Merge branch 'ntop:dev' into dev

ntop · Sep 9, 2024 · a84556b · a84556b
2 parents 790c735 + f4d2002
commit a84556b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 25 deletions.
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
@@ -29,6 +29,7 @@
 #include "ndpi_encryption.h"
 #include "ndpi_private.h"
 
+/* #define JA4R_DECIMAL 1 */
 
 static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_struct,
 				    struct ndpi_flow_struct *flow);
@@ -67,10 +68,10 @@ union ja_info {
     u_int16_t num_elliptic_curve, elliptic_curve[MAX_NUM_JA];
     u_int16_t num_elliptic_curve_point_format, elliptic_curve_point_format[MAX_NUM_JA];
     u_int16_t num_signature_algorithms, signature_algorithms[MAX_NUM_JA];
-    u_int16_t num_supported_versions, supported_versions[MAX_NUM_JA];  
+    u_int16_t num_supported_versions, supported_versions[MAX_NUM_JA];
     char signature_algorithms_str[MAX_JA_STRLEN], alpn[MAX_JA_STRLEN];
   } client;
-  
+
   struct {
     u_int16_t tls_handshake_version;
     u_int16_t num_ciphers, cipher[MAX_NUM_JA];
@@ -1644,13 +1645,13 @@ static bool is_grease_version(u_int16_t version) {
   case 0x8a8a:
   case 0x9a9a:
   case 0xaaaa:
-  case 0xbaba:  
+  case 0xbaba:
   case 0xcaca:
   case 0xdada:
   case 0xeaea:
   case 0xfafa:
     return(true);
-    
+
   default:
     return(false);
   }
@@ -1673,7 +1674,7 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
   bool is_dtls = ((flow->l4_proto == IPPROTO_UDP) && (quic_version == 0)) || flow->stun.maybe_dtls;
   int ja4_r_len = 0;
   char ja4_r[1024];
-  
+
   /*
     Compute JA4 TLS/QUIC client
 
@@ -1697,7 +1698,7 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
        && (tls_handshake_version < ja->client.supported_versions[i]))
       tls_handshake_version = ja->client.supported_versions[i];
   }
-  
+
   switch(tls_handshake_version) {
   case 0x0304: /* TLS 1.3 = “13” */
     ja_str[1] = '1';
@@ -1770,17 +1771,23 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
 
   tmp_str_len = 0;
   for(i=0; i<ja->client.num_ciphers; i++) {
+#ifdef JA4R_DECIMAL
+    rc = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, "%s%u", (i > 0) ? "," : "", ja->client.cipher[i]);
+    if(rc > 0) ja4_r_len += rc;
+#endif
     rc = ndpi_snprintf((char *)&tmp_str[tmp_str_len], JA_STR_LEN-tmp_str_len, "%s%04x",
 		       (i > 0) ? "," : "", ja->client.cipher[i]);
     if((rc > 0) && (tmp_str_len + rc < JA_STR_LEN)) tmp_str_len += rc; else break;
   }
 
+#ifndef JA4R_DECIMAL
   ja_str[ja_str_len] = 0;
   i = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, "%s", ja_str); if(i > 0) ja4_r_len += i;
 
   tmp_str[tmp_str_len] = 0;
   i = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, "%s_", tmp_str); if(i > 0) ja4_r_len += i;
-
+#endif
+
   ndpi_sha256(tmp_str, tmp_str_len, sha_hash);
 
   rc = ndpi_snprintf(&ja_str[ja_str_len], ja_max_len - ja_str_len,
@@ -1793,9 +1800,19 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
   printf("[CIPHER] %s [len: %u]\n", tmp_str, tmp_str_len);
 #endif
 
+#ifdef JA4R_DECIMAL
+  rc = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, " ");
+  if(rc > 0) ja4_r_len += rc;
+#endif
+
   tmp_str_len = 0;
   for(i=0, num_extn = 0; i<ja->client.num_tls_extensions; i++) {
     if((ja->client.tls_extension[i] > 0) && (ja->client.tls_extension[i] != 0x10 /* ALPN extension */)) {
+#ifdef JA4R_DECIMAL
+      rc = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, "%s%u", (num_extn > 0) ? "," : "", ja->client.tls_extension[i]);
+      if(rc > 0) ja4_r_len += rc;
+#endif
+
       rc = ndpi_snprintf((char *)&tmp_str[tmp_str_len], JA_STR_LEN-tmp_str_len, "%s%04x",
 			 (num_extn > 0) ? "," : "", ja->client.tls_extension[i]);
       if((rc > 0) && (tmp_str_len + rc < JA_STR_LEN)) tmp_str_len += rc; else break;
@@ -1812,9 +1829,12 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
 #ifdef DEBUG_JA
   printf("[EXTN] %s [len: %u]\n", tmp_str, tmp_str_len);
 #endif
-  
+
   tmp_str[tmp_str_len] = 0;
+
+#ifndef JA4R_DECIMAL
   i = snprintf(&ja4_r[ja4_r_len], sizeof(ja4_r)-ja4_r_len, "%s", tmp_str); if(i > 0) ja4_r_len += i;
+#endif
 
   if(ndpi_struct->cfg.tls_ja4r_fingerprint_enabled) {
     if(flow->protos.tls_quic.ja4_client_raw == NULL)
@@ -1823,7 +1843,7 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
     printf("[JA4_r] %s [len: %u]\n", ja4_r, ja4_r_len);
 #endif
   }
-  
+
   ndpi_sha256(tmp_str, tmp_str_len, sha_hash);
 
