ntop · IvanNardi · Jul 31, 2023 · Oct 7, 2023 · Oct 7, 2023 · Oct 8, 2023
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
@@ -96,6 +96,16 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0, num_bin_cluster
 u_int8_t verbose = 0, enable_flow_stats = 0;
 int stun_monitoring_pkts_to_process = -1; /* Default */
 int stun_monitoring_flags = -1; /* Default */
+
+struct cfg {
+  char *proto;
+  char *param;
+  char *value;
+};
+#define MAX_NUM_CFGS 16
+static struct cfg cfgs[MAX_NUM_CFGS];
+static int num_cfgs = 0;
+
 int nDPI_LogLevel = 0;
 char *_debug_protocols = NULL;
 char *_disabled_protocols = NULL;
@@ -594,6 +604,7 @@ static void help(u_int long_help) {
          "  --lru-cache-ttl=NAME:size        | Specify the TTL [in seconds] for this LRU cache (0 to disable it). This flag can be used multiple times\n"
          "  --stun-monitoring=<pkts>:<flags> | Configure STUN monitoring: keep monitoring STUN session for <pkts> more pkts looking for RTP\n"
          "                                   | (0:0 to disable the feature); set the specified features in <flags>\n"
+         "  --cfg=proto,param,value          | Configure the specific attribute of this protocol\n"
          ,
          human_readeable_string_len,
          min_pattern_len, max_pattern_len, max_num_packets_per_flow, max_packet_payload_dissection,
@@ -649,6 +660,8 @@ static void help(u_int long_help) {
 
 #define OPTLONG_VALUE_STUN_MONITORING	2000
 
+#define OPTLONG_VALUE_CFG		3000
+
 static struct option longopts[] = {
   /* mandatory extcap options */
   { "extcap-interfaces", no_argument, NULL, '0'},
@@ -694,6 +707,8 @@ static struct option longopts[] = {
   { "lru-cache-ttl", required_argument, NULL, OPTLONG_VALUE_LRU_CACHE_TTL},
   { "stun-monitoring", required_argument, NULL, OPTLONG_VALUE_STUN_MONITORING},
 
+  { "cfg", required_argument, NULL, OPTLONG_VALUE_CFG},
+
   {0, 0, 0, 0}
 };
 
@@ -950,6 +965,42 @@ static int parse_two_unsigned_integer(char *param, u_int32_t *num1, u_int32_t *n
   return -1;
 }
 
+static int parse_three_strings(char *param, char **s1, char **s2, char **s3)
+{
+  char *saveptr, *tmp_str, *s1_str, *s2_str = NULL, *s3_str;
+
+  tmp_str = ndpi_strdup(param);
+  if(tmp_str) {
+    if(param[0] == ',') { /* First parameter might be missing */
+      s1_str = NULL;
+      s2_str = strtok_r(tmp_str, ",", &saveptr);
+    } else {
+      s1_str = strtok_r(tmp_str, ",", &saveptr);
+      if(s1_str) {
+        s2_str = strtok_r(NULL, ",", &saveptr);
+      }
+    }
+    if(s2_str) {
+      s3_str = strtok_r(NULL, ",", &saveptr);
+      if(s3_str) {
+        *s1 = ndpi_strdup(s1_str);
+        *s2 = ndpi_strdup(s2_str);
+        *s3 = ndpi_strdup(s3_str);
+        ndpi_free(tmp_str);
+        if(!s1 || !s2 || !s3) {
+          ndpi_free(s1);
+          ndpi_free(s2);
+          ndpi_free(s3);
+          return -1;
+        }
+        return 0;
+      }
+    }
+  }
+  ndpi_free(tmp_str);
+  return -1;
+}
+
 /* ********************************** */
 
 /**
@@ -968,6 +1019,7 @@ static void parseOptions(int argc, char **argv) {
 #endif
   int cache_idx, cache_size, cache_ttl;
   u_int32_t num_pkts, flags;
+  char *s1, *s2, *s3;
 
 #ifdef USE_DPDK
   {
@@ -1288,7 +1340,20 @@ static void parseOptions(int argc, char **argv) {
       break;
 
     case 'z':
-      init_prefs |= ndpi_enable_ja3_plus;
+      if(num_cfgs < MAX_NUM_CFGS) {
+        cfgs[num_cfgs].proto = ndpi_strdup("tls");
+        cfgs[num_cfgs].param = ndpi_strdup("ja3_plus.enable");
+        cfgs[num_cfgs].value = ndpi_strdup("1");
+        if(cfgs[num_cfgs].proto &&
+           cfgs[num_cfgs].param &&
+           cfgs[num_cfgs].value) {
+	  num_cfgs++;
+	} else {
+           ndpi_free(cfgs[num_cfgs].proto);
+           ndpi_free(cfgs[num_cfgs].param);
+           ndpi_free(cfgs[num_cfgs].value);
+	}
+      }
       break;
 
     case OPTLONG_VALUE_LRU_CACHE_SIZE:
@@ -1316,6 +1381,18 @@ static void parseOptions(int argc, char **argv) {
       stun_monitoring_flags = flags;
       break;
 
