"vlan_id" seems missing in the json

[UnveilTech]

Hello Toni, new proposal: add the "vlan_id" to the json.

our change in the nDPId.c: struct nDPId_flow_extended { struct nDPId_flow_basic flow_basic; // Do not move this element!

unsigned long long int flow_id;
uint32_t vlan_id; # <- add the "vlan_id"

uint16_t min_l4_payload_len[FD_COUNT];
uint16_t max_l4_payload_len[FD_COUNT];
; # <- seems that end should be delete

unsigned long long int packets_processed[FD_COUNT];
uint64_t first_seen;
uint64_t last_flow_update;

struct nDPId_flow_analysis * flow_analysis;
unsigned long long int total_l4_payload_len[FD_COUNT];
struct ndpi_proto detected_l7_protocol;

}; ... static void jsonize_flow(struct nDPId_workflow const workflow, struct nDPId_flow_extended const const flow_ext) { ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_id", flow_ext->flow_id); ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "vlan_id", flow_ext->vlan_id); # <- add the "vlan_id" ...

we suppose the C file does not need more change, the json is now like that: {"flow_event_id":7,"flow_event_name":"detected","thread_id":7,"packet_id":104990,"source":"enp4s0","alias":"hostname","uuid":"03000200-0400-0500-0006-000700080009","flow_id":2193,"vlan_id":0,"flow_state":"info",.......

"vlan_id" info is important when the flow is coming from many ether ports bridged to a target ether port... more details (but we think you know that): https://www.ntop.org/products/deep-packet-inspection/ndpi/

bye Fred

[utoni]

Hi Fred,

this will require more work i.e. datalink processing needs to be adjusted to automatically dissect the vlan_id if ethernet type is ETH_P_VLAN.

[UnveilTech]

Toni, sure, do as you can/want :o) having the vlan_id will be great...

bye Fred

[utoni]

Please try-out branch tmp for vlan_id dissection and report any issue. :) (will merge to main as soon as the OpenWrt build does not fail due to upstream issues)

[UnveilTech]

Hi Toni,

we've tried the TMP build, works fine, but: can you modify the line 3941 ("struct nDPId_flow_basic flow_basic = {.vlan_id = USHRT_MAX};") of the nDPId.c by "struct nDPId_flow_basic flow_basic = {.vlan_id = 0};" or will it be a problem ?

instead of not having a vlan_id, it would be great for having a value equal to zero than nothing, what do you think ?

bye Fred

[utoni]

Not a fan of misusing VLAN id "0" for everything even there is no 802.1Q header present.

[UnveilTech]

Toni, I get your point, of course. The issue is that when the vlan_id equals USHRT_MAX (that's by default), in this case the vlan_id is not present in the json. Settings the vlan_id to 0 (zero) is to be sure the data will be in the json... in case set it to -1 or null, what do you think ?

bye Fred