diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-03-15 10:12:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-15 10:12:51 +0100 |
| commit | 231748bb0e6f274eb91824bf1e3b1693370ec0de (patch) | |
| tree | c770ac00021102d87d13f1af87aa05d2459699f1 | |
| parent | 97fae6e00ad5b529ecc94a0bde2328da43426080 (diff) | |
LRU cache: move to 64 bits long keys (#2346)
Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key
length.
At least in the ipv4 cases, we have no more different entries with the
same key.
| -rw-r--r-- | src/include/ndpi_api.h | 4 | ||||
| -rw-r--r-- | src/include/ndpi_private.h | 6 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 35 | ||||
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 27 | ||||
| -rw-r--r-- | src/lib/protocols/mining.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/ookla.c | 10 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 43 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 24 | ||||
| -rw-r--r-- | tests/cfgs/default/result/stun_signal.pcapng.out | 13 |
10 files changed, 88 insertions, 84 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 33a2c0e84..db1e12ebd 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1058,9 +1058,9 @@ extern "C" { /* LRU cache */ struct ndpi_lru_cache* ndpi_lru_cache_init(u_int32_t num_entries, u_int32_t ttl, int shared); void ndpi_lru_free_cache(struct ndpi_lru_cache *c); - u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, + u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int64_t key, u_int16_t *value, u_int8_t clean_key_when_found, u_int32_t now_sec); - void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t value, u_int32_t now_sec); + void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int64_t key, u_int16_t value, u_int32_t now_sec); void ndpi_lru_get_stats(struct ndpi_lru_cache *c, struct ndpi_lru_cache_stats *stats); int ndpi_get_lru_cache_stats(struct ndpi_global_context *g_ctx, diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index bb704e63e..25ff5c4a7 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -660,8 +660,8 @@ int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t rtp_get_stream_type(u_int8_t payloadType, ndpi_multimedia_flow_type *s_type); /* Bittorrent */ -u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset); -u_int32_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow); +u_int64_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset); +u_int64_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow); int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -673,7 +673,7 @@ int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct int tpkt_verify_hdr(const struct ndpi_packet_struct * const packet); /* Mining Protocols (Ethereum, Monero, ...) */ -u_int32_t mining_make_lru_cache_key(struct ndpi_flow_struct *flow); +u_int64_t mining_make_lru_cache_key(struct ndpi_flow_struct *flow); /* Protocols init */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c0c933101..7ed2ae3d5 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -757,7 +757,7 @@ typedef enum { } lru_cache_scope; struct ndpi_lru_cache_entry { - u_int32_t key; /* Store the whole key to avoid ambiguities */ + u_int64_t key; /* Store the whole key to avoid ambiguities */ u_int32_t is_full:1, value:16, pad:15; u_int32_t timestamp; /* sec */ }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c3f7fc0bf..ade32dda1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7255,17 +7255,17 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ /* ********************************************************************************* */ -static u_int32_t make_msteams_key(struct ndpi_flow_struct *flow, u_int8_t use_client) { - u_int32_t key; +static u_int64_t make_msteams_key(struct ndpi_flow_struct *flow, u_int8_t use_client) { + u_int64_t key; if(use_client) { if(flow->is_ipv6) - key = ndpi_quick_hash(flow->c_address.v6, 16); + key = ndpi_quick_hash64((const char *)flow->c_address.v6, 16); else key = ntohl(flow->c_address.v4); } else { if(flow->is_ipv6) - key = ndpi_quick_hash(flow->s_address.v6, 16); + key = ndpi_quick_hash64((const char *)flow->s_address.v6, 16); else key = ntohl(flow->s_address.v4); } @@ -7530,7 +7530,7 @@ int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struc