+    case OPTLONG_VALUE_CFG:
+      if(num_cfgs >= MAX_NUM_CFGS ||
+	 parse_three_strings(optarg, &s1, &s2, &s3) == -1) {
+        printf("Invalid parameter [%s] [num:%d/%d]\n", optarg, num_cfgs, MAX_NUM_CFGS);
+        exit(1);
+      }
+      cfgs[num_cfgs].proto = s1;
+      cfgs[num_cfgs].param = s2;
+      cfgs[num_cfgs].value = s3;
+      num_cfgs++;
+      break;
+
     default:
 #ifdef DEBUG_TRACE
       if(trace) fprintf(trace, " #### Unknown option -%c: skipping it #### \n", opt);
@@ -2660,7 +2737,7 @@ static void debug_printf(u_int32_t protocol, void *id_struct,
 static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
   NDPI_PROTOCOL_BITMASK enabled_bitmask;
   struct ndpi_workflow_prefs prefs;
-  int i;
+  int i, rc;
 
   memset(&prefs, 0, sizeof(prefs));
   prefs.decode_tunnels = decode_tunnels;
@@ -2739,6 +2816,14 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
       ndpi_set_protocol_aggressiveness(ndpi_thread_info[thread_id].workflow->ndpi_struct, i, aggressiveness[i]);
   }
 
+  for(i = 0; i < num_cfgs; i++) {
+    rc = ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct,
+			 cfgs[i].proto, cfgs[i].param, cfgs[i].value);
+    if (rc != 0)
+      fprintf(stderr, "Error setting config [%s][%s][%s]: %d\n",
+	      cfgs[i].proto, cfgs[i].param, cfgs[i].value, rc);
+  }
+
   if(stun_monitoring_pkts_to_process != -1 &&
      stun_monitoring_flags != -1)
     ndpi_set_monitoring_state(ndpi_thread_info[thread_id].workflow->ndpi_struct, NDPI_PROTOCOL_STUN,
@@ -5658,6 +5743,12 @@ int main(int argc, char **argv) {
   ndpi_free(_debug_protocols);
   ndpi_free(_disabled_protocols);
 
+  for(i = 0; i < num_cfgs; i++) {
+    ndpi_free(cfgs[i].proto);
+    ndpi_free(cfgs[i].param);
+    ndpi_free(cfgs[i].value);
+  }
+
 #ifdef DEBUG_TRACE
   if(trace) fclose(trace);
 #endif

diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c
@@ -36,7 +36,7 @@ void fuzz_set_alloc_callbacks_and_seed(int seed)
 
 void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod)
 {
-  ndpi_init_prefs prefs = ndpi_enable_ja3_plus;
+  ndpi_init_prefs prefs = 0;
   NDPI_PROTOCOL_BITMASK all;
   NDPI_PROTOCOL_BITMASK debug_bitmask;
 

diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp
@@ -37,6 +37,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 				     2 + 1 + 4 + /* ndpi_set_detection_preferences() */
 				     1 + 3 + 1 + 3 + /* Monitoring */
 				     7 + /* Opportunistic tls */
+				     2 * 21 + /* Cfgs */
 				     2 + /* Pid */
 				     2 + /* Category */
 				     1 + /* Tunnel */
@@ -101,9 +102,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   if(fuzzed_data.ConsumeBool())
     ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_enable_tls_block_dissection,
                                    0 /* unused */);
+  /* TODO */
+#if 0
   if(fuzzed_data.ConsumeBool())
     ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_max_packets_to_process,
                                    fuzzed_data.ConsumeIntegralInRange(0, (1 << 16)));
+#endif
 
   ndpi_set_detection_preferences(ndpi_info_mod, static_cast<ndpi_detection_preference>(0xFF), 0xFF); /* Invalid preference */
 
@@ -138,6 +142,51 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     ndpi_get_protocol_aggressiveness(ndpi_info_mod, i);
   }
 
+  /* Cfgs */
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "amazonaws", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "azure", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "cachefly", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "cloudflare", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "gambling", "domain_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "google", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "googlecloud", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "microsoft", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "mining", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "mullvad", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "protonvpn", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "tor", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "tls", "ja3_plus.enable", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "tls", "metadata.sha1_fingerprint.enable", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "whatsapp", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "zoom", "ip_list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, NULL, "asn_lists.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, NULL, "flow_risk.anonymous_subscriber.list.icloudprivaterelay.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, NULL, "flow_risk.anonymous_subscriber.list.protonvpn.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, NULL, "flow_risk.crawler_bot.list.load", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+  /* Wrong */
+  if(fuzzed_data.ConsumeBool())
+    ndpi_set_config(ndpi_info_mod, "xxx", "xxx", std::to_string(fuzzed_data.ConsumeIntegralInRange(0,2)).c_str());
+
   ndpi_finalize_initialization(ndpi_info_mod);
 
