vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-18 14:49:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Remove struct ndpi_packet_struct from struct ndpi_flow_struct (#1319)

Browse source 
There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet")
in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid
saving dissection information of "current packet" into the "flow" state,
i.e. in the flow management table.

The nDPI detection module processes only one packet at the time, so it is
safe to save packet dissection information in `struct ndpi_detection_module_struct`,
reusing always the same "packet" instance and saving a huge amount of memory.
Bottom line: we need only one copy of "packet" (for detection module),
not one for each "flow".

It is not clear how/why "packet" ended up in "flow" in the first place.
It has been there since the beginning of the GIT history, but in the original
OpenDPI code `struct ipoque_packet_struct` was embedded in
`struct ipoque_detection_module_struct`, i.e. there was the same exact
situation this commit wants to achieve.

Most of the changes in this PR are some boilerplate to update something
like "flow->packet" into something like "module->packet" throughout the code.
Some attention has been paid to update `ndpi_init_packet()` since we need
to reset some "packet" fields before starting to process another packet.

There has been one important change, though, in ndpi_detection_giveup().
Nothing changed for the applications/users, but this function can't access
"packet" anymore.
The reason is that this function can be called "asynchronously" with respect
to the data processing, i.e in context where there is no valid notion of
"current packet"; for example ndpiReader calls it after having processed all
the traffic, iterating the entire session table.

Mining LRU stuff seems a bit odd (even before this patch): probably we need
to rethink it, as a follow-up.
This commit is contained in:
Ivan Nardi 2021-10-05 15:49:52 +02:00 committed by GitHub
parent f3fcf1e7c0
commit 730c2360bd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
168 changed files with 517 additions and 507 deletions
Download patch file Download diff file Expand all files Collapse all files

19
python/ndpi.py
View file

@ -645,6 +645,14 @@ struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_WIREGUARD */
uint8_t wireguard_stage;
uint32_t wireguard_peer_index[2];
/* NDPI_PROTOCOL_QUIC */
u_int8_t *quic_reasm_buf;
u_int32_t quic_reasm_buf_len;
/* NDPI_PROTOCOL_CSGO */
uint8_t csgo_strid[18],csgo_state,csgo_s2;
uint32_t csgo_id2;
};
struct ndpi_int_one_line_struct {
@ -941,6 +949,9 @@ struct ndpi_detection_module_struct {
uint8_t direction_detect_disable:1, /* disable internal detection of packet direction */
_pad:7;
/* Current packet */
struct ndpi_packet_struct packet;
};
#define NDPI_CIPHER_SAFE 0
@ -1163,15 +1174,13 @@ struct ndpi_flow_struct {
uint8_t ovpn_session_id[8];
uint8_t ovpn_counter;
/* Flow key used to search a match into the mining cache */
u_int32_t key_mining_cache;
/* NDPI_PROTOCOL_TINC */
uint8_t tinc_state;
struct tinc_cache_entry tinc_cache_entry;
/* NDPI_PROTOCOL_CSGO */
uint8_t csgo_strid[18],csgo_state,csgo_s2;
uint32_t csgo_id2;
/* internal structures to save functions calls */
struct ndpi_packet_struct packet;
struct ndpi_id_struct *src;
struct ndpi_id_struct *dst;
};

20
python/ndpi_typestruct.py
View file

@ -276,11 +276,9 @@ NDPIDetectionModuleStruct._fields_ = [
("tinc_cache", POINTER(Cache)),
("proto_defaults", NDPIProtoDefaultsT * (ndpi.ndpi_wrap_ndpi_max_supported_protocols() +
ndpi.ndpi_wrap_ndpi_max_num_custom_protocols())),
("http_dont_dissect_response", c_uint8, 1),
("dns_dont_dissect_response", c_uint8, 1),
("direction_detect_disable", c_uint8, 1),
("disable_metadata_export", c_uint8, 1),
("hyperscan", c_void_p)
('_pad', c_uint8, 7),
('packet', NDPIPacketStruct),
]
@ -408,6 +406,12 @@ class NDPIFlowUdpStruct(Structure):
('memcached_matches', c_uint8),
('wireguard_stage', c_uint8),
('wireguard_peer_index', c_uint32 * 2),
('quic_reasm_buf', POINTER(c_uint8)),
('quic_reasm_buf_len', c_uint32),
('csgo_strid', c_uint8 * 18),
('csgo_state', c_uint8),
('csgo_s2', c_uint8),
('csgo_id2', c_uint32),
]
@ -735,15 +739,9 @@ NDPIFlowStruct._fields_ = [
('starcraft_udp_stage', c_uint8, 3),
('ovpn_session_id', c_uint8 * 8),
('ovpn_counter', c_uint8),
('key_mining_cache', c_uint32),
('tinc_state', c_uint8),
('TincCacheEntry', TincCacheEntry),
('csgo_strid', c_uint8 * 18),
('csgo_state', c_uint8),
('csgo_s2', c_uint8),
('csgo_id2', c_uint32),
('kxun_counter', c_uint16),
('iqiyi_counter', c_uint16),
('packet', NDPIPacketStruct),
('src', POINTER(NDPIIdStruct)),
('dst', POINTER(NDPIIdStruct))
]

8
src/include/ndpi_typedefs.h
View file

@ -1175,6 +1175,9 @@ struct ndpi_detection_module_struct {
MMDB_s mmdb_city, mmdb_as;
u_int8_t mmdb_city_loaded, mmdb_as_loaded;
#endif
/* Current packet */
struct ndpi_packet_struct packet;
};
#endif /* NDPI_LIB_COMPILATION */
@ -1423,12 +1426,13 @@ struct ndpi_flow_struct {
u_int8_t ovpn_session_id[8];
u_int8_t ovpn_counter;
/* Flow key used to search a match into the mining cache */
u_int32_t key_mining_cache;
/* NDPI_PROTOCOL_TINC */
u_int8_t tinc_state;
struct tinc_cache_entry tinc_cache_entry;
/* internal structures to save functions calls */
struct ndpi_packet_struct packet;
struct ndpi_id_struct *src;
struct ndpi_id_struct *dst;
};

