vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-18 14:49:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

A (tiny) effort to reduce memory usage per flow (#1304)

Browse source 
Follow-up of 22241a1d
Only trivial changes:
* remove completely unused fields
* remove fields only written (but never read)
* CSGO protocol only handles UDP traffic
This commit is contained in:
Ivan Nardi 2021-09-18 09:29:45 +02:00 committed by GitHub
parent 4539e96ce2
commit 227e586e63
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 25 additions and 243 deletions
Download patch file Download diff file Expand all files Collapse all files

77
python/ndpi.py
View file

@ -441,8 +441,6 @@ struct ndpi_id_struct {
to compare this, use:
**/
NDPI_PROTOCOL_BITMASK detected_protocol_bitmask;
/* NDPI_PROTOCOL_RTSP */
ndpi_ip_addr_t rtsp_ip_address;
/* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */
/* NDPI_PROTOCOL_IRC */
@ -457,9 +455,6 @@ struct ndpi_id_struct {
/* NDPI_PROTOCOL_THUNDER */
uint32_t thunder_ts;
/* NDPI_PROTOCOL_RTSP */
uint32_t rtsp_timer;
/* NDPI_PROTOCOL_ZATTOO */
uint32_t zattoo_ts;
@ -494,8 +489,6 @@ struct ndpi_id_struct {
/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */
uint8_t jabber_voice_stun_used_ports;
uint8_t rtsp_ts_set:1;
};
struct ndpi_flow_tcp_struct {
@ -505,15 +498,9 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_MAIL_POP */
uint16_t pop_command_bitmask;
/* NDPI_PROTOCOL_QQ */
uint16_t qq_nxt_len;
/* NDPI_PROTOCOL_WHATSAPP */
uint8_t wa_matched_so_far;
/* NDPI_PROTOCOL_TDS */
uint8_t tds_login_version;
/* NDPI_PROTOCOL_IRC */
uint8_t irc_stage;
uint8_t irc_port;
@ -533,35 +520,16 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_SOULSEEK */
uint32_t soulseek_stage:2;
/* NDPI_PROTOCOL_TDS */
uint32_t tds_stage:3;
/* NDPI_PROTOCOL_USENET */
uint32_t usenet_stage:2;
/* NDPI_PROTOCOL_IMESH */
uint32_t imesh_stage:4;
/* NDPI_PROTOCOL_HTTP */
uint32_t http_setup_dir:2;
uint32_t http_stage:2;
uint32_t http_empty_line_seen:1;
uint32_t http_wait_for_retransmission:1;
/* NDPI_PROTOCOL_GNUTELLA */
uint32_t gnutella_stage:2; // 0 - 2
/* NDPI_CONTENT_MMS */
uint32_t mms_stage:2;
/* NDPI_PROTOCOL_YAHOO */
uint32_t yahoo_sip_comm:1;
uint32_t yahoo_http_proxy_stage:2;
/* NDPI_PROTOCOL_MSN */
uint32_t msn_stage:3;
uint32_t msn_ssl_ft:2;
/* NDPI_PROTOCOL_SSH */
uint32_t ssh_stage:3;
@ -577,8 +545,6 @@ struct ndpi_flow_tcp_struct {
unsigned buffer_len, buffer_used;
} message;
void* srv_cert_fingerprint_ctx; /* SHA-1 */
/* NDPI_PROTOCOL_TLS */
uint8_t certificate_processed:1, fingerprint_set:1, _pad:6;
uint8_t sha1_certificate_fingerprint[20], num_tls_blocks;
@ -588,8 +554,7 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_POSTGRES */
uint32_t postgres_stage:3;
/* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */
uint32_t ddlink_server_direction:1;
/* Part of the TCP header. */
uint32_t seen_syn:1;
uint32_t seen_syn_ack:1;
uint32_t seen_ack:1;
@ -606,9 +571,6 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_WORLDOFWARCRAFT */
uint32_t wow_stage:2;
/* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */
uint32_t veoh_tv_stage:2;
