scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-29 17:32:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switched OpenWrt GitHub Actions SDK to main branch

Browse Source 
* fixed some SonarCloud complaints
 * added more systemd CI tests
 * fixed debian package scripts to obey remove/purge
 * changed `chmod_chown()` error handling

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2024-10-31 18:12:03 +01:00
parent 2b48eb0514
commit ce5f448d3b
11 changed files with 107 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build-openwrt.yml vendored
View File

@@ -42,7 +42,7 @@ jobs:
fetch-depth: 1
- name: Build
uses: openwrt/gh-action-sdk@v7
uses: openwrt/gh-action-sdk@main
env:
ARCH: ${{ matrix.arch }}-snapshot
FEED_DIR: ${{ github.workspace }}/packages/openwrt

8
.github/workflows/build.yml vendored
View File

@@ -285,8 +285,12 @@ jobs:
sudo systemctl enable ndpid@lo
sudo systemctl start ndpid@lo
SYSTEMCTL_RET=3; while (( $SYSTEMCTL_RET == 3 )); do systemctl is-active ndpid@lo.service; SYSTEMCTL_RET=$?; sleep 1; done
sudo systemctl status ndpisrvd.service ndpid@lo.service || true
sudo systemctl show ndpisrvd.service ndpid@lo.service -p SubState,ActiveState || true
sudo systemctl status ndpisrvd.service ndpid@lo.service
sudo systemctl show ndpisrvd.service ndpid@lo.service -p SubState,ActiveState
sudo dpkg -i ./build/nDPId-*.deb
sudo systemctl status ndpisrvd.service ndpid@lo.service
sudo systemctl show ndpisrvd.service ndpid@lo.service -p SubState,ActiveState
sudo systemctl stop ndpisrvd.service
journalctl --no-tail --no-pager -u ndpisrvd.service -u ndpid@lo.service
- name: Build PF_RING and nDPId (invoke CC directly - dynamic nDPI lib)
if: endsWith(matrix.compiler, 'gcc-7') == false && startsWith(matrix.ndpi_build, '-DBUILD_NDPI=ON') && startsWith(matrix.coverage, '-DENABLE_COVERAGE=OFF') && startsWith(matrix.sanitizer, '-DENABLE_SANITIZER=ON') && startsWith(matrix.ndpid_gcrypt, '-DNDPI_WITH_GCRYPT=OFF') && startsWith(matrix.ndpid_zlib, '-DENABLE_ZLIB=ON')

40
CMakeLists.txt
View File

@@ -267,25 +267,27 @@ if(BUILD_EXAMPLES)
pkg_check_modules(CURL REQUIRED libcurl)
endif()
endif()
if(NDPI_WITH_GCRYPT)
message(STATUS "nDPI: Enable GCRYPT")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-local-libgcrypt")
endif()
if(NDPI_WITH_PCRE)
message(STATUS "nDPI: Enable PCRE")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-pcre2")
endif()
if(NDPI_WITH_MAXMINDDB)
message(STATUS "nDPI: Enable MAXMINDDB")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-maxminddb")
endif()
if(ENABLE_COVERAGE)
message(STATUS "nDPI: Enable Coverage")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-code-coverage")
endif()
if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "")
message(STATUS "nDPI: Enable Debug Build")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-debug-build --enable-debug-messages")
if(BUILD_NDPI)
if(NDPI_WITH_GCRYPT)
message(STATUS "nDPI: Enable GCRYPT")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-local-libgcrypt")
endif()
if(NDPI_WITH_PCRE)
message(STATUS "nDPI: Enable PCRE")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-pcre2")
endif()
if(NDPI_WITH_MAXMINDDB)
message(STATUS "nDPI: Enable MAXMINDDB")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-maxminddb")
endif()
if(ENABLE_COVERAGE)
message(STATUS "nDPI: Enable Coverage")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-code-coverage")
endif()
if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "")
message(STATUS "nDPI: Enable Debug Build")
set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-debug-build --enable-debug-messages")
endif()
endif()
execute_process(

10
examples/c-captured/c-captured.c
View File

@@ -1355,10 +1355,14 @@ int main(int argc, char ** argv)
return 1;
}
if (capture_mode != 0 && chmod_chown(datadir, S_IRWXU | S_IRGRP | S_IXGRP, user, group) != 0)
if (capture_mode != 0)
{
logger(1, "Could not chmod/chown `%s': %s", datadir, strerror(errno));
return 1;
int ret = chmod_chown(datadir, S_IRWXU | S_IRGRP | S_IXGRP, user, group);
if (ret != 0)
{
logger(1, "Could not chmod/chown `%s': %s", datadir, strerror(ret));
return 1;
}
}
errno = 0;