319
src/lib/ndpi_main.c
View file

@ -119,6 +119,7 @@ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_p
const char *_func, int _line);
static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root);
static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet);
/* ****************************************** */
@ -1972,7 +1973,7 @@ static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_str, s
/* ******************************************* */
u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_str->packet;
if(packet->tcp != NULL) {
if(packet->iph) {
@ -2813,6 +2814,7 @@ u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) {
u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
*user_defined_proto = 0; /* Default */
if(sport && dport) {
@ -2847,20 +2849,20 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
flow->entropy = 0.0f;
/* Run some basic consistency tests */
if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr))
if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr))
ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET);
else {
u_int8_t icmp_type = (u_int8_t)flow->packet.payload[0];
u_int8_t icmp_code = (u_int8_t)flow->packet.payload[1];
u_int8_t icmp_type = (u_int8_t)packet->payload[0];
u_int8_t icmp_code = (u_int8_t)packet->payload[1];
/* https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */
if(((icmp_type >= 44) && (icmp_type <= 252))
|| (icmp_code > 15))
ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET);
if (flow->packet.payload_packet_len > sizeof(struct ndpi_icmphdr)) {
flow->entropy = ndpi_entropy(flow->packet.payload + sizeof(struct ndpi_icmphdr),
flow->packet.payload_packet_len - sizeof(struct ndpi_icmphdr));
if (packet->payload_packet_len > sizeof(struct ndpi_icmphdr)) {
flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr),
packet->payload_packet_len - sizeof(struct ndpi_icmphdr));
if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) {
ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY);
@ -2889,11 +2891,11 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
if(flow) {
/* Run some basic consistency tests */
if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr))
if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr))
ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET);
else {
u_int8_t icmp6_type = (u_int8_t)flow->packet.payload[0];
u_int8_t icmp6_code = (u_int8_t)flow->packet.payload[1];
u_int8_t icmp6_type = (u_int8_t)packet->payload[0];
u_int8_t icmp6_code = (u_int8_t)packet->payload[1];
/* https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6 */
if(((icmp6_type >= 5) && (icmp6_type <= 127))
@ -4333,9 +4335,12 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) {
/* ************************************************ */
static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
unsigned short packetlen) {
static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
const u_int64_t current_time_ms,
const unsigned char *packet_data,
unsigned short packetlen) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
const struct ndpi_iphdr *decaps_iph = NULL;
u_int16_t l3len;
u_int16_t l4len;
@ -4346,29 +4351,42 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
if(!flow)
return(1);
/* need at least 20 bytes for ip header */
if(packetlen < 20)
return 1;
packet->current_time_ms = current_time_ms;
packet->iph = (struct ndpi_iphdr *)packet_data;
/* reset payload_packet_len, will be set if ipv4 tcp or udp */
flow->packet.payload_packet_len = 0;
flow->packet.l4_packet_len = 0;
flow->packet.l3_packet_len = packetlen;
packet->payload = NULL;
packet->payload_packet_len = 0;
packet->l4_packet_len = 0;
packet->l3_packet_len = packetlen;
flow->packet.tcp = NULL, flow->packet.udp = NULL;
flow->packet.generic_l4_ptr = NULL;
flow->packet.iphv6 = NULL;
packet->tcp = NULL, packet->udp = NULL;
packet->generic_l4_ptr = NULL;
packet->iphv6 = NULL;
l3len = flow->packet.l3_packet_len;
l3len = packet->l3_packet_len;
if(flow->packet.iph != NULL)
decaps_iph = flow->packet.iph;
ndpi_reset_packet_line_info(packet);
packet->packet_lines_parsed_complete = 0;
packet->http_check_content = 0;
if(packet->iph != NULL)
decaps_iph = packet->iph;
if(decaps_iph && decaps_iph->version == IPVERSION && decaps_iph->ihl >= 5) {
NDPI_LOG_DBG2(ndpi_str, "ipv4 header\n");
} else if(decaps_iph && decaps_iph->version == 6 && l3len >= sizeof(struct ndpi_ipv6hdr) &&
(ndpi_str->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) {
NDPI_LOG_DBG2(ndpi_str, "ipv6 header\n");
flow->packet.iphv6 = (struct ndpi_ipv6hdr *) flow->packet.iph;
flow->packet.iph = NULL;
packet->iphv6 = (struct ndpi_ipv6hdr *)packet->iph;
packet->iph = NULL;
} else {
flow->packet.iph = NULL;
packet->iph = NULL;
return(1);
}
@ -4389,38 +4407,27 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
return(1);
}
flow->packet.l4_protocol = l4protocol;
flow->packet.l4_packet_len = l4len;
packet->l4_protocol = l4protocol;
packet->l4_packet_len = l4len;
flow->l4_proto = l4protocol;
/* TCP / UDP detection */
if(l4protocol == IPPROTO_TCP && flow->packet.l4_packet_len >= 20 /* min size of tcp */) {
if(l4protocol == IPPROTO_TCP && packet->l4_packet_len >= 20 /* min size of tcp */) {
/* tcp */
flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr;
if(flow->packet.l4_packet_len >= flow->packet.tcp->doff * 4) {
flow->packet.payload_packet_len = flow->packet.l4_packet_len - flow->packet.tcp->doff * 4;
flow->packet.actual_payload_len = flow->packet.payload_packet_len;
flow->packet.payload = ((u_int8_t *) flow->packet.tcp) + (flow->packet.tcp->doff * 4);
packet->tcp = (struct ndpi_tcphdr *) l4ptr;
if(packet->l4_packet_len >= packet->tcp->doff * 4) {
packet->payload_packet_len = packet->l4_packet_len - packet->tcp->doff * 4;
packet->actual_payload_len = packet->payload_packet_len;
packet->payload = ((u_int8_t *) packet->tcp) + (packet->tcp->doff * 4);
/* check for new tcp syn packets, here
* idea: reset detection state if a connection is unknown
*/
if(flow->packet.tcp->syn != 0 && flow->packet.tcp->ack == 0 && flow->init_finished != 0 &&
if(packet->tcp->syn != 0 && packet->tcp->ack == 0 && flow->init_finished != 0 &&
flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
u_int16_t guessed_protocol_id, guessed_host_protocol_id;
u_int16_t packet_direction_counter[2];
u_int8_t num_processed_pkts;
struct packet_save {
const struct ndpi_iphdr *iph;
const struct ndpi_ipv6hdr *iphv6;
const u_int8_t *payload;
u_int64_t current_time_ms;
u_int16_t l3_packet_len;
u_int16_t l4_packet_len;
u_int16_t payload_packet_len;
u_int16_t actual_payload_len;
u_int8_t l4_protocol;
} packet;
#define flow_save(a) a = flow->a
#define flow_restore(a) flow->a = a
@ -4430,21 +4437,11 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
flow_save(num_processed_pkts);
flow_save(guessed_protocol_id);
flow_save(guessed_host_protocol_id);
flow_save(packet.iph);
flow_save(packet.iphv6);
flow_save(packet.payload);
flow_save(packet.current_time_ms);
flow_save(packet.l3_packet_len);
flow_save(packet.l4_packet_len);
flow_save(packet.payload_packet_len);
flow_save(packet.actual_payload_len);
flow_save(packet.l4_protocol);
ndpi_free_flow_data(flow);
memset(flow, 0, sizeof(*(flow)));
/* Restore pointers */
flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr;
flow->l4_proto = IPPROTO_TCP;
flow_restore(packet_direction_counter[0]);
@ -4452,15 +4449,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
flow_restore(num_processed_pkts);
flow_restore(guessed_protocol_id);
flow_restore(guessed_host_protocol_id);
flow_restore(packet.iph);
flow_restore(packet.iphv6);
flow_restore(packet.payload);
flow_restore(packet.current_time_ms);
flow_restore(packet.l3_packet_len);
flow_restore(packet.l4_packet_len);
flow_restore(packet.payload_packet_len);
flow_restore(packet.actual_payload_len);
flow_restore(packet.l4_protocol);
#undef flow_save
#undef flow_restore
@ -4469,18 +4457,18 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
}
} else {
/* tcp header not complete */
flow->packet.tcp = NULL;
packet->tcp = NULL;
}
} else if(l4protocol == IPPROTO_UDP && flow->packet.l4_packet_len >= 8 /* size of udp */) {
flow->packet.udp = (struct ndpi_udphdr *) l4ptr;
flow->packet.payload_packet_len = flow->packet.l4_packet_len - 8;
flow->packet.payload = ((u_int8_t *) flow->packet.udp) + 8;
} else if((l4protocol == IPPROTO_ICMP && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmphdr))
|| (l4protocol == IPPROTO_ICMPV6 && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) {
flow->packet.payload = ((u_int8_t *) l4ptr);
flow->packet.payload_packet_len = flow->packet.l4_packet_len;
} else if(l4protocol == IPPROTO_UDP && packet->l4_packet_len >= 8 /* size of udp */) {
packet->udp = (struct ndpi_udphdr *) l4ptr;
packet->payload_packet_len = packet->l4_packet_len - 8;
packet->payload = ((u_int8_t *) packet->udp) + 8;
} else if((l4protocol == IPPROTO_ICMP && packet->l4_packet_len >= sizeof(struct ndpi_icmphdr))
|| (l4protocol == IPPROTO_ICMPV6 && packet->l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) {
packet->payload = ((u_int8_t *) l4ptr);
packet->payload_packet_len = packet->l4_packet_len;
} else {
flow->packet.generic_l4_ptr = l4ptr;
packet->generic_l4_ptr = l4ptr;
}
return(0);
@ -4495,7 +4483,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
return;
} else {
/* const for gcc code optimization and cleaner code */
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_str->packet;
const struct ndpi_iphdr *iph = packet->iph;
const struct ndpi_ipv6hdr *iphv6 = packet->iphv6;
const struct ndpi_tcphdr *tcph = packet->tcp;
@ -4552,7 +4540,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
* otherwise use the payload length.
*/
if(tcph->ack != 0) {
flow->next_tcp_seq_nr[flow->packet.packet_direction] =
flow->next_tcp_seq_nr[packet->packet_direction] =
ntohl(tcph->seq) + (tcph->syn ? 1 : packet->payload_packet_len);
/*
@ -4560,7 +4548,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
but that is already started when nDPI being to process it. See also (***) below
*/
if(flow->num_processed_pkts > 1)
flow->next_tcp_seq_nr[1 - flow->packet.packet_direction] = ntohl(tcph->ack_seq);
flow->next_tcp_seq_nr[1 - packet->packet_direction] = ntohl(tcph->ack_seq);
}
} else if(packet->payload_packet_len > 0) {
/* check tcp sequence counters */
@ -4735,7 +4723,7 @@ static u_int32_t check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *n
struct ndpi_flow_struct *flow,
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet)
{
if (flow->packet.payload_packet_len != 0) {
if (ndpi_str->packet.payload_packet_len != 0) {
return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet,
ndpi_str->callback_buffer_tcp_payload,
ndpi_str->callback_buffer_size_tcp_payload);
@ -4754,9 +4742,9 @@ u_int32_t ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str,
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) {
if(!flow)
return(0);
else if(flow->packet.tcp != NULL)
else if(ndpi_str->packet.tcp != NULL)
return(check_ndpi_tcp_flow_func(ndpi_str, flow, ndpi_selection_packet));
else if(flow->packet.udp != NULL)
else if(ndpi_str->packet.udp != NULL)
return(check_ndpi_udp_flow_func(ndpi_str, flow, ndpi_selection_packet));
else
return(check_ndpi_other_flow_func(ndpi_str, flow, ndpi_selection_packet));
@ -4766,18 +4754,19 @@ u_int32_t ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
u_int16_t ret = NDPI_PROTOCOL_UNKNOWN;
if(flow->packet.iph) {
if(packet->iph) {
struct in_addr addr;
u_int16_t sport, dport;
addr.s_addr = flow->packet.iph->saddr;
addr.s_addr = packet->iph->saddr;
if((flow->l4_proto == IPPROTO_TCP) && flow->packet.tcp)
sport = flow->packet.tcp->source, dport = flow->packet.tcp->dest;
else if((flow->l4_proto == IPPROTO_UDP) && flow->packet.udp)
sport = flow->packet.udp->source, dport = flow->packet.udp->dest;
if((flow->l4_proto == IPPROTO_TCP) && packet->tcp)
sport = packet->tcp->source, dport = packet->tcp->dest;
else if((flow->l4_proto == IPPROTO_UDP) && packet->udp)
sport = packet->udp->source, dport = packet->udp->dest;
else
sport = dport = 0;
@ -4785,7 +4774,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_
ret = ndpi_network_port_ptree_match(ndpi_str, &addr, sport);
if(ret == NDPI_PROTOCOL_UNKNOWN) {
addr.s_addr = flow->packet.iph->daddr;
addr.s_addr = packet->iph->daddr;
ret = ndpi_network_port_ptree_match(ndpi_str, &addr, dport);
}
}
@ -4799,6 +4788,10 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
u_int8_t enable_guess, u_int8_t *protocol_was_guessed) {
ndpi_protocol ret = {NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED};
/*
*** We can't access ndpi_str->packet from this function!! ***
*/
*protocol_was_guessed = 0;
if(flow == NULL)
@ -4812,11 +4805,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
if((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN))
return(ret);
if(ndpi_str->mining_cache && flow->packet.iph) {
/* TODO: this lookup seems in the wrong place here...
Move it somewhere else (?) or setting flow->guessed_protocol_id directly in the mining dissector? */
if(ndpi_str->mining_cache && flow->key_mining_cache) {
u_int16_t cached_proto;
u_int32_t key = flow->packet.iph->saddr + flow->packet.iph->daddr;
if(ndpi_lru_find_cache(ndpi_str->mining_cache, key,
