Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wireshark: extcap: allow configuration of OpenVPN/TLS heuristics via GUI #2576

Merged
merged 1 commit into from
Sep 30, 2024
Merged

wireshark: extcap: allow configuration of OpenVPN/TLS heuristics via GUI #2576

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion example/ndpiReader.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -692,6 +692,10 @@ static void help(u_int long_help) {
" -A | Dump internal statistics (LRU caches / Patricia trees / Ahocarasick automas / ...\n"
" -M | Memory allocation stats on data-path (only by the library).\n"
" | It works only on single-thread configuration\n"
" --openvp_heuristics | Enable OpenVPN heuristics.\n"
" | It is a shortcut to --cfg=openvpn.heuristics,0x01\n"
" --tls_heuristics | Enable TLS heuristics.\n"
" | It is a shortcut to --cfg=tls.heuristics,0x07\n"
" --cfg=proto,param,value | Configure the specific attribute of this protocol\n"
,
human_readeable_string_len,
Expand Down Expand Up @@ -751,6 +755,8 @@ static void help(u_int long_help) {


#define OPTLONG_VALUE_CFG 3000
#define OPTLONG_VALUE_OPENVPN_HEURISTICS 3001
#define OPTLONG_VALUE_TLS_HEURISTICS 3002

static struct option longopts[] = {
/* mandatory extcap options */
Expand Down Expand Up @@ -794,6 +800,8 @@ static struct option longopts[] = {
{ "quiet", no_argument, NULL, 'q'},

{ "cfg", required_argument, NULL, OPTLONG_VALUE_CFG},
{ "openvpn_heuristics", no_argument, NULL, OPTLONG_VALUE_OPENVPN_HEURISTICS},
{ "tls_heuristics", no_argument, NULL, OPTLONG_VALUE_TLS_HEURISTICS},

{0, 0, 0, 0}
};
Expand Down Expand Up @@ -887,7 +895,7 @@ void extcap_config() {
protos = (struct ndpi_proto_sorter*)ndpi_malloc(sizeof(struct ndpi_proto_sorter) * ndpi_num_supported_protocols);
if(!protos) exit(0);

printf("arg {number=%d}{call=--ndpi-proto-filter}{display=nDPI Protocol Filter}{type=selector}{group=Filter}"
printf("arg {number=%d}{call=--ndpi-proto-filter}{display=nDPI Protocol Filter}{type=selector}{group=Options}"
"{tooltip=nDPI Protocol to be filtered}\n", argidx);

printf("value {arg=%d}{value=%d}{display=%s}{default=true}\n", argidx, (u_int32_t)-1, "No nDPI filtering");
Expand All @@ -904,6 +912,12 @@ void extcap_config() {
protos[i].name, protos[i].id);

ndpi_free(protos);
argidx++;

printf("arg {number=%d}{call=--openvp_heuristics}{display=Enable Obfuscated OpenVPN heuristics}"
"{tooltip=Enable Obfuscated OpenVPN heuristics}{type=boolflag}{group=Options}\n", argidx++);
printf("arg {number=%d}{call=--tls_heuristics}{display=Enable Obfuscated TLS heuristics}"
"{tooltip=Enable Obfuscated TLS heuristics}{type=boolflag}{group=Options}\n", argidx++);

ndpi_exit_detection_module(ndpi_str);

Expand Down Expand Up @@ -1362,6 +1376,20 @@ static void parseOptions(int argc, char **argv) {
reader_log_level = 0;
break;

case OPTLONG_VALUE_OPENVPN_HEURISTICS:
if(reader_add_cfg("openvpn", "dpi.heuristics", "0x01", 1) == 1) {
printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS);
exit(1);
}
break;

case OPTLONG_VALUE_TLS_HEURISTICS:
if(reader_add_cfg("tls", "dpi.heuristics", "0x07", 1) == 1) {
printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS);
exit(1);
}
break;

/* Extcap */
case '0':
extcap_interfaces();
Expand Down
Loading