if(ndpi_struct->bittorrent_cache) { u_int16_t cached_proto; u_int8_t found = 0; - u_int32_t key, key1, key2; + u_int64_t key, key1, key2; flow->bt_check_performed = 1; @@ -7544,9 +7544,10 @@ int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struc || ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key2, &cached_proto, 0 /* Don't remove it as it can be used for other connections */, ndpi_get_current_time(flow)); #ifdef BITTORRENT_CACHE_DEBUG - printf("[BitTorrent] *** [%s] SEARCHING ports %u / %u [%u][%u][%u][found: %u]\n", + printf("[BitTorrent] *** [%s] SEARCHING ports %u / %u [0x%llx][0x%llx][0x%llx][found: %u]\n", flow->l4_proto == IPPROTO_UDP ? "UDP": "TCP", - ntohs(flow->c_port), ntohs(flow->s_port), key, key1, key2, found); + ntohs(flow->c_port), ntohs(flow->s_port), + (long long unsigned int)key, (long long unsigned int)key1, (long long unsigned int)key2, found); #endif return(found); @@ -7560,17 +7561,17 @@ int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struc /* #define ZOOM_CACHE_DEBUG */ -static u_int32_t make_zoom_key(struct ndpi_flow_struct *flow, int server) { - u_int32_t key; +static u_int64_t make_zoom_key(struct ndpi_flow_struct *flow, int server) { + u_int64_t key; if(server) { if(flow->is_ipv6) - key = ndpi_quick_hash(flow->s_address.v6, 16); + key = ndpi_quick_hash64((const char *)flow->s_address.v6, 16); else key = flow->s_address.v4; } else { if(flow->is_ipv6) - key = ndpi_quick_hash(flow->c_address.v6, 16); + key = ndpi_quick_hash64((const char *)flow->c_address.v6, 16); else key = flow->c_address.v4; } @@ -7585,7 +7586,7 @@ static u_int8_t ndpi_search_into_zoom_cache(struct ndpi_detection_module_struct if(ndpi_struct->zoom_cache) { u_int16_t cached_proto; - u_int32_t key; + u_int64_t key; key = make_zoom_key(flow, server); u_int8_t found = ndpi_lru_find_cache(ndpi_struct->zoom_cache, key, &cached_proto, @@ -7593,7 +7594,7 @@ static u_int8_t ndpi_search_into_zoom_cache(struct ndpi_detection_module_struct ndpi_get_current_time(flow)); #ifdef ZOOM_CACHE_DEBUG - printf("[Zoom] *** [TCP] SEARCHING key %u [found: %u]\n", key, found); + printf("[Zoom] *** [TCP] SEARCHING key 0x%llx [found: %u]\n", (long long unsigned int)key, found); #endif return(found); @@ -10028,9 +10029,9 @@ static void __lru_cache_unlock(struct ndpi_lru_cache *c) #endif } -u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, +u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int64_t key, u_int16_t *value, u_int8_t clean_key_when_found, u_int32_t now_sec) { - u_int32_t slot = key % c->num_entries; + u_int32_t slot = ndpi_quick_hash((unsigned char *)&key, sizeof(key)) % c->num_entries; u_int8_t ret; __lru_cache_lock(c); @@ -10052,8 +10053,8 @@ u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, return ret; } -void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t value, u_int32_t now_sec) { - u_int32_t slot = key % c->num_entries; +void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int64_t key, u_int16_t value, u_int32_t now_sec) { + u_int32_t slot = ndpi_quick_hash((unsigned char *)&key, sizeof(key)) % c->num_entries; __lru_cache_lock(c); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 01d497492..d1c9dd323 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -144,20 +144,20 @@ static void ndpi_search_bittorrent_hash(struct ndpi_detection_module_struct *ndp /* *********************************************** */ -u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset) { - u_int32_t key; +u_int64_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset) { + u_int64_t key; /* network byte order */ if(flow->is_ipv6) { if(client) - key = ip_port_hash_funct(ndpi_quick_hash(flow->c_address.v6, 16), htons(ntohs(flow->c_port) + offset)); + key = (ndpi_quick_hash64((const char *)flow->c_address.v6, 16) << 16) | htons(ntohs(flow->c_port) + offset); else - key = ip_port_hash_funct(ndpi_quick_hash(flow->s_address.v6, 16), flow->s_port); + key = (ndpi_quick_hash64((const char *)flow->s_address.v6, 16) << 16) | flow->s_port; } else { if(client) - key = ip_port_hash_funct(flow->c_address.v4, htons(ntohs(flow->c_port) + offset)); + key = ((u_int64_t)flow->c_address.v4 << 32) | htons(ntohs(flow->c_port) + offset); else - key = ip_port_hash_funct(flow->s_address.v4, flow->s_port); + key = ((u_int64_t)flow->s_address.v4 << 32) | flow->s_port; } return key; @@ -165,14 +165,14 @@ u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, in /* *********************************************** */ -u_int32_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow) { - u_int32_t key; +u_int64_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow) { + u_int64_t key; /* network byte order */ if(flow->is_ipv6) - key = ndpi_quick_hash(flow->c_address.v6, 16) + ndpi_quick_hash(flow->s_address.v6, 16); + key = (ndpi_quick_hash64((const char *)flow->c_address.v6, 16) << 32) | (ndpi_quick_hash64((const char *)flow->s_address.v6, 16) & 0xFFFFFFFF); else - key = flow->c_address.v4 + flow->s_address.v4; + key = ((u_int64_t)flow->c_address.v4 << 32) | flow->s_address.v4; return key; } @@ -196,7 +196,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc } if(ndpi_struct->bittorrent_cache) { - u_int32_t key, key1, key2, i; + u_int64_t key, key1, key2, i; key = make_bittorrent_peers_key(flow); key1 = make_bittorrent_host_key(flow, 1, 0), key2 = make_bittorrent_host_key(flow, 0, 0); @@ -218,7 +218,10 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc } #ifdef BITTORRENT_CACHE_DEBUG - printf("[BitTorrent] [%s] *** ADDED ports %u / %u [%u][%u]\n", flow->l4_proto == IPPROTO_TCP ? "TCP" : "UDP", ntohs(flow->c_port), ntohs(flow->s_port), key1, key2); + printf("[BitTorrent] [%s] *** ADDED ports %u / %u [0x%llx][0x%llx]\n", + flow->l4_proto == IPPROTO_TCP ? "TCP" : "UDP", + ntohs(flow->c_port), ntohs(flow->s_port), + (long long unsigned int)key1, (long long unsigned int)key2); #endif } } diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c index e6cdcf487..22d215927 100644 --- a/src/lib/protocols/mining.c +++ b/src/lib/protocols/mining.c @@ -28,14 +28,14 @@ /* ************************************************************************** */ -u_int32_t mining_make_lru_cache_key(struct ndpi_flow_struct *flow) { - u_int32_t key; +u_int64_t mining_make_lru_cache_key(struct ndpi_flow_struct *flow) { + u_int64_t key; /* network byte order */ if(flow->is_ipv6) - key = ndpi_quick_hash(flow->c_address.v6, 16) + ndpi_quick_hash(flow->s_address.v6, 16); + key = (ndpi_quick_hash64((const char *)flow->c_address.v6, 16) << 32) | (ndpi_quick_hash64((const char *)flow->s_address.v6, 16) & 0xFFFFFFFF); else - key = flow->c_address.v4 + flow->s_address.v4; + key = ((u_int64_t)flow->c_address.v4 << 32) | flow->s_address.v4; return key; } diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c index b5391234b..c7aad161d 100644 --- a/src/lib/protocols/ookla.c +++ b/src/lib/protocols/ookla.c @@ -30,12 +30,12 @@ const u_int16_t ookla_port = 8080; /* ************************************************************* */ -static u_int32_t get_ookla_key(struct ndpi_flow_struct *flow) +static u_int64_t get_ookla_key(struct ndpi_flow_struct *flow) { if(flow->is_ipv6) - return ndpi_quick_hash(flow->c_address.v6, 16); + return ndpi_quick_hash64((const char *)flow->c_address.v6, 16); else - return ntohl(flow->c_address.v4); + return flow->c_address.v4; } /* ************************************************************* */ @@ -43,7 +43,7 @@ static u_int32_t get_ookla_key(struct ndpi_flow_struct *flow) int ookla_search_into_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - u_int32_t key; + u_int64_t key; u_int16_t dummy; if(ndpi_struct->ookla_cache) { @@ -69,7 +69,7 @@ int ookla_search_into_cache(struct ndpi_detection_module_struct *ndpi_struct, void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - u_int32_t key; + u_int64_t key; if(ndpi_struct->ookla_cache) { key = get_ookla_key(flow); diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 9b6274753..31ec2168d 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -33,8 +33,8 @@ #define STUN_HDR_LEN 20 /* STUN message header length, Classic-STUN (RFC 3489) and STUN (RFC 8489) both */ -static u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); -static u_int32_t get_stun_lru_key_raw4(u_int32_t ip, u_int16_t port); +static u_int64_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); +static u_int64_t get_stun_lru_key_raw4(u_int32_t ip, u_int16_t port); static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int app_proto); @@ -46,7 +46,7 @@ static u_int16_t search_into_cache(struct