if(ndpi_lru_find_cache(ndpi_str->mining_cache, flow->key_mining_cache,
&cached_proto, 0 /* Don't remove it as it can be used for other connections */)) {
ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN);
ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0];
@ -4841,14 +4835,14 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
*protocol_was_guessed = 1;
ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN);
} else if(enable_guess) {
if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) &&
if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->l4_proto == IPPROTO_TCP) &&
flow->protos.tls_quic_stun.tls_quic.hello_processed)
flow->guessed_protocol_id = NDPI_PROTOCOL_TLS;
guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id;
if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) &&
((flow->packet.l4_protocol == IPPROTO_UDP) &&
((flow->l4_proto == IPPROTO_UDP) &&
NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id) &&
is_udp_guessable_protocol(guessed_host_protocol_id)))
flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN;
@ -4856,7 +4850,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
/* Ignore guessed protocol if they have been discarded */
if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)
// && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN)
&& (flow->packet.l4_protocol == IPPROTO_UDP) &&
&& (flow->l4_proto == IPPROTO_UDP) &&
NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id) &&
is_udp_guessable_protocol(guessed_protocol_id))
flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN;
@ -4937,24 +4931,13 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
/* ********************************************************************************* */
void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
const unsigned char *packet, const unsigned short packetlen,
const unsigned char *packet_data, const unsigned short packetlen,
const u_int64_t current_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst) {
if(flow == NULL)
return;
/* need at least 20 bytes for ip header */
if(packetlen < 20) {
return;
}
flow->packet.current_time_ms = current_time_ms;
/* parse packet */
flow->packet.iph = (struct ndpi_iphdr *) packet;
/* we are interested in ipv4 packet */
/* set up the packet headers for the extra packet function to use if it wants */
if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0)
if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0)
return;
/* detect traffic for tcp or udp only */
@ -5213,6 +5196,7 @@ static int ndpi_check_protocol_port_mismatch_exceptions(struct ndpi_detection_mo
static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
ndpi_protocol *ret) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
#if 0
if(flow) {
@ -5231,7 +5215,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
(MS Teams uses Skype as transport protocol for voice/video)
*/
case NDPI_PROTOCOL_MSTEAMS:
if(flow->packet.iph && flow->packet.tcp) {
if(packet->iph && packet->tcp) {
// printf("====>> NDPI_PROTOCOL_MSTEAMS\n");
if(ndpi_str->msteams_cache == NULL)
@ -5239,21 +5223,21 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
if(ndpi_str->msteams_cache)
ndpi_lru_add_to_cache(ndpi_str->msteams_cache,
flow->packet.iph->saddr,
(flow->packet.current_time_ms / 1000) & 0xFFFF /* 16 bit */);
packet->iph->saddr,
(packet->current_time_ms / 1000) & 0xFFFF /* 16 bit */);
}
break;
case NDPI_PROTOCOL_SKYPE_TEAMS:
case NDPI_PROTOCOL_SKYPE_CALL:
if(flow->packet.iph
&& flow->packet.udp
if(packet->iph
&& packet->udp
&& ndpi_str->msteams_cache) {
u_int16_t when;
if(ndpi_lru_find_cache(ndpi_str->msteams_cache, flow->packet.iph->saddr,
if(ndpi_lru_find_cache(ndpi_str->msteams_cache, packet->iph->saddr,
&when, 0 /* Don't remove it as it can be used for other connections */)) {
u_int16_t tdiff = ((flow->packet.current_time_ms /1000) & 0xFFFF) - when;
u_int16_t tdiff = ((packet->current_time_ms /1000) & 0xFFFF) - when;
if(tdiff < 60 /* sec */) {
// printf("====>> NDPI_PROTOCOL_SKYPE(_CALL) -> NDPI_PROTOCOL_MSTEAMS [%u]\n", tdiff);
@ -5261,15 +5245,15 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
/* Refresh cache */
ndpi_lru_add_to_cache(ndpi_str->msteams_cache,
flow->packet.iph->saddr,
(flow->packet.current_time_ms / 1000) & 0xFFFF /* 16 bit */);
packet->iph->saddr,
(packet->current_time_ms / 1000) & 0xFFFF /* 16 bit */);
}
}
}
break;
case NDPI_PROTOCOL_ANYDESK:
if(flow->packet.tcp) /* TCP only */
if(packet->tcp) /* TCP only */
ndpi_set_risk(ndpi_str, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance */
break;
} /* switch */
@ -5292,22 +5276,24 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
/* ****************************************************** */
static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
ret->master_protocol = ret->app_protocol = NDPI_PROTOCOL_UNKNOWN, ret->category = 0;
if(flow->packet.iphv6 || flow->packet.iph) {
if(packet->iphv6 || packet->iph) {
u_int16_t sport, dport;
u_int8_t protocol;
u_int8_t user_defined_proto;
if(flow->packet.iphv6 != NULL) {
protocol = flow->packet.iphv6->ip6_hdr.ip6_un1_nxt;
if(packet->iphv6 != NULL) {
protocol = packet->iphv6->ip6_hdr.ip6_un1_nxt;
} else
protocol = flow->packet.iph->protocol;
protocol = packet->iph->protocol;
if(flow->packet.udp)
sport = ntohs(flow->packet.udp->source), dport = ntohs(flow->packet.udp->dest);
else if(flow->packet.tcp)
sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest);
if(packet->udp)
sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
else if(packet->tcp)
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
else
sport = dport = 0;
@ -5315,9 +5301,9 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n
flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_str, flow, protocol, sport, dport, &user_defined_proto);
flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow);
if(ndpi_str->custom_categories.categories_loaded && flow->packet.iph) {
if(ndpi_str->custom_categories.categories_loaded && packet->iph) {
if(ndpi_str->ndpi_num_custom_protocols != 0)
ndpi_fill_ip_protocol_category(ndpi_str, flow->packet.iph->saddr, flow->packet.iph->daddr, ret);
ndpi_fill_ip_protocol_category(ndpi_str, packet->iph->saddr, packet->iph->daddr, ret);
flow->guessed_header_category = ret->category;
} else
flow->guessed_header_category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
@ -5333,7 +5319,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n
}
if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) {
if(flow->packet.iph) {
if(packet->iph) {
if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) {
u_int8_t protocol_was_guessed;
@ -5347,7 +5333,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n
}
} else {
/* guess host protocol */
if(flow->packet.iph) {
if(packet->iph) {
flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow);
/*
@ -5393,9 +5379,10 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n
/* ********************************************************************************* */
ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow, const unsigned char *packet,
struct ndpi_flow_struct *flow, const unsigned char *packet_data,
const unsigned short packetlen, const u_int64_t current_time_ms,
struct ndpi_id_struct *src, struct ndpi_id_struct *dst) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet;
u_int32_t a, num_calls = 0;
ndpi_protocol ret = { flow->detected_protocol_stack[1], flow->detected_protocol_stack[0], flow->category };
@ -5424,61 +5411,61 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
ret.app_protocol = flow->detected_protocol_stack[0];
if(flow->check_extra_packets) {
ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_time_ms, src, dst);
ndpi_process_extra_packet(ndpi_str, flow, packet_data, packetlen, current_time_ms, src, dst);
/* Update in case of new match */
ret.master_protocol = flow->detected_protocol_stack[1],
ret.app_protocol = flow->detected_protocol_stack[0],
ret.category = flow->category;
goto invalidate_ptr;
} else if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
return ret;
} else if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0)
return ret;
goto ret_protocols;
/* need at least 20 bytes for ip header */
if(packetlen < 20) {
goto invalidate_ptr;
}
flow->packet.current_time_ms = current_time_ms;
/* parse packet */
flow->packet.iph = (struct ndpi_iphdr *) packet;
/* we are interested in ipv4 packet */
if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0)
goto invalidate_ptr;
if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0)
return ret;
/* detect traffic for tcp or udp only */
flow->src = src, flow->dst = dst;
/* If/when calling ndpi_detection_giveup(), if this flow is still un-classified,
we will check if it is some kind of mining stuff. Save now the key, because we don't
have packet information later.
It seems quite hacky: any better way to do that? */
if(flow->num_processed_pkts == 1 && packet->iph) {
flow->key_mining_cache = packet->iph->saddr + packet->iph->daddr;
}
ndpi_connection_tracking(ndpi_str, flow);
/* build ndpi_selection packet bitmask */
ndpi_selection_packet = NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC;
if(flow->packet.iph != NULL)
if(packet->iph != NULL)
ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6;
if(flow->packet.tcp != NULL)
if(packet->tcp != NULL)
ndpi_selection_packet |=
(NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP);
if(flow->packet.udp != NULL)
if(packet->udp != NULL)
ndpi_selection_packet |=
(NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP);
if(flow->packet.payload_packet_len != 0)
if(packet->payload_packet_len != 0)
ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD;
if(flow->packet.tcp_retransmission == 0)
if(packet->tcp_retransmission == 0)
ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION;
if(flow->packet.iphv6 != NULL)
if(packet->iphv6 != NULL)
ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6;
if(!flow->protocol_id_already_guessed) {
flow->protocol_id_already_guessed = 1;
if(ndpi_do_guess(ndpi_str, flow, &ret) == -1)
goto invalidate_ptr;
return ret;
}
num_calls = ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet);
@ -5516,7 +5503,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
ret.category = flow->category;
if((flow->num_processed_pkts == 1) && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) &&
(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.tcp && (flow->packet.tcp->syn == 0) &&
(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && packet->tcp && (packet->tcp->syn == 0) &&
(flow->guessed_protocol_id == 0)) {
u_int8_t protocol_was_guessed;
@ -5543,15 +5530,15 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
ndpi_default_ports_tree_node_t *found;
u_int16_t *default_ports, sport, dport;
if(flow->packet.udp)
if(packet->udp)
found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_UDP,
sport = ntohs(flow->packet.udp->source),
dport = ntohs(flow->packet.udp->dest)),
sport = ntohs(packet->udp->source),
dport = ntohs(packet->udp->dest)),
default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].udp_default_ports;
else if(flow->packet.tcp)
else if(packet->tcp)
found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_TCP,
sport = ntohs(flow->packet.tcp->source),
dport = ntohs(flow->packet.tcp->dest)),
sport = ntohs(packet->tcp->source),
dport = ntohs(packet->tcp->dest)),
default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].tcp_default_ports;
else
found = NULL, default_ports = NULL, sport = dport = 0;
@ -5592,7 +5579,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
} /* for */
if((num_loops == 0) && (!found)) {
if(flow->packet.udp)
if(packet->udp)
default_ports = ndpi_str->proto_defaults[ret.app_protocol].udp_default_ports;
else
default_ports = ndpi_str->proto_defaults[ret.app_protocol].tcp_default_ports;
@ -5615,14 +5602,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
if(num_calls == 0)
flow->fail_with_unknown = 1;
invalidate_ptr:
/*
Invalidate packet memory to avoid accessing the pointers below
when the packet is no longer accessible
*/
flow->packet.iph = NULL, flow->packet.tcp = NULL, flow->packet.udp = NULL, flow->packet.payload = NULL;
ndpi_reset_packet_line_info(&flow->packet);
return(ret);
}
@ -5779,7 +5758,7 @@ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t *str, u_int16_t max_chars_to_re
/* internal function for every detection to parse one packet and to increase the info buffer */
void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) {
u_int32_t a;
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_str->packet;
if((packet->payload_packet_len < 3) || (packet->payload == NULL))
return;
@ -6059,7 +6038,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str,
/* ********************************************************************************* */
void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_str->packet;
u_int32_t a;
u_int16_t end = packet->payload_packet_len;
@ -6102,7 +6081,7 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s
u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
u_int16_t counter) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_str->packet;
NDPI_LOG_DBG2(ndpi_str, "called ndpi_check_for_email_address\n");