   rc = ndpi_snprintf(&ja_str[ja_str_len], ja_max_len - ja_str_len,
@@ -2489,7 +2509,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		  ja.client.signature_algorithms[id++] = ntohs(*(u_int16_t*)&packet->payload[s_offset+i]);
 		}
 		ja.client.num_signature_algorithms = id;
-		
+
 		for(i=0, id=0; i<tot_signature_algorithms_len && s_offset+i+1<total_len; i++) {
 		  int rc = ndpi_snprintf(&ja.client.signature_algorithms_str[i*2],
 					 sizeof(ja.client.signature_algorithms_str)-i*2,

diff --git a/src/lib/third_party/src/roaring.c b/src/lib/third_party/src/roaring.c
@@ -7811,7 +7811,7 @@ static void binarySearch2(const uint16_t *array, int32_t n, uint16_t target1,
  * and binarySearch2. This approach can be slightly superior to a conventional
  * galloping search in some instances.
  */
-int32_t intersect_skewed_uint16(const uint16_t *small, size_t size_s,
+int32_t intersect_skewed_uint16(const uint16_t *_small, size_t size_s,
                                 const uint16_t *large, size_t size_l,
                                 uint16_t *buffer) {
     size_t pos = 0, idx_l = 0, idx_s = 0;
@@ -7821,10 +7821,10 @@ int32_t intersect_skewed_uint16(const uint16_t *small, size_t size_s,
     }
     int32_t index1 = 0, index2 = 0, index3 = 0, index4 = 0;
     while ((idx_s + 4 <= size_s) && (idx_l < size_l)) {
-        uint16_t target1 = small[idx_s];
-        uint16_t target2 = small[idx_s + 1];
-        uint16_t target3 = small[idx_s + 2];
-        uint16_t target4 = small[idx_s + 3];
+        uint16_t target1 = _small[idx_s];
+        uint16_t target2 = _small[idx_s + 1];
+        uint16_t target3 = _small[idx_s + 2];
+        uint16_t target4 = _small[idx_s + 3];
         binarySearch4(large + idx_l, (int32_t)(size_l - idx_l), target1,
                       target2, target3, target4, &index1, &index2, &index3,
                       &index4);
@@ -7844,8 +7844,8 @@ int32_t intersect_skewed_uint16(const uint16_t *small, size_t size_s,
         idx_l += index4;
     }
     if ((idx_s + 2 <= size_s) && (idx_l < size_l)) {
-        uint16_t target1 = small[idx_s];
-        uint16_t target2 = small[idx_s + 1];
+        uint16_t target1 = _small[idx_s];
+        uint16_t target2 = _small[idx_s + 1];
         binarySearch2(large + idx_l, (int32_t)(size_l - idx_l), target1,
                       target2, &index1, &index2);
         if ((index1 + idx_l < size_l) && (large[idx_l + index1] == target1)) {
@@ -7858,7 +7858,7 @@ int32_t intersect_skewed_uint16(const uint16_t *small, size_t size_s,
         idx_l += index2;
     }
     if ((idx_s < size_s) && (idx_l < size_l)) {
-        uint16_t val_s = small[idx_s];
+        uint16_t val_s = _small[idx_s];
         int32_t index =
             binarySearch(large + idx_l, (int32_t)(size_l - idx_l), val_s);
         if (index >= 0) buffer[pos++] = val_s;
@@ -7867,7 +7867,7 @@ int32_t intersect_skewed_uint16(const uint16_t *small, size_t size_s,
 }
 
 // TODO: this could be accelerated, possibly, by using binarySearch4 as above.
-int32_t intersect_skewed_uint16_cardinality(const uint16_t *small,
+int32_t intersect_skewed_uint16_cardinality(const uint16_t *_small,
                                             size_t size_s,
                                             const uint16_t *large,
                                             size_t size_l) {
@@ -7877,7 +7877,7 @@ int32_t intersect_skewed_uint16_cardinality(const uint16_t *small,
         return 0;
     }
 
-    uint16_t val_l = large[idx_l], val_s = small[idx_s];
+    uint16_t val_l = large[idx_l], val_s = _small[idx_s];
 
     while (true) {
         if (val_l < val_s) {
@@ -7887,12 +7887,12 @@ int32_t intersect_skewed_uint16_cardinality(const uint16_t *small,
         } else if (val_s < val_l) {
             idx_s++;
             if (idx_s == size_s) break;
-            val_s = small[idx_s];
+            val_s = _small[idx_s];
         } else {
             pos++;
             idx_s++;
             if (idx_s == size_s) break;
-            val_s = small[idx_s];
+            val_s = _small[idx_s];
             idx_l = advanceUntil(large, (int32_t)idx_l, (int32_t)size_l, val_s);
             if (idx_l == size_l) break;
             val_l = large[idx_l];
@@ -7902,15 +7902,15 @@ int32_t intersect_skewed_uint16_cardinality(const uint16_t *small,
     return (int32_t)pos;
 }
 
-bool intersect_skewed_uint16_nonempty(const uint16_t *small, size_t size_s,
+bool intersect_skewed_uint16_nonempty(const uint16_t *_small, size_t size_s,
                                       const uint16_t *large, size_t size_l) {
     size_t idx_l = 0, idx_s = 0;
 
     if (0 == size_s) {
         return false;
     }
 
-    uint16_t val_l = large[idx_l], val_s = small[idx_s];
+    uint16_t val_l = large[idx_l], val_s = _small[idx_s];
 
     while (true) {
         if (val_l < val_s) {
@@ -7920,7 +7920,7 @@ bool intersect_skewed_uint16_nonempty(const uint16_t *small, size_t size_s,
         } else if (val_s < val_l) {
             idx_s++;
             if (idx_s == size_s) break;
-            val_s = small[idx_s];
+            val_s = _small[idx_s];
         } else {
             return true;
         }