fingerprint/score: bring back tcp_options_ordered

author: zhuzhenjun <[email protected]> 2023-10-17 23:36:10 +0800
committer: zhuzhenjun <[email protected]> 2023-10-17 23:36:10 +0800
commit: 168f931da6704d5918f6f00fd2551eff0bf07b8e (patch)
tree: 0bd8a8f14ae71c7015521a323fb159216f3dcc7d /src
parent: e62ff39d812c972f2631c36124c81647da5511a0 (diff)
2 files changed, 61 insertions, 3 deletions
diff --git a/src/osfp_fingerprint.c b/src/osfp_fingerprint.c
index cc8a64b..05dc52e 100644
--- a/src/osfp_fingerprint.c
+++ b/src/osfp_fingerprint.c
@@ -40,10 +40,44 @@ struct osfp_fingerprint_field fp_fields[OSFP_FIELD_MAX] = {
     {OSFP_FINGERPRINT_FIELD_NAME_TCP_FLAGS,               1, OSFP_FIELD_TYPE_UINT,    25,     NULL,    0},
     {OSFP_FINGERPRINT_FIELD_NAME_TCP_MSS,                 1, OSFP_FIELD_TYPE_UINT,    150,    NULL,    0},
     {OSFP_FINGERPRINT_FIELD_NAME_TCP_OPTIONS,             1, OSFP_FIELD_TYPE_STRING,  400,    NULL,    0},
-    {OSFP_FINGERPRINT_FIELD_NAME_TCP_OPTIONS_ORDERED,     0, OSFP_FIELD_TYPE_STRING,  250,    NULL,    0},
+    {OSFP_FINGERPRINT_FIELD_NAME_TCP_OPTIONS_ORDERED,     1, OSFP_FIELD_TYPE_STRING,  250,    NULL,    0},
     {OSFP_FINGERPRINT_FIELD_NAME_OS,                      0, OSFP_FIELD_TYPE_STRING,  0,      NULL,    0},
 };
 
+
+static char *osfp_fingerprint_tcp_options_to_ordered(char *tcp_options, unsigned int len)
+{
+    int i;
+    char *tcp_options_ordered;
+    unsigned tcp_options_ordered_offset;
+    unsigned tcp_options_offset;
+
+    if (tcp_options == NULL && len == 0) {
+        goto exit;
+    }
+
+    tcp_options_ordered = malloc(len + 1);
+    if (tcp_options_ordered == NULL) {
+        goto exit;
+    }
+
+    tcp_options_offset = 0;
+    tcp_options_ordered_offset = 0;
+    while(tcp_options_offset < len) {
+        if (isalpha(tcp_options[tcp_options_offset])) {
+            tcp_options_ordered[tcp_options_ordered_offset] = tcp_options[tcp_options_offset];
+            tcp_options_ordered_offset++;
+        }
+        tcp_options_offset++;
+    }
+
+    tcp_options_ordered[tcp_options_ordered_offset] = 0;
+
+    return tcp_options_ordered;
+exit:
+    return NULL;
+}
+
 static char option_to_ascii(unsigned char type)
 {
     switch (type) {
@@ -392,6 +426,19 @@ int osfp_fingerprint_from_json(struct osfp_fingerprint *fp, char *json_str)
         goto exit;
     }
 
+    field = cJSON_GetObjectItem(root, osfp_fingerprint_get_field_name(OSFP_FIELD_TCP_OPTIONS_ORDERED));
+    if (field == NULL) {
+        field = cJSON_GetObjectItem(root, osfp_fingerprint_get_field_name(OSFP_FIELD_TCP_OPTIONS));
+        if (field) {
+            char *tcp_options_ordered_str = osfp_fingerprint_tcp_options_to_ordered(field->valuestring, strlen(field->valuestring));
+            if (tcp_options_ordered_str) {
+                cJSON_AddItemToObject(root, osfp_fingerprint_get_field_name(OSFP_FIELD_TCP_OPTIONS_ORDERED),
+                        cJSON_CreateString(tcp_options_ordered_str));
+                free(tcp_options_ordered_str);
+            }
+        }
+    }
+
     for (i = 0; i < OSFP_FIELD_OS; i++) {
         if (!fp_fields[i].enabled) {
             continue;
@@ -421,8 +468,11 @@ int osfp_fingerprint_from_json(struct osfp_fingerprint *fp, char *json_str)
         }
     }
 
-    return 0;
+    ret = 0;
 exit:
+    if (root) {
+        cJSON_Delete(root);
+    }
     return ret;
 }
 
@@ -494,6 +544,7 @@ int test_osfp_fingerprinting_ipv4(void)
         goto exit;
     }
 
+    ret = -1;
     if (0 != memcmp(str_buf, target, strlen(target))) {
         goto exit;
     }
@@ -533,6 +584,7 @@ int test_osfp_fingerprinting_ipv6(void)
         goto exit;
     }
 
+    ret = -1;
     if (0 != memcmp(str_buf, target, strlen(target))) {
         goto exit;
     }
@@ -561,6 +613,7 @@ int test_osfp_fingerprinting_tcp_option(void)
         goto exit;
     }
 
+    ret = -1;
     if (fp.fields[OSFP_FIELD_TCP_OPTIONS].value_len != strlen(target_options) + 1)
     {
         goto exit;
diff --git a/src/osfp_score_db.c b/src/osfp_score_db.c
index 5e88e21..5598537 100644
--- a/src/osfp_score_db.c
+++ b/src/osfp_score_db.c
@@ -373,7 +373,7 @@ int osfp_score_db_load(struct osfp_score_db *score_db, char *fp_file)
 
     for (i = 0; i < OSFP_FIELD_MAX; i++) {
         field_score_db = &score_db->field_score_dbs[i];
-        if (field_score_db->enabled && i != OSFP_FIELD_TCP_OPTIONS) {
+        if (field_score_db->enabled && i != OSFP_FIELD_TCP_OPTIONS_ORDERED) {
             score_db->perfect_score += osfp_fingerprint_get_field_importance(i);
         }
     }
@@ -447,6 +447,11 @@ int osfp_score_db_score(struct osfp_score_db *score_db, unsigned int flags, stru
                 result_score->scores[j] += ((OSFP_PERCENTILE * importance / perfect_score) * tmp_score) / entry_count;
             }
         }
+
+        if (i == OSFP_FIELD_TCP_OPTIONS) {
+            // if OSFP_FIELD_TCP_OPTIONS matched OSFP_FIELD_TCP_OPTIONS_ORDERED is not needed
+            i++;
+        }
     }
 
     return OSFP_NOERR;
author	zhuzhenjun <[email protected]>	2023-10-17 23:36:10 +0800
committer	zhuzhenjun <[email protected]>	2023-10-17 23:36:10 +0800
commit	168f931da6704d5918f6f00fd2551eff0bf07b8e (patch)
tree	0bd8a8f14ae71c7015521a323fb159216f3dcc7d /src
parent	e62ff39d812c972f2631c36124c81647da5511a0 (diff)