/* NDPI_PROTOCOL_SHOUTCAST */
uint32_t shoutcast_stage:2;
@ -648,12 +610,6 @@ struct ndpi_flow_tcp_struct {
};
struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_SNMP */
uint32_t snmp_msg_id;
/* NDPI_PROTOCOL_SNMP */
uint32_t snmp_stage:2;
/* NDPI_PROTOCOL_PPSTREAM */
uint32_t ppstream_stage:3; // 0 - 7
@ -669,9 +625,6 @@ struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_XBOX */
uint32_t xbox_stage:1;
/* NDPI_PROTOCOL_WINDOWS_UPDATE */
uint32_t wsus_stage:1;
/* NDPI_PROTOCOL_SKYPE */
uint8_t skype_packet_id;
@ -710,7 +663,6 @@ struct ndpi_packet_struct {
uint64_t current_time_ms;
uint16_t detected_protocol_stack[2];
uint16_t protocol_stack_info;
struct ndpi_int_one_line_struct line[64];
/* HTTP headers */
@ -739,14 +691,12 @@ struct ndpi_packet_struct {
uint16_t actual_payload_len;
uint16_t num_retried_bytes;
uint16_t parsed_lines;
uint16_t parsed_unix_lines;
uint16_t empty_line_position;
uint8_t tcp_retransmission;
uint8_t l4_protocol;
uint8_t tls_certificate_detected:4, tls_certificate_num_checks:4;
uint8_t packet_lines_parsed_complete:1,
packet_direction:1, empty_line_position_set:1, pad:5;
packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4;
};
struct ndpi_detection_module_struct;
@ -962,13 +912,8 @@ struct ndpi_detection_module_struct {
uint32_t thunder_timeout;
/* SoulSeek parameters */
uint32_t soulseek_connection_ip_tick_timeout;
/* rtsp parameters */
uint32_t rtsp_connection_timeout;
/* rstp */
uint32_t orb_rstp_ts_timeout;
/* yahoo */
uint8_t yahoo_detect_http_connections;
uint32_t yahoo_lan_video_timeout;
uint32_t zattoo_connection_timeout;
uint32_t jabber_stun_timeout;
uint32_t jabber_file_transfer_timeout;
@ -1010,7 +955,6 @@ typedef enum {
struct ndpi_flow_struct {
uint16_t detected_protocol_stack[2];
uint16_t protocol_stack_info;
/* init parameter, internal used to set up timestamp,... */
uint16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category, guessed_header_category;
uint8_t l4_proto, protocol_id_already_guessed:1, host_already_guessed:1,
@ -1037,11 +981,6 @@ struct ndpi_flow_struct {
/* Place textual flow info here */
char flow_extra_info[16];
/*
Pointer to src or dst that identifies the
server of this connection
*/
struct ndpi_id_struct *server_id;
/* HTTP host or DNS query */
uint8_t host_server_name[240];
uint8_t initial_binary_bytes[8], initial_binary_bytes_len;
@ -1181,24 +1120,15 @@ struct ndpi_flow_struct {
/* NDPI_PROTOCOL_DIRECTCONNECT */
uint8_t directconnect_stage:2; // 0 - 1
/* NDPI_PROTOCOL_YAHOO */
uint8_t sip_yahoo_voice:1;
/* NDPI_PROTOCOL_HTTP */
uint8_t http_detected:1;
/* NDPI_PROTOCOL_RTSP */
uint8_t rtsprdt_stage:2, rtsp_control_flow:1;
/* NDPI_PROTOCOL_YAHOO */
uint8_t yahoo_detection_finished:2;
uint8_t rtsprdt_stage:2;
/* NDPI_PROTOCOL_ZATTOO */
uint8_t zattoo_stage:3;
/* NDPI_PROTOCOL_QQ */
uint8_t qq_stage:3;
/* NDPI_PROTOCOL_THUNDER */
uint8_t thunder_stage:2; // 0 - 3
@ -1242,7 +1172,6 @@ struct ndpi_flow_struct {
uint32_t csgo_id2;
/* internal structures to save functions calls */
struct ndpi_packet_struct packet;
struct ndpi_flow_struct *flow;
struct ndpi_id_struct *src;
struct ndpi_id_struct *dst;
};

