult[OSFP_OS_CLASS_MAX][OSFP_OS_CLASS_MAX] = {0};
|
||||
unsigned int testresult_merged[OSFP_OS_CLASS_MERGED_MAX][OSFP_OS_CLASS_MERGED_MAX] = {0};
|
||||
|
||||
static const char *class_to_merged_name(unsigned int class)
|
||||
{
|
||||
switch (class) {
|
||||
case 0:
|
||||
return "Unknown";
|
||||
case 1:
|
||||
return "Windows-Like";
|
||||
case 2:
|
||||
return "Unix-Like";
|
||||
case 3:
|
||||
return "Apple-Like";
|
||||
case 4:
|
||||
return "Others";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
static unsigned int class_to_merged_class(unsigned int class)
|
||||
{
|
||||
switch (class) {
|
||||
case OSFP_OS_CLASS_UNKNOWN:
|
||||
return 0;
|
||||
case OSFP_OS_CLASS_WINDOWS:
|
||||
return 1;
|
||||
case OSFP_OS_CLASS_LINUX:
|
||||
return 2;
|
||||
case OSFP_OS_CLASS_MAC_OS:
|
||||
return 3;
|
||||
case OSFP_OS_CLASS_IOS:
|
||||
return 3;
|
||||
case OSFP_OS_CLASS_ANDROID:
|
||||
return 2;
|
||||
case OSFP_OS_CLASS_OTHERS:
|
||||
return 4;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void testresult_class_merge()
|
||||
{
|
||||
int i,j;
|
||||
for (i = 0; i < OSFP_OS_CLASS_MAX; i++) {
|
||||
for (j = 0; j < OSFP_OS_CLASS_MAX; j++) {
|
||||
testresult_merged[class_to_merged_class(i)][class_to_merged_class(j)] += testresult[i][j];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void print_confusion_matrix(unsigned int *result, unsigned int os_class_max, const char *(*get_name)(unsigned int))
|
||||
{
|
||||
int i,j;
|
||||
int matched = 0, missed = 0;
|
||||
|
||||
for (i = 0; i < os_class_max; i++) {
|
||||
printf("%*s(%c)", EntryWidth-3, " ", 'a' + i);
|
||||
}
|
||||
printf(" <-" " classified as" "\n");
|
||||
|
||||
for (i = 0; i < os_class_max; i++) {
|
||||
printf("%*.*s", EntryWidth, EntryWidth-2, "----------");
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
|
||||
|
||||
for (i = 0; i < os_class_max; i++) {
|
||||
for (j = 0; j < os_class_max; j++) {
|
||||
if (i == j) {
|
||||
matched += *(result + os_class_max * i + j);
|
||||
} else {
|
||||
missed += *(result + os_class_max * i + j);
|
||||
}
|
||||
printf(" %*d", EntryWidth-1, *(result + os_class_max * i + j));
|
||||
}
|
||||
printf(" (%c): " "class" " %s\n", 'a' + i, get_name(i));
|
||||
}
|
||||
|
||||
printf("miss rate: %u%%\n", 100 * missed / (matched + missed));
|
||||
}
|
||||
|
||||
|
||||
void test_data_prepare()
|
||||
{
|
||||
char *file_buffer;
|
||||
@@ -129,6 +227,8 @@ void test_miss_rate()
|
||||
continue;
|
||||
}
|
||||
|
||||
testresult[result->likely_os_class][os_class]++;
|
||||
|
||||
if (os_class == result->likely_os_class) {
|
||||
verified_count++;
|
||||
osfp_result_free(result);
|
||||
@@ -161,7 +261,13 @@ void test_miss_rate()
|
||||
printf("total %u, failed %u, pass %u, wrong %u, other %u, unknown %u\n",
|
||||
fingerprint_count, identify_failed_count, verified_count, wrong_count, other_count, unknown_count);
|
||||
|
||||
printf("miss rate: %d%%\n", 100 - (verified_count * 100 / fingerprint_count));
|
||||
//printf("miss rate: %d%%\n", 100 - (verified_count * 100 / fingerprint_count));
|
||||
|
||||
testresult_class_merge();
|
||||
|
||||
print_confusion_matrix((unsigned int *)testresult, OSFP_OS_CLASS_MAX, osfp_os_class_id_to_name);
|
||||
|
||||
print_confusion_matrix((unsigned int *)testresult_merged, OSFP_OS_CLASS_MERGED_MAX, class_to_merged_name);
|
||||
|
||||
printf("details in: %s\n", LOG_FILE_PATH);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user