4
src/lib/ndpi_utils.c
View file

@ -2101,9 +2101,9 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp
}
/* TODO: add IPv6 support */
struct ndpi_packet_struct *packet = &ndpi_str->packet;
if(!flow->ip_risk_mask_evaluated) {
if(flow->packet.iph) {
struct ndpi_packet_struct *packet = &flow->packet;
if(packet->iph) {
struct in_addr pin;
pin.s_addr = packet->iph->saddr;

2
src/lib/protocols/afp.c
View file

@ -43,7 +43,7 @@ static void ndpi_int_afp_add_connection(struct ndpi_detection_module_struct *ndp
void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search AFP\n");

2
src/lib/protocols/aimini.c
View file

@ -39,7 +39,7 @@ static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct *
void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search aimini\n");

2
src/lib/protocols/ajp.c
View file

@ -73,7 +73,7 @@ static void set_ajp_detected(struct ndpi_detection_module_struct *ndpi_struct,
static void ndpi_check_ajp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ajp_header ajp_hdr;
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (packet->payload_packet_len < sizeof(ajp_hdr)) {
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

2
src/lib/protocols/amazon_video.c
View file

@ -29,7 +29,7 @@
static void ndpi_check_amazon_video(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search Amazon Prime\n");

2
src/lib/protocols/among_us.c
View file

@ -33,7 +33,7 @@ static void ndpi_int_among_us_add_connection(struct ndpi_detection_module_struct
void ndpi_search_among_us(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct * const packet = &flow->packet;
struct ndpi_packet_struct * const packet = &ndpi_struct->packet;
/* handshake packet */
if (packet->payload_packet_len > 9 &&

2
src/lib/protocols/amqp.c
View file

@ -40,7 +40,7 @@ static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *nd
}
void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search amqp\n");

2
src/lib/protocols/apple_push.c
View file

@ -29,7 +29,7 @@
static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->iph) {
/* https://support.apple.com/en-us/HT203609 */

2
src/lib/protocols/applejuice.c
View file

@ -38,7 +38,7 @@ static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_stru
void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search applejuice\n");

2
src/lib/protocols/armagetron.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_stru
void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search armagetron\n");

2
src/lib/protocols/avast_securedns.c
View file

@ -34,7 +34,7 @@ static void ndpi_int_avast_securedns_add_connection(struct ndpi_detection_module
static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct * packet = &flow->packet;
struct ndpi_packet_struct * packet = &ndpi_struct->packet;
if (packet->payload_packet_len < 34 ||
ntohl(get_u_int32_t(packet->payload, 11)) != 0x00013209 ||

4
src/lib/protocols/ayiya.c
View file

@ -42,7 +42,7 @@ struct ayiya {
void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search AYIYA\n");
@ -57,7 +57,7 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct
u_int32_t epoch = ntohl(a->epoch), now;
u_int32_t fiveyears = 86400 * 365 * 5;
now = flow->packet.current_time_ms;
now = packet->current_time_ms;
if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) {
NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n");