48
python/ndpi_typestruct.py
View file

@ -262,11 +262,8 @@ NDPIDetectionModuleStruct._fields_ = [
("battlefield_timeout", c_uint32),
("thunder_timeout", c_uint32),
("soulseek_connection_ip_tick_timeout", c_uint32),
("rtsp_connection_timeout", c_uint32),
("tvants_connection_timeout", c_uint32),
("orb_rstp_ts_timeout", c_uint32),
("yahoo_detect_http_connections", c_uint8),
("yahoo_lan_video_timeout", c_uint32),
("zattoo_connection_timeout", c_uint32),
("jabber_stun_timeout", c_uint32),
("jabber_file_transfer_timeout", c_uint32),
@ -312,7 +309,6 @@ class NDPIIpAddrT(Union):
class NDPIIdStruct(Structure):
_fields_ = [
('detected_protocol_bitmask', NDPIProtocolBitMask),
('rtsp_ip_address', NDPIIpAddrT),
('irc_port', c_uint16 * 8),
('last_time_port_used', c_uint32 * 8),
('irc_ts', c_uint32),
@ -336,7 +332,6 @@ class NDPIIdStruct(Structure):
('irc_number_of_port', c_uint8),
('oscar_ssl_session_id', c_uint8 * 33),
('jabber_voice_stun_used_ports', c_uint8),
('rtsp_ts_set', c_uint8, 1),
]
@ -345,9 +340,7 @@ class NDPIFlowTcpStruct(Structure):
_fields_ = [
('smtp_command_bitmask', c_uint16),
('pop_command_bitmask', c_uint16),
('qq_nxt_len', c_uint16),
('wa_matched_so_far', c_uint8),
('tds_login_version', c_uint8),
('irc_stage', c_uint8),
('irc_port', c_uint8),
('h323_valid_packets', c_uint8),
@ -357,23 +350,13 @@ class NDPIFlowTcpStruct(Structure):
('irc_direction', c_uint32, 2),
('irc_0x1000_full', c_uint32, 1),
('soulseek_stage', c_uint32, 2),
('tds_stage', c_uint32, 3),
('usenet_stage', c_uint32, 2),
('imesh_stage', c_uint32, 4),
('http_setup_dir', c_uint32, 2),
('http_stage', c_uint32, 2),
('http_empty_line_seen', c_uint32, 1),
('http_wait_for_retransmission', c_uint32, 1),
('gnutella_stage', c_uint32, 2),
('mms_stage', c_uint32, 2),
('yahoo_sip_comm', c_uint32, 1),
('yahoo_http_proxy_stage', c_uint32, 2),
('msn_stage', c_uint32, 3),
('msn_ssl_ft', c_uint32, 2),
('ssh_stage', c_uint32, 3),
('vnc_stage', c_uint32, 2),
('telnet_stage', c_uint32, 2),
('tls_srv_cert_fingerprint_ctx', c_void_p),
('tls_seen_client_cert', c_uint8, 1),
('tls_seen_server_cert', c_uint8, 1),
('tls_seen_certificate', c_uint8, 1),
@ -384,7 +367,6 @@ class NDPIFlowTcpStruct(Structure):
('tls_fingerprint_len', c_int16),
('tls_sha1_certificate_fingerprint', c_uint8 * 20),
('postgres_stage', c_uint32, 3),
('ddlink_server_direction', c_uint32, 1),
('seen_syn', c_uint32, 1),
('seen_syn_ack', c_uint32, 1),
('seen_ack', c_uint32, 1),
@ -392,7 +374,6 @@ class NDPIFlowTcpStruct(Structure):
('dofus_stage', c_uint32, 1),
('fiesta_stage', c_uint32, 2),
('wow_stage', c_uint32, 2),
('veoh_tv_stage', c_uint32, 2),
('shoutcast_stage', c_uint32, 2),
('rtp_special_packets_seen', c_uint32, 1),
('mail_pop_stage', c_uint32, 2),
@ -413,16 +394,11 @@ class NDPIFlowTcpStruct(Structure):
class NDPIFlowUdpStruct(Structure):
_pack_ = 1
_fields_ = [
('battlefield_msg_id', c_uint32),
('snmp_msg_id', c_uint32),