   /* Random protocol configuration */

diff --git a/fuzz/fuzz_filecfg_protocols.c b/fuzz/fuzz_filecfg_protocols.c
@@ -4,29 +4,13 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   struct ndpi_detection_module_struct *ndpi_struct;
   FILE *fd;
-  /* Try to be fast */
-  ndpi_init_prefs prefs = ndpi_dont_load_tor_list |
-			  ndpi_dont_load_azure_list |
-			  ndpi_dont_load_whatsapp_list |
-			  ndpi_dont_load_amazon_aws_list |
-			  ndpi_dont_load_ethereum_list |
-			  ndpi_dont_load_zoom_list |
-			  ndpi_dont_load_cloudflare_list |
-			  ndpi_dont_load_microsoft_list |
-			  ndpi_dont_load_google_list |
-			  ndpi_dont_load_google_cloud_list |
-			  ndpi_dont_load_asn_lists |
-			  ndpi_dont_init_risk_ptree |
-			  ndpi_dont_load_cachefly_list |
-			  ndpi_dont_load_protonvpn_list |
-			  ndpi_dont_load_mullvad_list;
   NDPI_PROTOCOL_BITMASK all;
   NDPI_PROTOCOL_BITMASK debug_bitmask;
 
   /* To allow memory allocation failures */
   fuzz_set_alloc_callbacks_and_seed(size);
 
-  ndpi_struct = ndpi_init_detection_module(prefs);
+  ndpi_struct = ndpi_init_detection_module(0);
   NDPI_BITMASK_SET_ALL(all);
   ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all);
 

diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
@@ -18,7 +18,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0;
 u_int8_t enable_flow_stats = 1;
 u_int8_t human_readeable_string_len = 5;
 u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
-ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus | ndpi_enable_tcp_ack_payload_heuristic;
+ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_tcp_ack_payload_heuristic;
 int enable_malloc_bins = 1;
 int malloc_size_stats = 0;
 int max_malloc_bins = 14;
@@ -71,6 +71,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ndpi_set_monitoring_state(workflow->ndpi_struct, NDPI_PROTOCOL_STUN,
                               10, NDPI_MONITORING_STUN_SUBCLASSIFIED);
 
+    ndpi_set_config(workflow->ndpi_struct, "tls", "ja3_plus.enable", "1");
+
     memset(workflow->stats.protocol_counter, 0,
 	   sizeof(workflow->stats.protocol_counter));
     memset(workflow->stats.protocol_counter_bytes, 0,

diff --git a/fuzz/fuzz_readerutils_parseprotolist.cpp b/fuzz/fuzz_readerutils_parseprotolist.cpp
@@ -13,7 +13,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0;
 u_int8_t enable_flow_stats = 0;
 u_int8_t human_readeable_string_len = 5;
 u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
-ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus | ndpi_enable_tcp_ack_payload_heuristic;
+ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_tcp_ack_payload_heuristic;
 int enable_malloc_bins = 0;
 int malloc_size_stats = 0;
 int max_malloc_bins = 14;

diff --git a/fuzz/fuzz_readerutils_workflow.cpp b/fuzz/fuzz_readerutils_workflow.cpp
@@ -15,7 +15,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0;
 u_int8_t enable_flow_stats = 0;
 u_int8_t human_readeable_string_len = 5;
 u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
-ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus | ndpi_enable_tcp_ack_payload_heuristic;
+ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_tcp_ack_payload_heuristic;
 int enable_malloc_bins = 0;
 int malloc_size_stats = 0;
 int max_malloc_bins = 14;

diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
@@ -2154,6 +2154,15 @@ extern "C" {
    */
   void *ndpi_get_user_data(struct ndpi_detection_module_struct *ndpi_str);
 
+
+  int ndpi_set_config(struct ndpi_detection_module_struct *ndpi_str,
+		      const char *proto, const char *param, const char *value);
+  char *ndpi_get_config(struct ndpi_detection_module_struct *ndpi_str,
+			const char *proto, const char *param, char *buf, int buf_len);
+  char *ndpi_dump_config(struct ndpi_detection_module_struct *ndpi_str,
+			 FILE *fd);
+
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in
@@ -153,7 +153,6 @@
 
 /* misc definitions */
 #define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000
-#define NDPI_DEFAULT_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT   32
 
 /* TODO: rebuild all memory areas to have a more aligned memory block here */