2
src/lib/protocols/bgp.c
View file

@ -31,7 +31,7 @@
/* this detection also works asymmetrically */
void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t bgp_port = htons(179);
NDPI_LOG_DBG(ndpi_struct, "search BGP\n");

16
src/lib/protocols/bittorrent.c
View file

@ -63,19 +63,21 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc
int bt_offset, int check_hash,
const u_int8_t save_detection, const u_int8_t encrypted_connection)
{
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(check_hash) {
const char *bt_hash = NULL; /* 20 bytes long */
if(bt_offset == -1) {
const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload,
"BitTorrent protocol", flow->packet.payload_packet_len);
const char *bt_magic = ndpi_strnstr((const char *)packet->payload,
"BitTorrent protocol", packet->payload_packet_len);
if(bt_magic)
bt_hash = &bt_magic[19];
} else
bt_hash = (const char*)&flow->packet.payload[28];
bt_hash = (const char*)&packet->payload[28];
if(bt_hash && (flow->packet.payload_packet_len >= (20 + (bt_hash-(const char*)flow->packet.payload))))
if(bt_hash && (packet->payload_packet_len >= (20 + (bt_hash-(const char*)packet->payload))))
memcpy(flow->protos.bittorrent.hash, bt_hash, 20);
}
@ -85,7 +87,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc
static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t a = 0;
if(packet->payload_packet_len == 1 && packet->payload[0] == 0x13) {
@ -359,7 +361,7 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
/*Search for BitTorrent commands*/
static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->payload_packet_len == 0) {
return;
@ -384,7 +386,7 @@ static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) {
void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
char *bt_proto = NULL;
/* This is broadcast */

2
src/lib/protocols/bjnp.c
View file

@ -14,7 +14,7 @@ static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *nd
static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
if(packet->udp != NULL) {

4
src/lib/protocols/capwap.c
View file

@ -38,7 +38,7 @@ static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct *
static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t sport, dport;
if(!packet->iph) {
@ -104,7 +104,7 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s
void ndpi_search_capwap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN))
ndpi_search_setup_capwap(ndpi_struct, flow);

2
src/lib/protocols/cassandra.c
View file

@ -103,7 +103,7 @@ static bool ndpi_check_valid_cassandra_opcode(uint8_t opcode)
void ndpi_search_cassandra(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (packet->tcp) {
if (packet->payload_packet_len >= CASSANDRA_HEADER_LEN &&

2
src/lib/protocols/checkmk.c
View file

@ -38,7 +38,7 @@ static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct
void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (packet->payload_packet_len >= 15) {

2
src/lib/protocols/ciscovpn.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct
void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t udport = 0, usport = 0;
u_int16_t tdport = 0, tsport = 0;

2
src/lib/protocols/citrix.c
View file

@ -32,7 +32,7 @@
static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
if(packet->tcp != NULL) {

6
src/lib/protocols/coap.c
View file

@ -106,7 +106,7 @@ static int isCoAPport(u_int16_t port) {
void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_coap_hdr * h = (struct ndpi_coap_hdr*) packet->payload;
if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
@ -115,8 +115,8 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct,
// search for udp packet
if(packet->udp != NULL) {
u_int16_t s_port = ntohs(flow->packet.udp->source);
u_int16_t d_port = ntohs(flow->packet.udp->dest);
u_int16_t s_port = ntohs(packet->udp->source);
u_int16_t d_port = ntohs(packet->udp->dest);
if((!isCoAPport(s_port) && !isCoAPport(d_port))
|| (packet->payload_packet_len < 4) ) { // header too short

2
src/lib/protocols/collectd.c
View file

@ -28,7 +28,7 @@
void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int len = 0;
NDPI_LOG_DBG(ndpi_struct, "search collectd\n");

2
src/lib/protocols/corba.c
View file

@ -31,7 +31,7 @@ static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct
}
void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search for CORBA\n");
if(packet->tcp != NULL) {

2
src/lib/protocols/cpha.c
View file

@ -31,7 +31,7 @@
void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
const u_int16_t cpha_port = htons(8116);
NDPI_LOG_DBG(ndpi_struct, "search CPHA\n");

2
src/lib/protocols/crossfire.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struc
void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search crossfire\n");

2
src/lib/protocols/csgo.c
View file

@ -27,7 +27,7 @@
#include "ndpi_api.h"
void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) {
struct ndpi_packet_struct* packet = &flow->packet;
struct ndpi_packet_struct* packet = &ndpi_struct->packet;
if(packet->udp != NULL) {
if(packet->payload_packet_len < sizeof(uint32_t)) {

2
src/lib/protocols/dcerpc.c
View file

@ -79,7 +79,7 @@ bool is_connectionless_dcerpc(struct ndpi_packet_struct *packet, struct ndpi_flo
void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search DCERPC\n");
if (is_connection_oriented_dcerpc(packet, flow) || is_connectionless_dcerpc(packet, flow)) {

2
src/lib/protocols/dhcp.c
View file

@ -60,7 +60,7 @@ static void ndpi_int_dhcp_add_connection(struct ndpi_detection_module_struct *nd
void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search DHCP\n");

2
src/lib/protocols/dhcpv6.c
View file

@ -38,7 +38,7 @@ static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct *
void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search DHCPv6\n");

2
src/lib/protocols/diameter.c
View file

@ -93,7 +93,7 @@ int is_diameter(struct ndpi_packet_struct *packet, int size_payload)
void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
// Diameter is on TCP
if(packet->tcp) {

8
src/lib/protocols/directconnect.c
View file

@ -78,7 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s
const u_int8_t connection_type)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
@ -123,7 +123,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s
static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
@ -311,7 +311,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
@ -397,7 +397,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct
void ndpi_search_directconnect(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;

2
src/lib/protocols/directdownloadlink.c
View file

@ -50,7 +50,7 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_m
*/
u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t filename_start = 0;
u_int16_t i = 1;
u_int16_t host_line_len_without_port;

2
src/lib/protocols/dnp3.c
View file

@ -32,7 +32,7 @@
void ndpi_search_dnp3_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search DNP3\n");