ndpi_detection_module_struct *ndpi_str struct ndpi_flow_struct *flow) { u_int16_t proto; - u_int32_t key; + u_int64_t key; int rc; if(ndpi_struct->stun_cache) { @@ -55,7 +55,7 @@ static u_int16_t search_into_cache(struct ndpi_detection_module_struct *ndpi_str 0 /* Don't remove it as it can be used for other connections */, ndpi_get_current_time(flow)); #ifdef DEBUG_LRU - printf("[LRU] Searching %u\n", key); + printf("[LRU] Searching 0x%llx\n", (long long unsigned int)key); #endif if(!rc) { @@ -64,19 +64,19 @@ static u_int16_t search_into_cache(struct ndpi_detection_module_struct *ndpi_str 0 /* Don't remove it as it can be used for other connections */, ndpi_get_current_time(flow)); #ifdef DEBUG_LRU - printf("[LRU] Searching %u\n", key); + printf("[LRU] Searching 0x%llx\n", (long long unsigned int)key); #endif } if(rc) { #ifdef DEBUG_LRU - printf("[LRU] Cache FOUND %u / %u\n", key, proto); + printf("[LRU] Cache FOUND 0x%llx / %u\n", (long long unsigned int)key, proto); #endif return proto; } else { #ifdef DEBUG_LRU - printf("[LRU] NOT FOUND %u\n", key); + printf("[LRU] NOT FOUND 0x%llx\n", (long long unsigned int)key); #endif } } else { @@ -91,7 +91,7 @@ static void add_to_caches(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t app_proto) { - u_int32_t key, key_rev; + u_int64_t key, key_rev; if(ndpi_struct->stun_cache && app_proto != NDPI_PROTOCOL_STUN && @@ -104,7 +104,8 @@ static void add_to_caches(struct ndpi_detection_module_struct *ndpi_struct, ndpi_lru_add_to_cache(ndpi_struct->stun_cache, key_rev, app_proto, ndpi_get_current_time(flow)); #ifdef DEBUG_LRU - printf("[LRU] ADDING %u 0x%x app %u [%u -> %u]\n", key, key_rev, app_proto, + printf("[LRU] ADDING 0x%llx 0x%llx app %u [%u -> %u]\n", + (long long unsigned int)key, (long long unsigned int)key_rev, app_proto, ntohs(flow->c_port), ntohs(flow->s_port)); #endif } @@ -118,7 +119,7 @@ static void add_to_caches(struct ndpi_detection_module_struct *ndpi_struct, 0 /* dummy */, ndpi_get_current_time(flow)); #ifdef DEBUG_ZOOM_LRU - printf("[LRU ZOOM] ADDING %u [src_port %u]\n", key, ntohs(flow->c_port)); + printf("[LRU ZOOM] ADDING 0x%llu [src_port %u]\n", (long long unsigned int)key, ntohs(flow->c_port)); #endif } } @@ -241,13 +242,13 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, if(1 /* TODO: enable/disable */ && ndpi_struct->stun_cache) { - u_int32_t key = get_stun_lru_key_raw4(ip, port); + u_int64_t key = get_stun_lru_key_raw4(ip, port); ndpi_lru_add_to_cache(ndpi_struct->stun_cache, key, flow->detected_protocol_stack[0], ndpi_get_current_time(flow)); #ifdef DEBUG_LRU - printf("[LRU] Add peer %u %d\n", key, flow->detected_protocol_stack[0]); + printf("[LRU] Add peer 0x%llx %d\n", (long long unsigned int)key, flow->detected_protocol_stack[0]); #endif } } @@ -514,24 +515,24 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct, /* ************************************************************ */ -static u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { +static u_int64_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { if(rev) { if(flow->is_ipv6) - return ndpi_quick_hash(flow->s_address.v6, 16) + ntohs(flow->s_port); + return (ndpi_quick_hash64((const char *)flow->s_address.v6, 16) << 16) | ntohs(flow->s_port); else - return ntohl(flow->s_address.v4) + ntohs(flow->s_port); + return ((u_int64_t)flow->s_address.v4 << 32) | flow->s_port; } else { if(flow->is_ipv6) - return ndpi_quick_hash(flow->c_address.v6, 16) + ntohs(flow->c_port); + return (ndpi_quick_hash64((const char *)flow->c_address.v6, 16) << 16) | ntohs(flow->c_port); else - return ntohl(flow->c_address.v4) + ntohs(flow->c_port); + return ((u_int64_t)flow->c_address.v4 << 32) | flow->c_port; } } /* ************************************************************ */ -static u_int32_t get_stun_lru_key_raw4(u_int32_t ip, u_int16_t port_host_order) { - return ntohl(ip) + port_host_order; +static u_int64_t get_stun_lru_key_raw4(u_int32_t ip, u_int16_t port_host_order) { + return ((u_int64_t)ip << 32) | htons(port_host_order); } /* ************************************************************ */ @@ -540,13 +541,13 @@ int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct struct ndpi_flow_struct *flow) { u_int16_t dummy; - u_int32_t key; + u_int64_t