('battlefield_stage', c_uint32, 3),
('snmp_stage', c_uint32, 2),
('ppstream_stage', c_uint32, 3),
('halflife2_stage', c_uint32, 2),
('tftp_stage', c_uint32, 2),
('aimini_stage', c_uint32, 5),
('xbox_stage', c_uint32, 1),
('wsus_stage', c_uint32, 1),
('skype_packet_id', c_uint8),
('teamviewer_stage', c_uint8),
('eaq_pkt_id', c_uint8),
@ -642,13 +618,6 @@ class NDPIUdpHdr(Structure):
]
class NDPIPacketStructStack(Structure):
_pack_ = 1
_fields_ = [
('protocol_stack_info', c_uint16)
]
class NDPIPacketStruct(Structure):
_fields_ = [
('iph', POINTER(NDPIIphdr)),
@ -657,10 +626,8 @@ class NDPIPacketStruct(Structure):
('udp', POINTER(NDPIUdpHdr)),
('generic_l4_ptr', POINTER(c_uint8)),
('payload', POINTER(c_uint8)),
('tick_timestamp', c_uint32),
('tick_timestamp_l', c_uint64),
('current_timestamp_ms', c_uint64),
('detected_protocol_stack', c_uint16 * ndpi.ndpi_wrap_ndpi_procol_size()),
('ndpi_packet_stack', NDPIPacketStructStack),
('line', NDPIIntOneLineStruct * 64),
('host_line', NDPIIntOneLineStruct),
('forwarded_line', NDPIIntOneLineStruct),
@ -685,16 +652,14 @@ class NDPIPacketStruct(Structure):
('actual_payload_len', c_uint16),
('num_retried_bytes', c_uint16),
('parsed_lines', c_uint16),
('parsed_unix_lines', c_uint16),
('empty_line_position', c_uint16),
('tcp_retransmission', c_uint8),
('l4_protocol', c_uint8),
('ssl_certificate_detected', c_uint8, 4),
('ssl_certificate_num_checks', c_uint8, 4),
('packet_lines_parsed_complete', c_uint8, 1),
('packet_direction', c_uint8, 1),
('empty_line_position_set', c_uint8, 1),
('pad', c_uint8, 5),
('http_check_content', c_uint8, 1),
('pad', c_uint8, 4),
]
@ -702,7 +667,6 @@ class NDPIFlowStructStack(Structure):
_pack_ = 1
_fields_ = [
("detected_protocol_stack", c_uint16 * ndpi.ndpi_wrap_ndpi_procol_size()),
("protocol_stack_info", c_uint16)
]
@ -725,7 +689,6 @@ NDPIFlowStruct._fields_ = [
("num_processed_pkts", c_uint8),
("extra_packets_func", CFUNCTYPE(c_int, POINTER(NDPIDetectionModuleStruct), POINTER(NDPIFlowStruct))),
("l4", L4),
("server_id", POINTER(NDPIIdStruct)),
("host_server_name", c_ubyte * 256),
("http", Http),
("protos", Protos),
@ -738,15 +701,11 @@ NDPIFlowStruct._fields_ = [
('byte_counter', c_uint16 * 2),
('bittorrent_stage', c_uint8),
('directconnect_stage', c_uint8, 2),
('sip_yahoo_voice', c_uint8, 1),
('http_detected', c_uint8, 1),
('http_upper_protocol', c_uint16),
('http_lower_protocol', c_uint16),
('rtsprdt_stage', c_uint8, 2),
('rtsp_control_flow', c_uint8, 1),
('yahoo_detection_finished', c_uint8, 2),
('zattoo_stage', c_uint8, 3),
('qq_stage', c_uint8, 3),
('thunder_stage', c_uint8, 2),
('oscar_ssl_voice_stage', c_uint8, 3),
('oscar_video_voice', c_uint8, 1),
@ -775,7 +734,6 @@ NDPIFlowStruct._fields_ = [
('kxun_counter', c_uint16),
('iqiyi_counter', c_uint16),
('packet', NDPIPacketStruct),
('flow', POINTER(NDPIFlowStruct)),
('src', POINTER(NDPIIdStruct)),
('dst', POINTER(NDPIIdStruct))
]

3
src/include/ndpi_define.h.in
View file

@ -172,10 +172,7 @@
#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60
#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60
#define NDPI_THUNDER_CONNECTION_TIMEOUT 30
#define NDPI_RTSP_CONNECTION_TIMEOUT 5
#define NDPI_TVANTS_CONNECTION_TIMEOUT 5
#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1
#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30
#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120
#define NDPI_ZATTOO_FLASH_TIMEOUT 5
#define NDPI_JABBER_STUN_TIMEOUT 30

81
src/include/ndpi_typedefs.h
View file

@ -579,8 +579,6 @@ struct ndpi_id_struct {
to compare this, use:
**/
NDPI_PROTOCOL_BITMASK detected_protocol_bitmask;
/* NDPI_PROTOCOL_RTSP */
ndpi_ip_addr_t rtsp_ip_address;
/* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */
/* NDPI_PROTOCOL_IRC */
@ -595,9 +593,6 @@ struct ndpi_id_struct {
/* NDPI_PROTOCOL_THUNDER */
u_int32_t thunder_ts;
/* NDPI_PROTOCOL_RTSP */
u_int32_t rtsp_timer;
/* NDPI_PROTOCOL_ZATTOO */
u_int32_t zattoo_ts;
@ -632,9 +627,6 @@ struct ndpi_id_struct {
/* NDPI_PROTOCOL_JABBER */
u_int8_t jabber_voice_stun_used_ports;
/* NDPI_PROTOCOL_RTSP */
u_int8_t rtsp_ts_set:1;
};
/* ************************************************** */
@ -646,15 +638,9 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_MAIL_POP */
u_int16_t pop_command_bitmask;
/* NDPI_PROTOCOL_QQ */
u_int16_t qq_nxt_len;
/* NDPI_PROTOCOL_WHATSAPP */
u_int8_t wa_matched_so_far;
/* NDPI_PROTOCOL_TDS */
u_int8_t tds_login_version;
/* NDPI_PROTOCOL_IRC */
u_int8_t irc_stage;
u_int8_t irc_port;
@ -674,35 +660,16 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_SOULSEEK */
u_int32_t soulseek_stage:2;
/* NDPI_PROTOCOL_TDS */
u_int32_t tds_stage:3;
/* NDPI_PROTOCOL_USENET */
u_int32_t usenet_stage:2;
/* NDPI_PROTOCOL_IMESH */
u_int32_t imesh_stage:4;
/* NDPI_PROTOCOL_HTTP */
u_int32_t http_setup_dir:2;
u_int32_t http_stage:2;
u_int32_t http_empty_line_seen:1;
u_int32_t http_wait_for_retransmission:1;
/* NDPI_PROTOCOL_GNUTELLA */
u_int32_t gnutella_stage:2; // 0 - 2
/* NDPI_CONTENT_MMS */
u_int32_t mms_stage:2;
/* NDPI_PROTOCOL_YAHOO */
u_int32_t yahoo_sip_comm:1;
u_int32_t yahoo_http_proxy_stage:2;
/* NDPI_PROTOCOL_MSN */
u_int32_t msn_stage:3;
u_int32_t msn_ssl_ft:2;
/* NDPI_PROTOCOL_SSH */
u_int32_t ssh_stage:3;
@ -715,8 +682,6 @@ struct ndpi_flow_tcp_struct {
struct {
message_t message;
void* srv_cert_fingerprint_ctx; /* SHA-1 */
/* NDPI_PROTOCOL_TLS */
u_int8_t certificate_processed:1, fingerprint_set:1, _pad:6;
u_int8_t num_tls_blocks;
@ -726,9 +691,6 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_POSTGRES */
u_int32_t postgres_stage:3;
/* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */
u_int32_t ddlink_server_direction:1;
/* Part of the TCP header. */
u_int32_t seen_syn:1;
u_int32_t seen_syn_ack:1;
@ -746,9 +708,6 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_WORLDOFWARCRAFT */
u_int32_t wow_stage:2;
/* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */
u_int32_t veoh_tv_stage:2;
/* NDPI_PROTOCOL_SHOUTCAST */
u_int32_t shoutcast_stage:2;
@ -793,12 +752,6 @@ struct ndpi_flow_tcp_struct {
/* ************************************************** */
struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_SNMP */
u_int32_t snmp_msg_id;
/* NDPI_PROTOCOL_SNMP */
u_int32_t snmp_stage:2;
/* NDPI_PROTOCOL_PPSTREAM */
u_int32_t ppstream_stage:3; // 0 - 7
@ -814,9 +767,6 @@ struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_XBOX */
u_int32_t xbox_stage:1;
/* NDPI_PROTOCOL_WINDOWS_UPDATE */
u_int32_t wsus_stage:1;
/* NDPI_PROTOCOL_SKYPE */
u_int8_t skype_packet_id;
u_int8_t skype_crc[4];
@ -842,6 +792,10 @@ struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_QUIC */
u_int8_t *quic_reasm_buf;
u_int32_t quic_reasm_buf_len;
/* NDPI_PROTOCOL_CSGO */
u_int8_t csgo_strid[18],csgo_state,csgo_s2;
u_int32_t csgo_id2;
};
/* ************************************************** */
@ -880,7 +834,6 @@ struct ndpi_packet_struct {
u_int64_t current_time_ms;
u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
u_int16_t protocol_stack_info;
struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET];
/* HTTP headers */
@ -911,12 +864,10 @@ struct ndpi_packet_struct {
u_int16_t actual_payload_len;
u_int16_t num_retried_bytes;
u_int16_t parsed_lines;
u_int16_t parsed_unix_lines;
u_int16_t empty_line_position;
u_int8_t tcp_retransmission;
u_int8_t l4_protocol;
u_int8_t tls_certificate_detected:4, tls_certificate_num_checks:4;
u_int8_t packet_lines_parsed_complete:1,
packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4;
};
@ -1180,13 +1131,8 @@ struct ndpi_detection_module_struct {
u_int32_t thunder_timeout;
/* SoulSeek parameters */
u_int32_t soulseek_connection_ip_tick_timeout;
/* rtsp parameters */
u_int32_t rtsp_connection_timeout;
/* rstp */
u_int32_t orb_rstp_ts_timeout;
/* yahoo */
u_int8_t yahoo_detect_http_connections;
u_int32_t yahoo_lan_video_timeout;
u_int32_t zattoo_connection_timeout;
u_int32_t jabber_stun_timeout;
u_int32_t jabber_file_transfer_timeout;
@ -1257,7 +1203,6 @@ struct tls_heuristics {
*/
struct ndpi_flow_struct {
u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
u_int16_t protocol_stack_info;
/* init parameter, internal used to set up timestamp,... */
u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category, guessed_header_category;
@ -1293,11 +1238,6 @@ struct ndpi_flow_struct {
/* Place textual flow info here */
char flow_extra_info[16];
/*
Pointer to src or dst that identifies the
server of this connection
*/
struct ndpi_id_struct *server_id;
/* HTTP host or DNS query */
u_char host_server_name[240];
u_int8_t initial_binary_bytes[8], initial_binary_bytes_len;
@ -1448,17 +1388,11 @@ struct ndpi_flow_struct {
u_int8_t http_detected:1;
/* NDPI_PROTOCOL_RTSP */
u_int8_t rtsprdt_stage:2, rtsp_control_flow:1;
/* NDPI_PROTOCOL_YAHOO */
u_int8_t yahoo_detection_finished:2;
u_int8_t rtsprdt_stage:2;
/* NDPI_PROTOCOL_ZATTOO */
u_int8_t zattoo_stage:3;
/* NDPI_PROTOCOL_QQ */
u_int8_t qq_stage:3;
/* NDPI_PROTOCOL_THUNDER */
u_int8_t thunder_stage:2; // 0 - 3
@ -1494,13 +1428,8 @@ struct ndpi_flow_struct {
u_int8_t tinc_state;
struct tinc_cache_entry tinc_cache_entry;
/* NDPI_PROTOCOL_CSGO */
u_int8_t csgo_strid[18],csgo_state,csgo_s2;
u_int32_t csgo_id2;
/* internal structures to save functions calls */
struct ndpi_packet_struct packet;
struct ndpi_flow_struct *flow;
struct ndpi_id_struct *src;
struct ndpi_id_struct *dst;
};

8
src/lib/ndpi_main.c
View file

@ -2339,7 +2339,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
ndpi_str->directconnect_connection_ip_tick_timeout =
NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT * ndpi_str->ticks_per_second;
ndpi_str->rtsp_connection_timeout = NDPI_RTSP_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second;
ndpi_str->irc_timeout = NDPI_IRC_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second;
ndpi_str->gnutella_timeout = NDPI_GNUTELLA_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second;
ndpi_str->thunder_timeout = NDPI_THUNDER_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second;
@ -4276,7 +4275,6 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru
void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow, struct ndpi_packet_struct *packet) {
memcpy(&packet->detected_protocol_stack, &flow->detected_protocol_stack, sizeof(packet->detected_protocol_stack));
memcpy(&packet->protocol_stack_info, &flow->protocol_stack_info, sizeof(packet->protocol_stack_info));
}
/* ****************************************************** */
@ -4948,9 +4946,6 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, st
if(flow == NULL)
return;
if(flow->server_id == NULL)
flow->server_id = dst; /* Default */
/* need at least 20 bytes for ip header */
if(packetlen < 20) {
return;
@ -5432,9 +5427,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
ret.master_protocol = flow->detected_protocol_stack[1],
ret.app_protocol = flow->detected_protocol_stack[0];
if(flow->server_id == NULL)
flow->server_id = dst; /* Default */
if(flow->check_extra_packets) {
ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_time_ms, src, dst);
/* Update in case of new match */

28
src/lib/protocols/csgo.c
View file

@ -38,18 +38,18 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n
uint32_t w = htonl(get_u_int32_t(packet->payload, 0));
NDPI_LOG_DBG2(ndpi_struct, "CSGO: word %08x\n", w);
if(!flow->csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) {
if(!flow->l4.udp.csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) {
if(!memcmp(packet->payload + 5, "connect0x", 9)) {
flow->csgo_state++;
memcpy(flow->csgo_strid, packet->payload + 5, 18);
flow->l4.udp.csgo_state++;
memcpy(flow->l4.udp.csgo_strid, packet->payload + 5, 18);
NDPI_LOG_DBG2(ndpi_struct, "Found csgo connect0x\n");
return;
}
}
if(flow->csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) {
if(!memcmp(packet->payload + 24, flow->csgo_strid, 18)) {
flow->csgo_state++;
if(flow->l4.udp.csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) {
if(!memcmp(packet->payload + 24, flow->l4.udp.csgo_strid, 18)) {
flow->l4.udp.csgo_state++;
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN);
NDPI_LOG_INFO( ndpi_struct, "found csgo connect0x reply\n");
return;
@ -77,32 +77,32 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n
}
}
if(flow->csgo_s2 < 3 && (w & 0xffff0000ul) == 0x0d1d0000) {
if(flow->l4.udp.csgo_s2 < 3 && (w & 0xffff0000ul) == 0x0d1d0000) {
uint32_t w2 = get_u_int32_t(packet->payload, 2);
if(packet->payload_packet_len == 13) {
if(!flow->csgo_s2) {
flow->csgo_id2 = w2;
flow->csgo_s2 = 1;
if(!flow->l4.udp.csgo_s2) {
flow->l4.udp.csgo_id2 = w2;
flow->l4.udp.csgo_s2 = 1;
NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1\n");
return;
}
if(flow->csgo_s2 == 1 && flow->csgo_id2 == w2) {
if(flow->l4.udp.csgo_s2 == 1 && flow->l4.udp.csgo_id2 == w2) {
NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1 DUP\n");
return;
}
flow->csgo_s2 = 3;
flow->l4.udp.csgo_s2 = 3;
return;
}
if(packet->payload_packet_len == 15) {
if(flow->csgo_s2 == 1 && flow->csgo_id2 == w2) {
if(flow->l4.udp.csgo_s2 == 1 && flow->l4.udp.csgo_id2 == w2) {
NDPI_LOG_INFO( ndpi_struct, "found csgo udp 0d1d\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN);
return;
}
}
flow->csgo_s2 = 3;
flow->l4.udp.csgo_s2 = 3;
}
if(packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) &&

4
src/lib/protocols/directdownloadlink.c
View file

@ -39,11 +39,7 @@
static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_UNKNOWN);
flow->l4.tcp.ddlink_server_direction = packet->packet_direction;
}

1
src/lib/protocols/http.c
View file

@ -554,7 +554,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
flow->extra_packets_func = NULL; /* We're good now */
if(len > 0) ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1);
flow->server_id = flow->dst;
if(packet->forwarded_line.ptr) {
len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1);

16
src/lib/protocols/rtsp.c
View file

@ -42,9 +42,6 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
NDPI_LOG_DBG(ndpi_struct, "search RTSP\n");
if (packet->parsed_lines == 0)
@ -84,20 +81,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct
if((memcmp(packet->payload, "RTSP/1.0 ", 9) == 0)
|| (strstr(buf, "rtsp://") != NULL)) {
NDPI_LOG_DBG2(ndpi_struct, "found RTSP/1.0 \n");
if (dst != NULL) {
NDPI_LOG_DBG2(ndpi_struct, "found dst\n");
ndpi_packet_src_ip_get(packet, &dst->rtsp_ip_address);
dst->rtsp_timer = packet->current_time_ms;
dst->rtsp_ts_set = 1;
}
if (src != NULL) {
NDPI_LOG_DBG2(ndpi_struct, "found src\n");
ndpi_packet_dst_ip_get(packet, &src->rtsp_ip_address);
src->rtsp_timer = packet->current_time_ms;
src->rtsp_ts_set = 1;
}
NDPI_LOG_INFO(ndpi_struct, "found RTSP\n");
flow->rtsp_control_flow = 1;
ndpi_int_rtsp_add_connection(ndpi_struct, flow);
return;
}

2
src/lib/protocols/whoisdas.c
View file

@ -47,8 +47,6 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, str
flow->host_server_name[i] = '\0';
flow->server_id = ((sport == 43) || (sport == 4343)) ? flow->src : flow->dst;
NDPI_LOG_INFO(ndpi_struct, "[WHOIS/DAS] %s\n", flow->host_server_name);
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHOIS_DAS, NDPI_PROTOCOL_UNKNOWN);
return;