86
src/lib/protocols/dns.c
View file

@ -178,9 +178,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
struct ndpi_dns_packet_header *dns_header,
int payload_offset, u_int8_t *is_query) {
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
int x = payload_offset;
memcpy(dns_header, (struct ndpi_dns_packet_header*)&flow->packet.payload[x],
memcpy(dns_header, (struct ndpi_dns_packet_header*)&packet->payload[x],
sizeof(struct ndpi_dns_packet_header));
dns_header->tr_id = ntohs(dns_header->tr_id);
@ -211,10 +212,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
|| ((dns_header->flags & 0xFCF0) == 0x00) /* Standard Query */
|| ((dns_header->num_answers == 0) && (dns_header->authority_rrs == 0)))) {
/* This is a good query */
while(x+2 < flow->packet.payload_packet_len) {
if(flow->packet.payload[x] == '\0') {
while(x+2 < packet->payload_packet_len) {
if(packet->payload[x] == '\0') {
x++;
flow->protos.dns.query_type = get16(&x, flow->packet.payload);
flow->protos.dns.query_type = get16(&x, packet->payload);
#ifdef DNS_DEBUG
NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type);
printf("[DNS] [request] query_type=%d\n", flow->protos.dns.query_type);
@ -241,9 +242,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
/* Leave the statement below commented necessary in case of call to ndpi_get_partial_detection() */
x++;
if(x < flow->packet.payload_packet_len && flow->packet.payload[x] != '\0') {
while((x < flow->packet.payload_packet_len)
&& (flow->packet.payload[x] != '\0')) {
if(x < packet->payload_packet_len && packet->payload[x] != '\0') {
while((x < packet->payload_packet_len)
&& (packet->payload[x] != '\0')) {
x++;
}
@ -259,21 +260,21 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
for(num = 0; num < dns_header->num_answers; num++) {
u_int16_t data_len;
if((x+6) >= flow->packet.payload_packet_len) {
if((x+6) >= packet->payload_packet_len) {
break;
}
if((data_len = getNameLength(x, flow->packet.payload,
flow->packet.payload_packet_len)) == 0) {
if((data_len = getNameLength(x, packet->payload,
packet->payload_packet_len)) == 0) {
break;
} else
x += data_len;
if((x+2) >= flow->packet.payload_packet_len) {
if((x+2) >= packet->payload_packet_len) {
break;
}
rsp_type = get16(&x, flow->packet.payload);
rsp_type = get16(&x, packet->payload);
#ifdef DNS_DEBUG
printf("[DNS] [response] response_type=%d\n", rsp_type);
@ -284,11 +285,11 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
flow->protos.dns.rsp_type = rsp_type;
/* here x points to the response "class" field */
if((x+12) <= flow->packet.payload_packet_len) {
if((x+12) <= packet->payload_packet_len) {
x += 6;
data_len = get16(&x, flow->packet.payload);
data_len = get16(&x, packet->payload);
if((x + data_len) <= flow->packet.payload_packet_len) {
if((x + data_len) <= packet->payload_packet_len) {
// printf("[rsp_type: %u][data_len: %u]\n", rsp_type, data_len);
if(rsp_type == 0x05 /* CNAME */) {
@ -299,7 +300,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
if((((rsp_type == 0x1) && (data_len == 4)) /* A */
|| ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */
)) {
memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len);
memcpy(&flow->protos.dns.rsp_addr, packet->payload + x, data_len);
}
}
}
@ -314,7 +315,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
// flow->extra_packets_func = NULL; /* Removed so the caller can keep dissecting DNS flows */
} else {
/* We missed the request */
u_int16_t s_port = flow->packet.udp ? ntohs(flow->packet.udp->source) : ntohs(flow->packet.tcp->source);
u_int16_t s_port = packet->udp ? ntohs(packet->udp->source) : ntohs(packet->tcp->source);
ndpi_set_detected_protocol(ndpi_struct, flow, checkPort(s_port), NDPI_PROTOCOL_UNKNOWN);
}
@ -338,19 +339,20 @@ static int search_dns_again(struct ndpi_detection_module_struct *ndpi_struct, st
/* *********************************************** */
static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
int payload_offset;
u_int8_t is_query;
u_int16_t s_port = 0, d_port = 0;
NDPI_LOG_DBG(ndpi_struct, "search DNS\n");
if(flow->packet.udp != NULL) {
s_port = ntohs(flow->packet.udp->source);
d_port = ntohs(flow->packet.udp->dest);
if(packet->udp != NULL) {
s_port = ntohs(packet->udp->source);
d_port = ntohs(packet->udp->dest);
payload_offset = 0;
} else if(flow->packet.tcp != NULL) /* pkt size > 512 bytes */ {
s_port = ntohs(flow->packet.tcp->source);
d_port = ntohs(flow->packet.tcp->dest);
} else if(packet->tcp != NULL) /* pkt size > 512 bytes */ {
s_port = ntohs(packet->tcp->source);
d_port = ntohs(packet->tcp->dest);
payload_offset = 2;
} else {
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
@ -360,7 +362,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
if(((s_port == DNS_PORT) || (d_port == DNS_PORT)
|| (s_port == MDNS_PORT) || (d_port == MDNS_PORT)
|| (d_port == LLMNR_PORT))
&& (flow->packet.payload_packet_len > sizeof(struct ndpi_dns_packet_header)+payload_offset)) {
&& (packet->payload_packet_len > sizeof(struct ndpi_dns_packet_header)+payload_offset)) {
struct ndpi_dns_packet_header dns_header;
int j = 0, max_len, off;
int invalid = search_valid_dns(ndpi_struct, flow, &dns_header, payload_offset, &is_query);
@ -380,11 +382,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
off = sizeof(struct ndpi_dns_packet_header) + payload_offset;
/* Before continuing let's dissect the following queries to see if they are valid */
for(idx=off, num_queries=0; (num_queries < dns_header.num_queries) && (idx < flow->packet.payload_packet_len);) {
for(idx=off, num_queries=0; (num_queries < dns_header.num_queries) && (idx < packet->payload_packet_len);) {
u_int16_t i, tot_len = 0;
for(i=idx; i<flow->packet.payload_packet_len;) {
u_int8_t is_ptr = 0, name_len = flow->packet.payload[i]; /* Lenght of the individual name blocks aaa.bbb.com */
for(i=idx; i<packet->payload_packet_len;) {
u_int8_t is_ptr = 0, name_len = packet->payload[i]; /* Lenght of the individual name blocks aaa.bbb.com */
if(name_len == 0) {
tot_len++; /* \0 */
@ -401,8 +403,8 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
int idx;
for(idx=0; idx<name_len; idx++)
printf("%c", flow->packet.payload[i+1+idx]);
printf("%c", packet->payload[i+1+idx]);
printf("]\n");
}
}
@ -416,13 +418,13 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
printf("[DNS] [tot_len: %u]\n\n", tot_len+4 /* type + class */);
#endif
if(((i+4 /* Skip query type and class */) > flow->packet.payload_packet_len)
|| ((flow->packet.payload[i+1] == 0x0) && (flow->packet.payload[i+2] == 0x0)) /* Query type cannot be 0 */
if(((i+4 /* Skip query type and class */) > packet->payload_packet_len)
|| ((packet->payload[i+1] == 0x0) && (packet->payload[i+2] == 0x0)) /* Query type cannot be 0 */
|| (tot_len > 253)
) {
/* Invalid */
#ifdef DNS_DEBUG
printf("[DNS] Invalid query len [%u >= %u]\n", i+4, flow->packet.payload_packet_len);
printf("[DNS] Invalid query len [%u >= %u]\n", i+4, packet->payload_packet_len);
#endif
ndpi_set_risk(ndpi_struct, flow, NDPI_MALFORMED_PACKET);
break;
@ -431,11 +433,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
}
} /* for */
while((j < max_len) && (off < flow->packet.payload_packet_len) && (flow->packet.payload[off] != '\0')) {
uint8_t c, cl = flow->packet.payload[off++];
while((j < max_len) && (off < packet->payload_packet_len) && (packet->payload[off] != '\0')) {
uint8_t c, cl = packet->payload[off++];
if(((cl & 0xc0) != 0) || // we not support compressed names in query
(off + cl >= flow->packet.payload_packet_len)) {
(off + cl >= packet->payload_packet_len)) {
j = 0;
break;
}
@ -445,7 +447,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
while((j < max_len) && (cl != 0)) {
u_int32_t shift;
c = flow->packet.payload[off++];
c = packet->payload[off++];
shift = ((u_int32_t) 1) << (c & 0x1f);
flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_');
cl--;
@ -522,21 +524,21 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS)
|| (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS)) {
/* TODO: add support to RFC6891 to avoid some false positives */
if(flow->packet.udp != NULL && flow->packet.payload_packet_len > PKT_LEN_ALERT)
if(packet->udp != NULL && packet->payload_packet_len > PKT_LEN_ALERT)
ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_LARGE_PACKET);
if(flow->packet.iph != NULL) {
if(packet->iph != NULL) {
/* IPv4 */
u_int8_t flags = ((u_int8_t*)flow->packet.iph)[6];
u_int8_t flags = ((u_int8_t*)packet->iph)[6];
/* 0: fragmented; 1: not fragmented */
if((flags & 0x20)
|| (ndpi_iph_is_valid_and_not_fragmented(flow->packet.iph, flow->packet.l3_packet_len) == 0)) {
|| (ndpi_iph_is_valid_and_not_fragmented(packet->iph, packet->l3_packet_len) == 0)) {
ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED);
}
} else if(flow->packet.iphv6 != NULL) {
} else if(packet->iphv6 != NULL) {
/* IPv6 */
const struct ndpi_ip6_hdrctl *ip6_hdr = &flow->packet.iphv6->ip6_hdr;
const struct ndpi_ip6_hdrctl *ip6_hdr = &packet->iphv6->ip6_hdr;
if(ip6_hdr->ip6_un1_nxt == 0x2C /* Next Header: Fragment Header for IPv6 (44) */) {
ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED);

2
src/lib/protocols/dnscrypt.c
View file

@ -33,7 +33,7 @@ static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct
void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
static char const * const dnscrypt_initial = "2\rdnscrypt";
NDPI_LOG_DBG(ndpi_struct, "search dnscrypt\n");

2
src/lib/protocols/dofus.c
View file

@ -36,7 +36,7 @@ static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_
void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search dofus\n");

2
src/lib/protocols/drda.c
View file

@ -36,7 +36,7 @@ struct ndpi_drda_hdr {
void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct * packet = &flow->packet;
struct ndpi_packet_struct * packet = &ndpi_struct->packet;
u_int16_t payload_len = packet->payload_packet_len;
u_int count = 0; // prevent integer overflow

2
src/lib/protocols/dropbox.c
View file

@ -39,7 +39,7 @@ static void ndpi_int_dropbox_add_connection(struct ndpi_detection_module_struct
static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;

2
src/lib/protocols/eaq.c
View file

@ -45,7 +45,7 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
return;
}
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (!packet) {
return;
}

2
src/lib/protocols/edonkey.c
View file

@ -156,7 +156,7 @@ static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) {
}
static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
/* Break after 20 packets. */

2
src/lib/protocols/fasttrack.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struc
void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n");

