Improced extcap configuration window with sorted protocol list

Reported flow stats in Statistics -> nDPI menu
mzhunder1 · Apr 25, 2017 · d4a16d9 · d4a16d9
1 parent 6c2c885
commit d4a16d9
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 38 deletions.
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
@@ -246,10 +246,23 @@ void extcap_dlts() {
 
 /* ********************************** */
 
+struct ndpi_proto_sorter {
+  int id;
+  char name[16];
+};
+
+int cmpProto(const void *_a, const void *_b) {
+  struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a;
+  struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b;
+
+  return(strcmp(a->name, b->name));
+}
+
 void extcap_config() {
   int i, argidx = 0;
   struct ndpi_detection_module_struct *ndpi_mod;
-
+  struct ndpi_proto_sorter *protos;
+
   /* -i <interface> */
   printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}"
 	 "{tooltip=The interface name}\n", argidx++);
@@ -258,20 +271,31 @@ void extcap_config() {
   printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}"
 	 "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++);
 #endif
+
+  setupDetection(0, NULL);
+  ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct;
+
+  protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols);
+  if(!protos) exit(0);  
+
+  for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
+    protos[i].id = i;
+    snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_mod->proto_defaults[i].protoName);
+  }
 
+  qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto);
 
   printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}"
 	 "{tooltip=nDPI Protocol to be filtered}\n", argidx);
 
-  setupDetection(0, NULL);
-  ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct;
-
   printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)");
-
+  
   for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++)
-    printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, i,
-	   ndpi_mod->proto_defaults[i].protoName, i);
+    printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id,
+	   protos[i].name, protos[i].id);
 
+  free(protos);
+
   exit(0);
 }
 
@@ -1507,13 +1531,14 @@ static void pcap_packet_callback_checked(u_char *args,
     crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)];
     *crc = 0;
     ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer), crc);
-    h.caplen += delta,  h.len += delta;
+    h.caplen += delta, h.len += delta;
 
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, "Dumping %u bytes packet\n", h.caplen);
 #endif
 
     pcap_dump((u_char*)extcap_dumper, &h, (const u_char *)extcap_buf);
+    pcap_dump_flush(extcap_dumper);
   }
 
   /* check for buffer changes */

diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
@@ -15,16 +15,15 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR
 
 local f_eth_trailer = Field.new("eth.trailer")
 
-local ndpi_protos       = {}
-local ndpi_senders      = {}
-local ndpi_receivers    = {}
+local ndpi_protos     = {}
+local ndpi_flows      = {}
+local compute_flows_stats = true
 
 -- ###############################################
 
 function ndpi_proto.init()
    ndpi_protos       = {}
-   ndpi_senders      = {}
-   ndpi_receivers    = {}
+   ndpi_flows        = {}
 end
 
 function slen(str)
@@ -57,7 +56,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree)
       local application_protocol = tvb(pktlen-22,2)
       local name = tvb(pktlen-20,16)
       local name_str = name:string(ENC_ASCII)
-      local key
+      local ndpikey, srckey, dstkey, flowkey
 
       ndpi_subtree:add(fds.network_protocol, network_protocol)
       ndpi_subtree:add(fds.application_protocol, application_protocol)
@@ -69,17 +68,22 @@ function ndpi_proto.dissector(tvb, pinfo, tree)
 	 pinfo.cols.protocol = name_str
       end
 
-      key = tostring(slen(name_str))
-      if(ndpi_protos[key] == nil) then ndpi_protos[key] = 0 end
-      ndpi_protos[key] = ndpi_protos[key] + pinfo.len
+      if(compute_flows_stats) then
+	 ndpikey = tostring(slen(name_str))
 
-      key = tostring(pinfo.src)
-      if(ndpi_senders[key] == nil) then ndpi_senders[key] = 0 end
-      ndpi_senders[key] = ndpi_senders[key] + pinfo.len
+	 if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end
+	 ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len
+
+	 srckey = tostring(pinfo.src)
+	 dstkey = tostring(pinfo.dst)
+
+	 flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]"
+	 if(ndpi_flows[flowkey] == nil) then
+	    ndpi_flows[flowkey] = 0
+	 end
 
-      key = tostring(pinfo.dst)
-      if(ndpi_receivers[key] == nil) then ndpi_receivers[key] = 0 end
-      ndpi_receivers[key] = ndpi_receivers[key] + pinfo.len
+	 ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len
+      end
    end
 end
 
@@ -147,32 +151,24 @@ local function ndpi_dialog_menu()
       i = 0
       for k,v in pairsByValues(ndpi_protos, rev) do
 	 -- label = label .. k .. "\t".. bytesToSize(v) .. "\n"
-	 label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v))
+	 label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v))
 	 if(i == max_i) then break else i = i + 1 end
       end
 
       -- #######
 
-      label = label .. "\nTop Senders\n"
+      label = label .. "\nTop nDPI Flows\n"
       label = label .. "-----------\n"
       i = 0
-      for k,v in pairsByValues(ndpi_senders, rev) do
-	 label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v))
-	 if(i == max_i) then break else i = i + 1 end
-      end
-
-      -- #######
-
-      label = label .. "\nTop Receivers\n"
-      label = label .. "-------------\n"
-      i = 0
-      for k,v in pairsByValues(ndpi_receivers, rev) do
-	 label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v))
+      for k,v in pairsByValues(ndpi_flows, rev) do
+	 label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v))
 	 if(i == max_i) then break else i = i + 1 end
       end
 
       win:set(label)
    end
 end
 
-register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED)
+if(compute_flows_stats) then
+   register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED)
+end