4
examples/py-semantic-validation/py-semantic-validation.py
View File

@@ -86,8 +86,8 @@ def verifyFlows(nsock, instance):
l4_proto = 'n/a'
invalid_flows_str += '{} proto[{},{}] ts[{} + {} < {}] diff[{}], '.format(flow_id, l4_proto, flow.flow_idle_time,
flow.flow_last_seen, flow.flow_idle_time,
instance.most_recent_flow_time,
instance.most_recent_flow_time -
instance.getMostRecentFlowTime(flow.thread_id),
instance.getMostRecentFlowTime(flow.thread_id) -
(flow.flow_last_seen + flow.flow_idle_time))
raise SemanticValidationException(None, 'Flow Manager verification failed for: {}'.format(invalid_flows_str[:-2]))

80
nDPId.c
View File

@@ -717,7 +717,10 @@ static uint64_t timer_sub(uint64_t a, uint64_t b)
}
#ifdef ENABLE_ZLIB
static int zlib_deflate(const void * const src, int srcLen, void * dst, int dstLen)
#define ZLIB_ERROR_COMPRESSED_SIZE (-7)
#define ZLIB_ERROR_SIZE (-8)
#define ZLIB_ERROR_ALLOCATION (-9)
static uLong zlib_deflate(void * const src, int srcLen, void * const dst, int dstLen)
{
z_stream strm = {0};
strm.total_in = strm.avail_in = srcLen;
@@ -730,7 +733,7 @@ static int zlib_deflate(const void * const src, int srcLen, void * dst, int dstL
strm.opaque = Z_NULL;
int err = -1;
int ret = -1;
uLong ret = 0;
err = deflateInit2(&strm, Z_BEST_COMPRESSION, Z_BINARY, 15, 9, Z_HUFFMAN_ONLY);
if (err != Z_OK)
@@ -763,7 +766,7 @@ static int zlib_deflate(const void * const src, int srcLen, void * dst, int dstL
return ret;
}
static int zlib_inflate(const void * src, int srcLen, void * dst, int dstLen)
static uLong zlib_inflate(void * const src, int srcLen, void * const dst, int dstLen)
{
z_stream strm = {0};
strm.total_in = strm.avail_in = srcLen;
@@ -776,7 +779,7 @@ static int zlib_inflate(const void * src, int srcLen, void * dst, int dstLen)
strm.opaque = Z_NULL;
int err = -1;
int ret = -1;
uLong ret = 0;
err = inflateInit2(&strm, (15 + 32)); // 15 window bits, and the +32 tells zlib to to detect if using gzip or zlib
if (err == Z_OK)
@@ -807,61 +810,61 @@ static int zlib_inflate(const void * src, int srcLen, void * dst, int dstLen)
static int detection_data_deflate(struct nDPId_flow * const flow)
{
uint8_t tmpOut[sizeof(*flow->info.detection_data)];
int ret;
uLong size;
if (flow->info.detection_data_compressed_size > 0)
{
return -7;
return ZLIB_ERROR_COMPRESSED_SIZE;
}
ret = zlib_deflate(flow->info.detection_data, sizeof(*flow->info.detection_data), tmpOut, sizeof(tmpOut));
if (ret <= 0)
size = zlib_deflate(flow->info.detection_data, sizeof(*flow->info.detection_data), tmpOut, sizeof(tmpOut));
if (size == 0 || size > sizeof(*flow->info.detection_data))
{
return ret;
return ZLIB_ERROR_SIZE;
}
struct nDPId_detection_data * const new_det_data = ndpi_malloc(ret);
struct nDPId_detection_data * const new_det_data = ndpi_malloc(size);
if (new_det_data == NULL)
{
return -8;
return ZLIB_ERROR_ALLOCATION;
}
ndpi_free(flow->info.detection_data);
flow->info.detection_data = new_det_data;
memcpy(flow->info.detection_data, tmpOut, ret);
flow->info.detection_data_compressed_size = ret;
memcpy(flow->info.detection_data, tmpOut, size);
flow->info.detection_data_compressed_size = (uint16_t)size;
return ret;
return (int)size;
}
static int detection_data_inflate(struct nDPId_flow * const flow)
{
uint8_t tmpOut[sizeof(*flow->info.detection_data)];
int ret;
uLong size;
if (flow->info.detection_data_compressed_size == 0)
{
return -7;
return ZLIB_ERROR_COMPRESSED_SIZE;
}
ret = zlib_inflate(flow->info.detection_data, flow->info.detection_data_compressed_size, tmpOut, sizeof(tmpOut));
if (ret <= 0)
size = zlib_inflate(flow->info.detection_data, flow->info.detection_data_compressed_size, tmpOut, sizeof(tmpOut));
if (size == 0 || size > sizeof(*flow->info.detection_data))
{
return ret;
return ZLIB_ERROR_SIZE;
}
struct nDPId_detection_data * const new_det_data = ndpi_malloc(ret);
struct nDPId_detection_data * const new_det_data = ndpi_malloc(size);
if (new_det_data == NULL)
{
return -8;
return ZLIB_ERROR_ALLOCATION;
}
ndpi_free(flow->info.detection_data);
flow->info.detection_data = new_det_data;
memcpy(flow->info.detection_data, tmpOut, ret);
memcpy(flow->info.detection_data, tmpOut, size);
flow->info.detection_data_compressed_size = 0;
return ret;
return (int)size;
}
static void ndpi_comp_scan_walker(void const * const A, ndpi_VISIT which, int depth, void * const user_data)
@@ -900,8 +903,7 @@ static void ndpi_comp_scan_walker(void const * const A, ndpi_VISIT which, int de
}