2
src/lib/protocols/fiesta.c
View file

@ -36,7 +36,7 @@ static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct *
void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search fiesta\n");

2
src/lib/protocols/fix.c
View file

@ -30,7 +30,7 @@
void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search FIX\n");
if(packet->tcp && packet->payload_packet_len > 5) {

2
src/lib/protocols/florensia.c
View file

@ -36,7 +36,7 @@ static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *n
void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search florensia\n");

2
src/lib/protocols/ftp_control.c
View file

@ -581,7 +581,7 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow,
static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
/* Check connection over TCP */

8
src/lib/protocols/ftp_data.c
View file

@ -34,7 +34,7 @@ static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct
}
static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
/* Check connection over TCP */
if(packet->tcp) {
@ -46,7 +46,7 @@ static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_st
}
static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
if(payload_len > 10) {
@ -70,7 +70,7 @@ static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *nd
}
static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
/* A FTP packet is pretty long so 256 is a bit conservative but it should be OK */
@ -226,7 +226,7 @@ static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_stru
}
static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
/*
Make sure we see the beginning of the connection as otherwise we might have

2
src/lib/protocols/genshin_impact.c
View file

@ -35,7 +35,7 @@ static void ndpi_int_genshin_impact_add_connection(
static void ndpi_search_genshin_impact(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct * packet = &flow->packet;
struct ndpi_packet_struct * packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search genshin-impact\n");

2
src/lib/protocols/git.c
View file

@ -30,7 +30,7 @@
void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct * packet = &flow->packet;
struct ndpi_packet_struct * packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search Git\n");

4
src/lib/protocols/gnutella.c
View file

@ -33,7 +33,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct
struct ndpi_flow_struct *flow/* , */
/* ndpi_protocol_type_t protocol_type */)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
@ -64,7 +64,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct
void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;

2
src/lib/protocols/gtp.c
View file

@ -64,7 +64,7 @@ struct gtp_header_generic {
static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) {

2
src/lib/protocols/guildwars.c
View file

@ -36,7 +36,7 @@ static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struc
void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search guildwars\n");

2
src/lib/protocols/h323.c
View file

@ -33,7 +33,7 @@ struct tpkt {
void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG_DBG(ndpi_struct, "search H323\n");

2
src/lib/protocols/halflife2_and_mods.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struc
void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search halflife2\n");

12
src/lib/protocols/hangout.c
View file

@ -27,7 +27,7 @@
#include "ndpi_api.h"
/* stun.c */
extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev);
extern u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev);
/* https://support.google.com/a/answer/1279090?hl=en */
#define HANGOUT_UDP_LOW_PORT 19302
@ -63,7 +63,7 @@ static u_int8_t google_ptree_match(struct ndpi_detection_module_struct *ndpi_str
static u_int8_t is_google_flow(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->iph) {
struct in_addr saddr, daddr;
@ -83,7 +83,7 @@ static u_int8_t is_google_flow(struct ndpi_detection_module_struct *ndpi_struct,
void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct * packet = &flow->packet;
struct ndpi_packet_struct * packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search Hangout\n");
@ -101,9 +101,9 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct,
if(ndpi_struct->stun_cache == NULL)
ndpi_struct->stun_cache = ndpi_lru_cache_init(1024);
if(ndpi_struct->stun_cache && flow->packet.iph && flow->packet.udp) {
u_int32_t key = get_stun_lru_key(flow, !matched_src);
if(ndpi_struct->stun_cache && packet->iph && packet->udp) {
u_int32_t key = get_stun_lru_key(packet, !matched_src);
#ifdef DEBUG_LRU
printf("[LRU] ADDING %u / %u.%u\n", key, NDPI_PROTOCOL_STUN, NDPI_PROTOCOL_HANGOUT_DUO);
#endif

2
src/lib/protocols/hpvirtgrp.c
View file

@ -35,7 +35,7 @@ static void ndpi_int_hpvirtgrp_add_connection(
static void ndpi_search_hpvirtgrp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct * packet = &flow->packet;
struct ndpi_packet_struct * packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search hpvirtgrp\n");

18
src/lib/protocols/http.c
View file

@ -139,7 +139,7 @@ static void ndpi_http_check_human_redeable_content(struct ndpi_detection_module_
static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
const u_int8_t *double_ret = (const u_int8_t *)ndpi_strnstr((const char *)packet->payload, "\r\n\r\n", packet->payload_packet_len);
NDPI_LOG_DBG(ndpi_struct, "==>>> [len: %u] ", packet->payload_packet_len);
@ -174,7 +174,7 @@ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi
/* https://www.freeformatter.com/mime-types-list.html */
static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->content_line.len > 0) {
u_int app_len = sizeof("application");
@ -314,7 +314,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd
static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if((packet->accept_line.len >= 28)
&& (memcmp(packet->accept_line.ptr, "application/x-rtsp-tunnelled", 28) == 0)) {
@ -499,7 +499,7 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct
*/
static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
int ret;
if(flow->http_detected && (flow->http.response_status_code != 0))
@ -524,8 +524,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[packet->host_line.len]);
}
flow->http.method = ndpi_http_str2method((const char*)flow->packet.http_method.ptr,
(u_int16_t)flow->packet.http_method.len);
flow->http.method = ndpi_http_str2method((const char*)packet->http_method.ptr,
(u_int16_t)packet->http_method.len);
}
if(packet->server_line.ptr != NULL && (packet->server_line.len > 7)) {
@ -723,7 +723,7 @@ static const char *http_fs = "CDGHOPR";
static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
unsigned int i;
NDPI_LOG_DBG2(ndpi_struct, "====>>>> HTTP: %c%c%c%c [len: %u]\n",
@ -794,7 +794,7 @@ static int is_a_suspicious_header(const char* suspicious_headers[], struct ndpi_
static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
u_int32_t i;
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
for(i=0; (i < packet->parsed_lines)
&& (packet->line[i].ptr != NULL)
@ -862,7 +862,7 @@ static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_str
static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/
packet->packet_lines_parsed_complete = 0;

4
src/lib/protocols/iax.c
View file

@ -39,7 +39,7 @@ static void ndpi_int_iax_add_connection(struct ndpi_detection_module_struct *ndp
static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int8_t i;
u_int16_t packet_len;
@ -87,7 +87,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru
void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->udp
&& (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN))

2
src/lib/protocols/icecast.c
View file

@ -35,7 +35,7 @@ static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct
void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t i;
NDPI_LOG_DBG(ndpi_struct, "search icecast\n");

2
src/lib/protocols/iec60870-5-104.c
View file

@ -30,7 +30,7 @@
void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
/* Check connection over TCP */
NDPI_LOG_DBG(ndpi_struct, "search IEC60870\n");

2
src/lib/protocols/imo.c
View file

@ -33,7 +33,7 @@ static void ndpi_int_imo_add_connection(struct ndpi_detection_module_struct
}
void ndpi_search_imo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search IMO\n");

2
src/lib/protocols/ipp.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndp
void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int8_t i;
NDPI_LOG_DBG(ndpi_struct, "search ipp\n");

10
src/lib/protocols/irc.c
View file

@ -64,7 +64,7 @@ u_int8_t ndpi_is_duplicate(struct ndpi_id_struct *id_t, u_int16_t port)
static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
//
u_int16_t i;
u_int8_t number_of_lines_to_be_searched_for = 0;
@ -88,7 +88,7 @@ static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_st
static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t i, packetl = packet->payload_packet_len;
if (packetl < 4) {
@ -110,7 +110,7 @@ static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndp
static u_int8_t ndpi_check_for_cmd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t i;
if (packet->payload_packet_len < 4) {
@ -150,7 +150,7 @@ static u_int8_t ndpi_check_for_IRC_traces(const u_int8_t * ptr, u_int16_t len)
u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "start fast detect\n");
@ -367,7 +367,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det
void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;

4
src/lib/protocols/jabber.c
View file

@ -49,7 +49,7 @@ static void ndpi_int_jabber_add_connection(struct ndpi_detection_module_struct *
static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow, u_int16_t x)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
int i, left = packet->payload_packet_len-x;
if(left <= 0) return;
@ -64,7 +64,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
u_int16_t x;

2
src/lib/protocols/kakaotalk_voice.c
View file

@ -32,7 +32,7 @@
void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search kakaotalk_voice\n");

2
src/lib/protocols/kerberos.c
View file

@ -42,7 +42,7 @@ static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct
void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t sport = packet->tcp ? ntohs(packet->tcp->source) : ntohs(packet->udp->source);
u_int16_t dport = packet->tcp ? ntohs(packet->tcp->dest) : ntohs(packet->udp->dest);
const u_int8_t *original_packet_payload = NULL;

2
src/lib/protocols/kontiki.c
View file

@ -39,7 +39,7 @@ static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct
void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search Kontiki\n");

2
src/lib/protocols/ldap.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *nd
void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search ldap\n");

2
src/lib/protocols/lisp.c
View file

@ -38,7 +38,7 @@ static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *nd
static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->udp != NULL) {

2
src/lib/protocols/lotus_notes.c
View file

@ -29,7 +29,7 @@
static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;

2
src/lib/protocols/mail_imap.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struc
void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t i = 0;
u_int16_t space_pos = 0;
u_int16_t command_start = 0;

4
src/lib/protocols/mail_pop.c
View file

@ -58,7 +58,7 @@ static void popInitExtraPacketProcessing(struct ndpi_flow_struct *flow);
static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->payload_packet_len > 4) {
if((packet->payload[0] == 'A' || packet->payload[0] == 'a')
@ -147,7 +147,7 @@ static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_mod
void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int8_t a = 0;
u_int8_t bit_count = 0;

2
src/lib/protocols/mail_smtp.c
View file

@ -67,7 +67,7 @@ static void smtpInitExtraPacketProcessing(struct ndpi_flow_struct *flow);
void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n");

2
src/lib/protocols/maplestory.c
View file

@ -36,7 +36,7 @@ static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_stru
void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search maplestory\n");

2
src/lib/protocols/megaco.c
View file

@ -28,7 +28,7 @@
void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search for MEGACO\n");

2
src/lib/protocols/memcached.c
View file

@ -103,7 +103,7 @@ void ndpi_search_memcached(
struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
const u_int8_t *offset = packet->payload;
u_int16_t length = packet->payload_packet_len;
u_int8_t *matches;

2
src/lib/protocols/mgcp.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct
void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t pos = 5;

14
src/lib/protocols/mining.c
View file

@ -38,7 +38,7 @@ static void cacheMiningHostTwins(struct ndpi_detection_module_struct *ndpi_struc
void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t source = ntohs(packet->udp->source);
u_int16_t dest = ntohs(packet->udp->dest);
@ -62,7 +62,7 @@ void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct,
snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
if(packet->iph) /* TODO: ipv6 */
cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr);
cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
return;
}
}
@ -80,7 +80,7 @@ static u_int8_t isEthPort(u_int16_t dport) {
void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search MINING TCP\n");
@ -98,7 +98,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
if(packet->iph) /* TODO: ipv6 */
cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr);
cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
return;
}
}
@ -111,7 +111,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
if(packet->iph) /* TODO: ipv6 */
cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr);
cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
return;
} else
flow->guessed_protocol_id = NDPI_PROTOCOL_MINING;
@ -132,7 +132,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
if(packet->iph) /* TODO: ipv6 */
cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr);
cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
return;
} else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len)
&& (ndpi_strnstr((const char *)packet->payload, "\"method\":", packet->payload_packet_len)
@ -156,7 +156,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
if(packet->iph) /* TODO: ipv6 */
cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr);
cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
return;
}
}

2
src/lib/protocols/modbus.c
View file

@ -29,7 +29,7 @@
void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search Modbus\n");
u_int16_t modbus_port = htons(502); // port used by modbus

2
src/lib/protocols/mongodb.c
View file

@ -66,7 +66,7 @@ static void set_mongodb_detected(struct ndpi_detection_module_struct *ndpi_struc
static void ndpi_check_mongodb(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct mongo_message_header mongodb_hdr;
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (packet->payload_packet_len <= sizeof(mongodb_hdr)) {
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

2
src/lib/protocols/mpegts.c
View file

@ -27,7 +27,7 @@
void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search MPEGTS\n");

2
src/lib/protocols/mqtt.c
View file

@ -68,7 +68,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
u_int8_t rl,pt,flags;
NDPI_LOG_DBG(ndpi_struct, "search Mqtt\n");
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
return;
}

2
src/lib/protocols/mssql_tds.c
View file

@ -46,7 +46,7 @@ static void ndpi_int_mssql_tds_add_connection(struct ndpi_detection_module_struc
void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
struct tds_packet_header *h = (struct tds_packet_header*) packet->payload;
NDPI_LOG_DBG(ndpi_struct, "search mssql_tds\n");

2
src/lib/protocols/mysql.c
View file

@ -30,7 +30,7 @@
#include "ndpi_api.h"
void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search MySQL\n");

8
src/lib/protocols/nats.c
View file

@ -40,7 +40,7 @@ static const char* commands[] =
void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
/* Check connection over TCP */
NDPI_LOG_DBG(ndpi_struct, "search NATS\n");
@ -49,14 +49,14 @@ void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct,
int i;
for(i=0; commands[i] != NULL; i++) {
char *match = ndpi_strnstr((const char *)flow->packet.payload,
char *match = ndpi_strnstr((const char *)packet->payload,
commands[i],
flow->packet.payload_packet_len);
packet->payload_packet_len);
if(!match) continue;
if(ndpi_strnstr((const char *)match, "\r\n",
flow->packet.payload_packet_len - ((size_t)match - (size_t)flow->packet.payload)) != NULL) {
packet->payload_packet_len - ((size_t)match - (size_t)packet->payload)) != NULL) {
NDPI_LOG_INFO(ndpi_struct, "found NATS\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NATS, NDPI_PROTOCOL_UNKNOWN);

2
src/lib/protocols/nest_log_sink.c
View file

@ -37,7 +37,7 @@ void ndpi_search_nest_log_sink(
struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search nest_log_sink\n");

14
src/lib/protocols/netbios.c
View file

@ -94,12 +94,14 @@ int ndpi_netbios_name_interpret(u_char *in, u_int in_len, u_char *out, u_int out
static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int16_t sub_protocol) {
unsigned char name[64];
u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if((off < flow->packet.payload_packet_len)
&& ndpi_netbios_name_interpret((unsigned char*)&flow->packet.payload[off],
(u_int)(flow->packet.payload_packet_len - off), name, sizeof(name)-1) > 0) {
unsigned char name[64];
u_int off = packet->payload[12] == 0x20 ? 12 : 14;
if((off < packet->payload_packet_len)
&& ndpi_netbios_name_interpret((unsigned char*)&packet->payload[off],
(u_int)(packet->payload_packet_len - off), name, sizeof(name)-1) > 0) {
snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name);
ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1);
@ -115,7 +117,7 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct
void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t dport;
NDPI_LOG_DBG(ndpi_struct, "search netbios\n");

2
src/lib/protocols/netflow.c
View file

@ -99,7 +99,7 @@ struct flow_ver7_rec {
void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;
time_t now;

2
src/lib/protocols/nfs.c
View file

@ -38,7 +38,7 @@ static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct
void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search NFS\n");

2
src/lib/protocols/nintendo.c
View file

@ -35,7 +35,7 @@ static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct
void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int32_t payload_len = packet->payload_packet_len;
if(packet->udp != NULL) {

2
src/lib/protocols/noe.c
View file

@ -39,7 +39,7 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct
void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search NOE\n");

2
src/lib/protocols/non_tcp_udp.c
View file

@ -40,7 +40,7 @@
void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (packet->iph == NULL) {
if (packet->iphv6 == NULL)

2
src/lib/protocols/ntp.c
View file

@ -36,7 +36,7 @@ static void ndpi_int_ntp_add_connection(struct ndpi_detection_module_struct
void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search NTP\n");

2
src/lib/protocols/ookla.c
View file

@ -28,7 +28,7 @@ const u_int16_t ookla_port = 8080;
/* ************************************************************* */
void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) {
struct ndpi_packet_struct* packet = &flow->packet;
struct ndpi_packet_struct* packet = &ndpi_struct->packet;
u_int32_t addr = 0;
u_int16_t sport, dport;

2
src/lib/protocols/openft.c
View file

@ -37,7 +37,7 @@ static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct
void ndpi_search_openft_tcp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) {
NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n");

2
src/lib/protocols/openvpn.c
View file

@ -81,7 +81,7 @@ int8_t check_pkid_and_detect_hmac_size(const u_int8_t * payload) {
void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct,
struct ndpi_flow_struct* flow) {
struct ndpi_packet_struct* packet = &flow->packet;
struct ndpi_packet_struct* packet = &ndpi_struct->packet;
const u_int8_t * ovpn_payload = packet->payload;
const u_int8_t * session_remote;
u_int8_t opcode;

2
src/lib/protocols/oracle.c
View file

@ -33,7 +33,7 @@ static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct
void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG_DBG(ndpi_struct, "search ORACLE\n");

Some files were not shown because too many files have changed in this diff Show more