Added fingerprint check

include/LocalHost.h

@@ -39,7 +39,7 @@ class LocalHost : public Host {
                              avoid purging race conditions) */
   u_int8_t router_mac_set : 1, drop_all_host_traffic : 1, systemHost : 1, _notused : 5;
   /* LocalHost data: update LocalHost::deleteHostData when adding new fields */
-  char *os_detail;
+  char *os_detail, *tcp_fingerprint;
   /* END Host data: */
 
   void initialize();

include/ntop_defines.h

@@ -325,6 +325,7 @@
 #define CONST_STR_USER_EXPIRE NTOPNG_USER_PREFIX ".%s.expire"
 #define CONST_STR_USER_CAPABILITIES NTOPNG_USER_PREFIX ".%s.capabilities"
 #define CONST_STR_USER_API_TOKEN NTOPNG_USER_PREFIX ".%s.api_token"
+#define CONST_STR_UNKNOWN_TCP_FINGERPRINTS NTOPNG_CACHE_PREFIX ".unknown_tcp_fingerprints"
 #define CONST_ALLOWED_NETS "allowed_nets"
 #define CONST_ALLOWED_IFNAME "allowed_ifname"
 #define CONST_USER_LANGUAGE "language"

scripts/lua/host_details.lua

@@ -707,12 +707,20 @@ else
             print("<tr>")
             if (host["os"] ~= "") then
                 local os_detail = ""
-                if not isEmptyString(host["os_detail"]) then
-                    os_detail = os_detail .. " [ " .. host["os_detail"] .. " ]"
+
+		if not isEmptyString(host["os_detail"]) then
+		   os_detail = os_detail .. " [ " .. host["os_detail"] .. " ]"
                 end
+
                 print("<th>" .. i18n("os") .. "</th><td> <A HREF='" .. ntop.getHttpPrefix() ..
                           "/lua/hosts_stats.lua?os=" .. host["os"] .. "'>" .. discover.getOsAndIcon(host["os"]) ..
-                          "</A>" .. os_detail .. "</td><td></td>\n")
+                          "</A>" .. os_detail)
+
+		if(host["tcp_fingerprint"] ~= nil) then
+		   print(" <span class=\"badge bg-success\">TCP Fingerprint: "..host["tcp_fingerprint"].. "</span>")
+		end
+
+		print("</td><td></td>\n")
             else
                 print("<th></th><td></td>\n")
             end

src/Flow.cpp

@@ -5396,9 +5396,11 @@ void Flow::updateTcpFlags(const struct bpf_timeval *when, u_int8_t flags,
 				     ndpiFlow->tcp.fingerprint,
 				     ndpi_print_os_hint(ndpiFlow->tcp.os_hint));
 #endif
-
-	cli_host->setTCPfingerprint(ndpiFlow->tcp.fingerprint,
-				    (enum operating_system_hint)ndpiFlow->tcp.os_hint);
+
+	if(ndpiFlow->tcp.os_hint != os_hint_unknown) {
+	  cli_host->setTCPfingerprint(ndpiFlow->tcp.fingerprint,
+				      (enum operating_system_hint)ndpiFlow->tcp.os_hint);
+	}
       }
     }
 

src/Host.cpp

@@ -2055,10 +2055,19 @@ char *Host::get_mac_based_tskey(Mac *mac, char *buf, size_t bufsize,
   Public method to set the operating system
  */
 void Host::setOS(OSType _os) {
-  Mac *mac = getMac();
+  if((os_type != os_unknown) && ( os_type != _os)) {
+    char buf[64];
+
+    ntop->getTrace()->traceEvent(TRACE_WARNING, "Found OS inconsistency: current=%s vs new=%s [%s]",
+				 Utils::OSType2Str(os_type), Utils::OSType2Str(_os),
+				 print(buf, sizeof(buf)));
 
-  if ((mac == NULL) || (mac->getDeviceType() != device_networking)) {
-    os_type = _os;
+  } else {
+    Mac *mac = getMac();
+
+    if ((mac == NULL) || (mac->getDeviceType() != device_networking)) {
+      os_type = _os;
+    }
   }
 }
 

src/LocalHost.cpp

@@ -29,7 +29,7 @@ LocalHost::LocalHost(NetworkInterface *_iface, int32_t _iface_idx, Mac *_mac,
     : Host(_iface, _iface_idx, _mac, _vlanId, _observation_point_id, _ip),
       contacted_server_ports(CONST_MAX_NUM_QUEUED_PORTS, "localhost-serverportsproto"),
       usedPorts(this) {
-  os = NULL;
+  os = NULL, tcp_fingerprint = NULL;
 
   if (trace_new_delete)
     ntop->getTrace()->traceEvent(TRACE_NORMAL, "[new] %s", __FILE__);
@@ -62,9 +62,12 @@ LocalHost::LocalHost(NetworkInterface *_iface, int32_t _iface_idx,
 LocalHost::~LocalHost() {
   if (trace_new_delete)
     ntop->getTrace()->traceEvent(TRACE_NORMAL, "[delete] %s", __FILE__);
+
   addInactiveData();
+
   if (initial_ts_point) delete (initial_ts_point);
   freeLocalHostData();
+
   /* Decrease number of active hosts */
   if (isUnicastHost()) iface->decNumHosts(this, is_rx_only);
 #ifdef NTOPNG_PRO
@@ -558,11 +561,13 @@ void LocalHost::freeLocalHostData() {
     os_detail = NULL;
   }
 
-  for (std::unordered_map<u_int32_t, DoHDoTStats *>::iterator it =
-           doh_dot_map.begin();
+  if(tcp_fingerprint)
+    free(tcp_fingerprint);
+
+  for (std::unordered_map<u_int32_t, DoHDoTStats *>::iterator it = doh_dot_map.begin();
        it != doh_dot_map.end(); ++it)
     delete it->second;
-
+  
   if (fingerprints) delete fingerprints;
 }
 
@@ -734,6 +739,9 @@ void LocalHost::lua_get_fingerprints(lua_State *vm) {
     fingerprints->ja4.lua("ja4_fingerprint", vm);
     fingerprints->hassh.lua("hassh_fingerprint", vm);
   }
+
+  if(tcp_fingerprint != NULL)
+    lua_push_str_table_entry(vm, "tcp_fingerprint", tcp_fingerprint);
 }
 
 /* *************************************** */
@@ -942,7 +950,7 @@ void LocalHost::setResolvedName(const char *resolved_name) {
 
 /* *************************************** */
 
-void LocalHost::setTCPfingerprint(char *tcp_fingerprint, enum operating_system_hint os) {
+void LocalHost::setTCPfingerprint(char *_tcp_fingerprint, enum operating_system_hint os) {
   if(os == os_hint_unknown)
     ;
   else if(host_os == os_hint_unknown) {
@@ -978,6 +986,22 @@ void LocalHost::setTCPfingerprint(char *tcp_fingerprint, enum operating_system_h
       /* Nothing to do */
       break;
     }
+
+    if(tcp_fingerprint == NULL) {
+      char buf[64], log[128];
+
+      snprintf(log, sizeof(log), "%s,%s",
+	       get_ip()->print(buf, sizeof(buf)),
+	       Utils::OSType2Str(getOS()));
+
+      ntop->getTrace()->traceEvent(TRACE_INFO, "** Unknown TCP fingerprint %s [%s]",
+				   _tcp_fingerprint,log);
+
+      ntop->getRedis()->hashSet(CONST_STR_UNKNOWN_TCP_FINGERPRINTS, _tcp_fingerprint, log);
+
+      tcp_fingerprint = strdup(_tcp_fingerprint);	  
+    }
+
   } else if(host_os != os) {
     ntop->getTrace()->traceEvent(TRACE_WARNING, "Found OS inconsistency %s vs %s",
 				 ndpi_print_os_hint(host_os),