int ret = detection_data_deflate(flow);
if (ret <= 0)
if (ret < 0)
{
logger(1,
"zLib compression failed for flow %llu with error code: %d",
@@ -2058,7 +2060,7 @@ static void process_idle_flow(struct nDPId_reader_thread * const reader_thread,
{
workflow->current_compression_diff -= flow->info.detection_data_compressed_size;
int ret = detection_data_inflate(flow);
if (ret <= 0)
if (ret < 0)
{
workflow->current_compression_diff += flow->info.detection_data_compressed_size;
logger(1, "zLib decompression failed with error code: %d", ret);
@@ -3053,7 +3055,7 @@ static void jsonize_flow_event(struct nDPId_reader_thread * const reader_thread,
{
workflow->current_compression_diff -= flow->info.detection_data_compressed_size;
int ret = detection_data_inflate(flow);
if (ret <= 0)
if (ret < 0)
{
workflow->current_compression_diff += flow->info.detection_data_compressed_size;
logger(1, "zLib decompression failed with error code: %d", ret);
@@ -3489,7 +3491,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
{
/* DLT header values can be stored as big or little endian. */
uint32_t dlt_hdr = *((uint32_t *)&packet[eth_offset]);
uint32_t dlt_hdr = *((uint32_t const *)&packet[eth_offset]);
if (dlt_hdr == 0x02000000 || dlt_hdr == 0x02)
{
@@ -3508,7 +3510,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
UNKNOWN_DATALINK_LAYER,
"%s%u",
"layer_type",
ntohl(*((uint32_t *)&packet[eth_offset])));
ntohl(*((uint32_t const *)&packet[eth_offset])));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
@@ -3534,7 +3536,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
return 1;
}
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const)&packet[eth_offset];
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const *)&packet[eth_offset];
*ip_offset = sizeof(struct ndpi_chdlc);
*layer3_type = ntohs(chdlc->proto_code);
break;
@@ -3559,14 +3561,14 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
if (packet[0] == 0x0f || packet[0] == 0x8f)
{
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const)&packet[eth_offset];
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const *)&packet[eth_offset];
*ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */
*layer3_type = ntohs(chdlc->proto_code);
}
else
{
*ip_offset = 2;
*layer3_type = ntohs(*((u_int16_t *)&packet[eth_offset]));
*layer3_type = ntohs(*(u_int16_t const *)&packet[eth_offset]);
}
break;
case DLT_LINUX_SLL:
@@ -3603,7 +3605,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
}
struct ndpi_radiotap_header const * const radiotap =
(struct ndpi_radiotap_header const * const)&packet[eth_offset];
(struct ndpi_radiotap_header const *)&packet[eth_offset];
uint16_t radio_len = radiotap->len;
/* Check Bad FCS presence */
@@ -3635,7 +3637,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
/* Calculate 802.11 header length (variable) */
struct ndpi_wifi_header const * const wifi =
(struct ndpi_wifi_header const * const)(packet + eth_offset + radio_len);
(struct ndpi_wifi_header const *)(packet + eth_offset + radio_len);
uint16_t fc = wifi->fc;
int wifi_len = 0;
@@ -3660,7 +3662,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
}
struct ndpi_llc_header_snap const * const llc =
(struct ndpi_llc_header_snap const * const)(packet + eth_offset + wifi_len + radio_len);
(struct ndpi_llc_header_snap const *)(packet + eth_offset + wifi_len + radio_len);
if (llc->dsap == SNAP)
{
*layer3_type = ntohs(llc->snap.proto_ID);
@@ -3728,7 +3730,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
}
return 1;
}
ethernet = (struct ndpi_ethhdr *)&packet[eth_offset + 20];
ethernet = (struct ndpi_ethhdr const *)&packet[eth_offset + 20];
*ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset;
*layer3_type = ntohs(ethernet->h_proto);
}
@@ -3752,8 +3754,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
}
return 1;
}
*vlan_id = ntohs(*(uint16_t *)&packet[*ip_offset]) & 0xFFF;
*layer3_type = ntohs(*(uint16_t *)&packet[*ip_offset + 2]);
*vlan_id = ntohs(*(uint16_t const *)&packet[*ip_offset]) & 0xFFF;
*layer3_type = ntohs(*(uint16_t const *)&packet[*ip_offset + 2]);
*ip_offset += 4;
}
@@ -4456,7 +4458,7 @@ static void ndpi_process_packet(uint8_t * const args,
{
workflow->current_compression_diff -= flow_to_process->info.detection_data_compressed_size;
int ret = detection_data_inflate(flow_to_process);
if (ret <= 0)
if (ret < 0)
{
workflow->current_compression_diff += flow_to_process->info.detection_data_compressed_size;
logger(1,

8
nDPIsrvd.c
View File

@@ -1824,7 +1824,7 @@ int main(int argc, char ** argv)
IS_CMDARG_SET(nDPIsrvd_options.collector_group) != 0
? GET_CMDARG_STR(nDPIsrvd_options.collector_group)
: GET_CMDARG_STR(nDPIsrvd_options.group),
strerror(errno));
strerror(ret));
}
else
{
@@ -1832,7 +1832,7 @@ int main(int argc, char ** argv)
"Could not chmod/chown `%s' to user `%s': %s",
GET_CMDARG_STR(nDPIsrvd_options.collector_un_sockpath),
GET_CMDARG_STR(nDPIsrvd_options.user),
strerror(errno));
strerror(ret));
}
if (ret != -EPERM)
{
@@ -1857,7 +1857,7 @@ int main(int argc, char ** argv)
IS_CMDARG_SET(nDPIsrvd_options.distributor_group) != 0
? GET_CMDARG_STR(nDPIsrvd_options.distributor_group)
: GET_CMDARG_STR(nDPIsrvd_options.group),
strerror(errno));
strerror(ret));
}
else
{
@@ -1865,7 +1865,7 @@ int main(int argc, char ** argv)
"Could not chmod/chown `%s' to user `%s': %s",
GET_CMDARG_STR(nDPIsrvd_options.distributor_un_sockpath),
GET_CMDARG_STR(nDPIsrvd_options.user),
strerror(errno));
strerror(ret));
}
if (ret != -EPERM)
{

13
packages/debian/postrm
View File

@@ -1,6 +1,11 @@
#!/bin/sh
rm -rf /run/nDPId /run/nDPIsrvd
deluser ndpid || true
deluser ndpisrvd || true
delgroup ndpisrvd-distributor || true
if [ "$1" = "remove" -o "$1" = "purge" ]; then
rm -rf /run/nDPId /run/nDPIsrvd
if [ "$1" = "purge" ]; then
deluser ndpid || true
deluser ndpisrvd || true
delgroup ndpisrvd-distributor || true
fi
fi

17
packages/debian/preinst
View File

@@ -5,12 +5,13 @@ adduser --system --no-create-home --shell=/bin/false --group ndpisrvd
adduser --system --no-create-home --shell=/bin/false --group ndpid
cat <<EOF
**********************************************************************************
* The that may want to access DPI data needs access to /run/nDPIsrvd/distributor *
* *
* To make it accessible to a user, type: *
* sudo usermod --append --groups ndpisrvd-distributor [USER] *
* *
* Please not that you might need to re-login to make changes take effect. *
**********************************************************************************
****************************************************************************
* The user whom may want to access DPI data needs access to: *
* /run/nDPIsrvd/distributor *
* *
* To make it accessible to [USER], type: *
* sudo usermod --append --groups ndpisrvd-distributor [USER] *
* *
* Please note that you might need to re-login to make changes take effect. *
****************************************************************************
EOF

4
packages/debian/prerm
View File

@@ -1,3 +1,5 @@
#!/bin/sh
systemctl stop ndpisrvd.service
if [ "$1" = "remove" -o "$1" = "purge" ]; then
systemctl stop ndpisrvd.service
fi

8
utils.c
View File

@@ -400,7 +400,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c
{
if (chmod(path, mode) != 0)
{
return -errno;
return errno;
}
}
@@ -415,7 +415,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c
retval = getpwnam_r(user, &pwd, buf, sizeof(buf), &result);
if (result == NULL)
{
return (retval != 0 ? -retval : -ENOENT);
return (retval != 0 ? retval : ENOENT);
}
path_uid = pwd.pw_uid;
path_gid = pwd.pw_gid;
@@ -432,7 +432,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c
retval = getgrnam_r(group, &grp, buf, sizeof(buf), &result);
if (result == NULL)
{
return (retval != 0 ? -retval : -ENOENT);
return (retval != 0 ? retval : ENOENT);
}
path_gid = grp.gr_gid;
}
@@ -441,7 +441,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c
{
if (chown(path, path_uid, path_gid) != 0)
{
return -errno;
return errno;
}
}