Extracted http host and referer metadata (http protocol)

ntop · Jan 24, 2025 · dac31d8 · dac31d8
1 parent 2bf8dbf
commit dac31d8
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -1354,7 +1354,7 @@ struct ndpi_flow_struct {
     u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     u_int8_t websocket:1, request_header_observed:1, first_payload_after_header_observed:1, is_form:1, _pad:4;
     u_int16_t response_status_code; /* 200, 404, etc. */
-    char *url, *content_type /* response */, *request_content_type /* e.g. for POST */, *user_agent, *server;
+    char *url, *content_type /* response */, *request_content_type /* e.g. for POST */, *user_agent, *server, *referer, *host;
     char *detected_os; /* Via HTTP/QUIC User-Agent */
     char *nat_ip; /* Via HTTP X-Forwarded-For */
     char *filename; /* Via HTTP Content-Disposition */

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
@@ -6708,6 +6708,12 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) {
     if(flow->http.request_content_type)
       ndpi_free(flow->http.request_content_type);
 
+    if(flow->http.referer)
+      ndpi_free(flow->http.referer);
+
+    if(flow->http.host)
+      ndpi_free(flow->http.host);
+
     if(flow->http.user_agent)
       ndpi_free(flow->http.user_agent);
 

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
@@ -1027,7 +1027,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 
   if(packet->authorization_line.ptr != NULL) {
     const char *a = NULL, *b = NULL;
-    
+
     NDPI_LOG_DBG2(ndpi_struct, "Authorization line found %.*s\n",
 		  packet->authorization_line.len, packet->authorization_line.ptr);
 
@@ -1042,16 +1042,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 	if(packet->authorization_line.len > len) {
 	  u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len],
 					       packet->authorization_line.len - len, &content_len);
-	  
+
 	  if(content != NULL) {
 	    char *double_dot = strchr((char*)content, ':');
-	    
+
 	    if(double_dot) {
 	      double_dot[0] = '\0';
 	      flow->http.username = ndpi_strdup((char*)content);
 	      flow->http.password = ndpi_strdup(&double_dot[1]);
 	    }
-	    
+
 	    ndpi_free(content);
 	  }
 
@@ -1062,6 +1062,12 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
     }
   }
 
+  if((packet->referer_line.ptr != NULL) && (flow->http.referer == NULL))
+    flow->http.referer = ndpi_strndup(packet->referer_line.ptr, packet->referer_line.len);
+
+  if((packet->host_line.ptr != NULL) && (flow->http.host == NULL))
+    flow->http.host = ndpi_strndup(packet->host_line.ptr, packet->host_line.len);
+
   if(packet->content_line.ptr != NULL) {
     NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n",
 		  packet->content_line.len, packet->content_line.ptr);