key; if(ndpi_struct->stun_zoom_cache && flow->l4_proto == IPPROTO_UDP) { key = get_stun_lru_key(flow, 0); /* Src */ #ifdef DEBUG_ZOOM_LRU - printf("[LRU ZOOM] Search %u [src_port %u]\n", key, ntohs(flow->c_port)); + printf("[LRU ZOOM] Search 0x%llx [src_port %u]\n", (long long unsigned int)key, ntohs(flow->c_port)); #endif if(ndpi_lru_find_cache(ndpi_struct->stun_zoom_cache, key, diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index d03860216..7e9552004 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -296,34 +296,34 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet, /* **************************************** */ -static u_int32_t make_tls_cert_key(struct ndpi_packet_struct *packet, int is_from_client) +static u_int64_t make_tls_cert_key(struct ndpi_packet_struct *packet, int is_from_client) { - u_int32_t key; + u_int64_t key; /* Server ip/port */ if(packet->iphv6 == NULL) { if(packet->tcp) { if(is_from_client) - key = packet->iph->daddr + packet->tcp->dest; + key = ((u_int64_t)packet->iph->daddr << 32) | packet->tcp->dest; else - key = packet->iph->saddr + packet->tcp->source; + key = ((u_int64_t)packet->iph->saddr << 32) | packet->tcp->source; } else { if(is_from_client) - key = packet->iph->daddr + packet->udp->dest; + key = ((u_int64_t)packet->iph->daddr << 32) | packet->udp->dest; else - key = packet->iph->saddr + packet->udp->source; + key = ((u_int64_t)packet->iph->saddr << 32) | packet->udp->source; } } else { if(packet->tcp) { if(is_from_client) - key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_dst, 16) + packet->tcp->dest; + key = (ndpi_quick_hash64((const char *)&packet->iphv6->ip6_dst, 16) << 16) | packet->tcp->dest; else - key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_src, 16) + packet->tcp->source; + key = (ndpi_quick_hash64((const char *)&packet->iphv6->ip6_src, 16) << 16) | packet->tcp->source; } else { if(is_from_client) - key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_dst, 16) + packet->udp->dest; + key = (ndpi_quick_hash64((const char *)&packet->iphv6->ip6_dst, 16) << 16) | packet->udp->dest; else - key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_src, 16) + packet->udp->source; + key = (ndpi_quick_hash64((const char *)&packet->iphv6->ip6_src, 16) << 16) | packet->udp->source; } } @@ -342,7 +342,7 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->tls_cert_cache) { u_int16_t cached_proto; - u_int32_t key; + u_int64_t key; key = make_tls_cert_key(packet, is_from_client); @@ -740,7 +740,7 @@ void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct ndpi_unset_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST); if(ndpi_struct->tls_cert_cache) { - u_int32_t key = make_tls_cert_key(packet, 0 /* from the server */); + u_int64_t key = make_tls_cert_key(packet, 0 /* from the server */); ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id, ndpi_get_current_time(flow)); } diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index f862cb9bb..68d9b9ebf 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -1,12 +1,12 @@ -DPI Packets (UDP): 36 (1.71 pkts/flow) +DPI Packets (UDP): 32 (1.52 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) -Confidence DPI (cache) : 19 (flows) -Confidence DPI : 4 (flows) +Confidence DPI (cache) : 20 (flows) +Confidence DPI : 3 (flows) Num dissector calls: 104 (4.52 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 40/56/19 (insert/search/found) +LRU cache stun: 42/47/20 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) @@ -23,13 +23,12 @@ Patricia risk IPv6: 0/0 (search/found) Patricia protocols: 25/23 (search/found) Patricia protocols IPv6: 0/0 (search/found) -STUN 106 12322 1 ICMP 53 5186 2 -SignalVoip 301 30988 20 +SignalVoip 407 43310 21 Acceptable 460 48496 23 - 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78/STUN][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.169:43068 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][13 pkts/1598 bytes <-> 13 pkts/1638 bytes][Goodput ratio: 66/67][31.02 sec][bytes ratio: -0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2090/2098 10035/10033 3616/3611][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 123/126 174/190 47/25][PLAIN TEXT (xYXlLJQ)][Plen Bins: 19,15,26,30,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |