v0.0.3

author: zhuzhenjun <[email protected]> 2023-09-27 11:45:26 +0800
committer: zhuzhenjun <[email protected]> 2023-09-27 11:45:58 +0800
commit: 15d4a2d27198005b557b62dbfbb03c49d5b5220c (patch)
tree: fd93a8811d3f1453266c9568ae38c710e54d4cd0 /example/osfp_example.c
parent: eeb4cc0b6bf9074765b5d3234238749aa63346f7 (diff)
1 files changed, 29 insertions, 85 deletions
diff --git a/example/osfp_example.c b/example/osfp_example.c
index 48fed9c..309a1d2 100644
--- a/example/osfp_example.c
+++ b/example/osfp_example.c
@@ -14,9 +14,10 @@
 
 #include <pcap.h>
 
-#include "libosfp.h"
-#include "libosfp_fingerprint.h"
-#include "libosfp_score_db.h"
+#include "osfp_common.h"
+#include "osfp.h"
+#include "osfp_fingerprint.h"
+#include "osfp_score_db.h"
 
 #define DEFAULT_FP_FILE_PATH "./fp.json"
 
@@ -434,82 +435,36 @@ const char *PrintInet(int af, const void *src, char *dst, socklen_t size)
     return NULL;
 }
 
-void example_detect(libosfp_context_t *libosfp_context, Packet *p)
-{
-    int ret;
-    char str_buf[1024];
-
-    unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
-    unsigned char *tcph = (unsigned char *)p->tcph;
-    libosfp_result_t result;
-    unsigned int os_class_flags = LIBOSFP_OS_CLASS_FLAG_WINDOWS | LIBOSFP_OS_CLASS_FLAG_LINUX | LIBOSFP_OS_CLASS_FLAG_MAC_OS;
-
-    printf("Example header detect: --------------------------\n");
-
-    ret = libosfp_detect(libosfp_context, os_class_flags, iph, tcph, &result);
-    if (ret != 0) {
-        printf("libosfp header match failed, erro: %s\n", "?");
-        goto exit;
-    }
-
-    printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
-    printf("Most likely os class: %s\n", libosfp_result_likely_os_class_name_get(&result));
-    printf("Likely score: %u/100\n", result.score.likely_score);
-
-    printf("Details:\n");
-    if (libosfp_result_to_buf(&result, str_buf, sizeof(str_buf))) {
-        printf("%s", str_buf);
-    }
-
-exit:
-    return;
-}
-
-void example_detect_fingerprint(libosfp_context_t *libosfp_context, Packet *p)
+void example_detect(struct osfp_db *osfp_db, Packet *p)
 {
     int ret;
     char str_buf[1024];
+    //unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
+    struct tcphdr *tcph;
+    unsigned int tcph_len;
+    struct osfp_result *result;
+    unsigned int os_class_flags = OSFP_OS_CLASS_FLAG_WINDOWS | OSFP_OS_CLASS_FLAG_LINUX | OSFP_OS_CLASS_FLAG_MAC_OS;
 
-    unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
-    unsigned char *tcph = (unsigned char *)p->tcph;
-    libosfp_result_t result;
-    libosfp_fingerprint_t fp;
+    printf("Example ipv4 header detect: --------------------------\n");
 
-    // fingerprinting
-    printf("Example fingerprint detect: --------------------------\n");
-    memset(&fp, 0, sizeof(libosfp_fingerprint_t));
-    ret = libosfp_fingerprinting(iph, tcph, &fp);
-    if (ret != 0) {
-        printf("libosfp fingerprinting failed\n");
+    if (p->iph == NULL) {
         goto exit;
     }
 
-    libosfp_fingerprint_to_json_buf(&fp, str_buf, sizeof(str_buf), 1);
-    printf("%s\n", str_buf);
+    tcph = (struct tcphdr *)p->tcph;
+    tcph_len = tcph->doff << 2;
 
