/usr/include/libndpi-1.5.0/libndpi/ndpi_api.h is in libndpi-dev 1.5.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 | /*
* ndpi_api.h
*
* Copyright (C) 2011-14 - ntop.org
* Copyright (C) 2009-2011 by ipoque GmbH
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
*
* nDPI is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* nDPI is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
*
*/
#ifndef __NDPI_PUBLIC_FUNCTIONS_H__
#define __NDPI_PUBLIC_FUNCTIONS_H__
#include "ndpi_main.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol,
void *module_struct, ndpi_log_level_t log_level, const char *format, ...);
/**
* This function returns the size of the flow struct
* @return the size of the flow struct
*/
u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void);
/**
* This function returns the size of the id struct
* @return the size of the id struct
*/
u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void);
/* Public malloc/free */
void* ndpi_malloc(unsigned long size);
void* ndpi_calloc(unsigned long count, unsigned long size);
void ndpi_free(void *ptr);
void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size);
char *ndpi_strdup(const char *s);
/*
* Find the first occurrence of find in s, where the search is limited to the
* first slen characters of s.
*/
char* ndpi_strnstr(const char *s, const char *find, size_t slen);
/**
* This function returns a new initialized detection module.
* @param ticks_per_second the timestamp resolution per second (like 1000 for millisecond resolution)
* @param ndpi_malloc function pointer to a memory allocator
* @param ndpi_debug_printf a function pointer to a debug output function, use NULL in productive envionments
* @return the initialized detection module
*/
struct ndpi_detection_module_struct *ndpi_init_detection_module(u_int32_t ticks_per_second,
void* (*__ndpi_malloc)(unsigned long size),
void (*__ndpi_free)(void *ptr),
ndpi_debug_function_ptr ndpi_debug_printf);
/**
* This function enables cache support in nDPI used for some protocol such as Skype
* @param cache host name
* @param cache port
*/
void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, char* host, u_int port);
/**
* This function destroys the detection module
* @param ndpi_struct the to clearing detection module
* @param ndpi_free function pointer to a memory free function
*/
void
ndpi_exit_detection_module(struct ndpi_detection_module_struct
*ndpi_struct, void (*ndpi_free) (void *ptr));
/**
* This function sets the protocol bitmask2
* @param ndpi_struct the detection module
* @param detection_bitmask the protocol bitmask
*/
void
ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct,
const NDPI_PROTOCOL_BITMASK * detection_bitmask);
/**
* This function will processes one packet and returns the ID of the detected protocol.
* This is the main packet processing function.
*
* @param ndpi_struct the detection module
* @param flow void pointer to the connection state machine
* @param packet the packet as unsigned char pointer with the length of packetlen. the pointer must point to the Layer 3 (IP header)
* @param packetlen the length of the packet
* @param current_tick the current timestamp for the packet
* @param src void pointer to the source subscriber state machine
* @param dst void pointer to the destination subscriber state machine
* @return returns the detected ID of the protocol
*/
unsigned int
ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const unsigned char *packet,
const unsigned short packetlen,
const u_int32_t current_tick,
struct ndpi_id_struct *src,
struct ndpi_id_struct *dst);
#define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 )
#define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 )
/**
* query the pointer to the layer 4 packet
*
* @param l3 pointer to the layer 3 data
* @param l3_len length of the layer 3 data
* @param l4_return filled with the pointer the layer 4 data if return value == 0, undefined otherwise
* @param l4_len_return filled with the length of the layer 4 data if return value == 0, undefined otherwise
* @param l4_protocol_return filled with the protocol of the layer 4 data if return value == 0, undefined otherwise
* @param flags limit operation on ipv4 or ipv6 packets, possible values are NDPI_DETECTION_ONLY_IPV4 or NDPI_DETECTION_ONLY_IPV6; 0 means any
* @return 0 if correct layer 4 data could be found, != 0 otherwise
*/
u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return,
u_int8_t * l4_protocol_return, u_int32_t flags);
/**
* returns the real protocol for the flow of the last packet given to the detection.
* if no real protocol could be found, the unknown protocol will be returned.
*
* @param ndpi_struct the detection module
* @return the protocol id of the last real protocol found in the protocol history of the flow
*/
u_int16_t ndpi_detection_get_real_protocol_of_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
/**
* returns true if the protocol history of the flow of the last packet given to the detection
* contains the given protocol.
*
* @param ndpi_struct the detection module
* @return 1 if protocol has been found, 0 otherwise
*/
u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int16_t protocol_id);
unsigned int ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct,
u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
unsigned int ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len);
int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
char *string_to_match, u_int string_to_match_len);
char* ndpi_get_proto_name(struct ndpi_detection_module_struct *mod, u_int16_t proto_id);
int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto);
void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod);
int matchStringProtocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
char *string_to_match, u_int string_to_match_len);
int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path);
u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod);
char* ndpi_revision(void);
void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa);
#define ADD_TO_DETECTION_BITMASK 1
#define NO_ADD_TO_DETECTION_BITMASK 0
#define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1
#define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0
/**
* This function sets a single protocol bitmask
* @param label Protocol name
* @param ndpi_struct the detection module
* @param detection_bitmask the protocol bitmask
* @param idx the index of the callback_buffer
* @param func void function point of the protocol search
* @param ndpi_selection_bitmask the protocol selected bitmask
* @param b_save_bitmask_unknow set true if you want save the detection bitmask as unknow
* @param b_add_detection_bitmask set true if you want add the protocol bitmask to the detection bitmask
* NB: this function does not increment the index of the callback_buffer
*/
void ndpi_set_bitmask_protocol_detection(char * label, struct ndpi_detection_module_struct *ndpi_struct,
const NDPI_PROTOCOL_BITMASK * detection_bitmask,
const u_int32_t idx,
u_int16_t ndpi_protocol_id,
void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow),
const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask,
u_int8_t b_save_bitmask_unknow,
u_int8_t b_add_detection_bitmask);
#ifdef __cplusplus
}
#endif
#endif
|