[Ntop-misc] nDPI HTTP Content type and referer

Mon, 28 Jul 2014 17:08:54 -0700 

I am trying to capture the HTTP Content type and Referer for a specific HTTP 
flow - browsing through the nDPI source I notice that there seem to be a bunch 
of structure defined in ndpi_struct.h as follows:

  struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET];
  struct ndpi_int_one_line_struct unix_line[NDPI_MAX_PARSE_LINES_PER_PACKET];
  struct ndpi_int_one_line_struct host_line;
  struct ndpi_int_one_line_struct forwarded_line;
  struct ndpi_int_one_line_struct referer_line;
  struct ndpi_int_one_line_struct content_line;
  struct ndpi_int_one_line_struct accept_line;
  struct ndpi_int_one_line_struct user_agent_line;
  struct ndpi_int_one_line_struct http_url_name;
  struct ndpi_int_one_line_struct http_encoding;
  struct ndpi_int_one_line_struct http_transfer_encoding;
  struct ndpi_int_one_line_struct http_contentlen;
  struct ndpi_int_one_line_struct http_cookie;
  struct ndpi_int_one_line_struct http_x_session_type;
  struct ndpi_int_one_line_struct server_line;
  struct ndpi_int_one_line_struct http_method;
  struct ndpi_int_one_line_struct http_response;

It seems that the host_line is copied to the host_server_name in http.c to give 
the URL, is it possible to also grab other information such as the content type 
(is this content_line as above?) and referer (referer_line as above?).  

It is not obvious to me exactly how the URL is actually captured and passed so 
hopefully there is simple way to achieve this without wholesale modification.

Before I go ahead and try and modify my code to include this I thought it might 
be worth asking to make sure I am not missing something obvious.

Ultimately I am trying to capture the referer and content type to potentially 
allow only display of originating URLs. That is, if I open a web page that 
contains many embedded URLs (for example advertisements) I only want to record 
the URL the user actually visited and ignore any embedded URLs in the page that 
currently are shown as separate flows with their own URL. 

Of course, if I can work this out in the interim I will be sure to post - who 
knows there just may be someone else with a similar requirement.

Thanks,

Dave.
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Reply via email to