-    // output fingerprint with connection info line
-    if (fingerprinting_output_fp) {
-        fprintf(fingerprinting_output_fp, "Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
-        fprintf(fingerprinting_output_fp, "%s\n", str_buf);
-        fflush(fingerprinting_output_fp);
-    }
-
-    // score
-    memset(&result, 0, sizeof(libosfp_result_t));
-    ret = libosfp_score_db_score(libosfp_context->score_db, 0, &fp, &result.score);
-    if (ret != 0) {
-        printf("libosfp fingerprint score failed, error: %d\n", ret);
+    result = osfp_ipv4_identify(osfp_db, p->iph, tcph, tcph_len);
+    if (result == NULL) {
+        printf("osfp header match failed, erro: %s\n", "?");
         goto exit;
     }
 
     printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
-    printf("Most likely os class: %s\n", libosfp_result_likely_os_class_name_get(&result));
-    printf("Likely score: %u/100\n", result.score.likely_score);
+    printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
 
     printf("Details:\n");
-    if (libosfp_result_to_buf(&result, str_buf, sizeof(str_buf))) {
-        printf("%s", str_buf);
-    }
+    printf("%s\n", osfp_result_score_detail_export(result));
 
 exit:
     return;
@@ -518,7 +473,7 @@ exit:
 void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
 {
     int ret;
-    libosfp_context_t *libosfp_context = (libosfp_context_t *)user;
+    struct osfp_db *osfp_db = (struct osfp_db *)user;
     Packet  packet = {0}, *p = &packet;
 
     // decode packet
@@ -540,11 +495,8 @@ void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
         PrintInet(AF_INET6, (const void *)&(p->dst.address), p->dstip, sizeof(p->dstip));
     }
 
-    // fingerprint detect example for libosfp developer
-    example_detect_fingerprint(libosfp_context, p);
-
     // tcp/ip header detect example for user
-    example_detect(libosfp_context, p);
+    example_detect(osfp_db, p);
 
     printf("---------------------------    processed packet count %d\n", ++processed_packet);
 
@@ -654,39 +606,31 @@ int main(int argc, char *argv[])
     // get link type
     link_type = pcap_datalink(pcap_handle);
 
-    // create libosfp context
+    // create osfp db
     if (fp_file_path == NULL) {
         fp_file_path = DEFAULT_FP_FILE_PATH;
     }
 
-    //libosfp_context_t *libosfp_context = libosfp_context_create(fp_file_path);
-    libosfp_context_t *libosfp_context = libosfp_context_create(NULL);
-    if (libosfp_context == NULL) {
-        printf("could not create libosfp context. fingerprints file: %s\n", fp_file_path);
+    struct osfp_db *osfp_db = osfp_db_new(fp_file_path);
+    if (osfp_db == NULL) {
+        printf("could not create osfp context. fingerprints file: %s\n", fp_file_path);
         exit(1);
     }
 
-    // setup libosfp context
-    r = libosfp_context_setup(libosfp_context);
-    if (r != LIBOSFP_NOERR) {
-        printf("could not setup libosfp context. error: %d\n", LIBOSFP_NOERR);
-        libosfp_context_destroy(libosfp_context);
-        exit(1);
-    }
 
-    libosfp_score_db_debug_print(libosfp_context->score_db);
+    osfp_score_db_debug_print(osfp_db->score_db);
 
     // loop
     while (1) {
-        int r = pcap_dispatch(pcap_handle, 0, (pcap_handler)process_packet, (void*)libosfp_context);    
+        int r = pcap_dispatch(pcap_handle, 0, (pcap_handler)process_packet, (void*)osfp_db);    
         if (r < 0) {
             printf("error code: %d, error: %s\n", r, pcap_geterr(pcap_handle));
             break;
         }
     }
 
-    // destroy libosfp context
-    libosfp_context_destroy(libosfp_context);
+    // destroy osfp db
+    osfp_db_free(osfp_db);
 
     return 0;
 }
author	zhuzhenjun <[email protected]>	2023-09-27 11:45:26 +0800
committer	zhuzhenjun <[email protected]>	2023-09-27 11:45:58 +0800
commit	15d4a2d27198005b557b62dbfbb03c49d5b5220c (patch)
tree	fd93a8811d3f1453266c9568ae38c710e54d4cd0 /example/osfp_example.c
parent	eeb4cc0b6bf9074765b5d3234238749aa63346f7 (diff)