Added ability to define an unlimited number of custom rules IP:port for the same IP (it used tobe limited to 2)

4 files changed, 157 insertions, 111 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index d9f4c5fdf..20bc8a91b 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -5089,116 +5089,116 @@ void zscoreUnitTest() {
 /**
    @brief MAIN FUNCTION
 **/
-  int main(int argc, char **argv) {
-    int i, skip_unit_tests = 0;
+int main(int argc, char **argv) {
+  int i, skip_unit_tests = 0;
 
 #ifdef DEBUG_TRACE
-    trace = fopen("/tmp/ndpiReader.log", "a");
+  trace = fopen("/tmp/ndpiReader.log", "a");
 
-    if(trace) {
-      int i;
+  if(trace) {
+    int i;
 
-      fprintf(trace, " #### %s #### \n", __FUNCTION__);
-      fprintf(trace, " #### [argc: %u] #### \n", argc);
+    fprintf(trace, " #### %s #### \n", __FUNCTION__);
+    fprintf(trace, " #### [argc: %u] #### \n", argc);
 
-      for(i=0; i<argc; i++)
-	fprintf(trace, " #### [%d] [%s]\n", i, argv[i]);
-    }
+    for(i=0; i<argc; i++)
+      fprintf(trace, " #### [%d] [%s]\n", i, argv[i]);
+  }
 #endif
 
 
-    if(ndpi_get_api_version() != NDPI_API_VERSION) {
-      printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n");
-      return(-1);
-    }
+  if(ndpi_get_api_version() != NDPI_API_VERSION) {
+    printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n");
+    return(-1);
+  }
 
-    if(!skip_unit_tests) {
+  if(!skip_unit_tests) {
 #ifndef DEBUG_TRACE
-      /* Skip tests when debugging */
+    /* Skip tests when debugging */
 
 #ifdef HW_TEST
-      hwUnitTest2();
+    hwUnitTest2();
 #endif
 
 #ifdef STRESS_TEST
-      desUnitStressTest();
-      exit(0);
+    desUnitStressTest();
+    exit(0);
 #endif
 
-      zscoreUnitTest();
-      sesUnitTest();
-      desUnitTest();
-
-      /* Internal checks */
-      // binUnitTest();
-      //hwUnitTest();
-      jitterUnitTest();
-      rsiUnitTest();
-      hashUnitTest();
-      dgaUnitTest();
-      hllUnitTest();
-      bitmapUnitTest();
-      automataUnitTest();
-      analyzeUnitTest();
-      ndpi_self_check_host_match();
-      analysisUnitTest();
-      compressedBitmapUnitTest();
+    zscoreUnitTest();
+    sesUnitTest();
+    desUnitTest();
+
+    /* Internal checks */
+    // binUnitTest();
+    //hwUnitTest();
+    jitterUnitTest();
+    rsiUnitTest();
+    hashUnitTest();
+    dgaUnitTest();
+    hllUnitTest();
+    bitmapUnitTest();
+    automataUnitTest();
+    analyzeUnitTest();
+    ndpi_self_check_host_match();
+    analysisUnitTest();
+    compressedBitmapUnitTest();
 #endif
-    }
+  }
 
-    gettimeofday(&startup_time, NULL);
-    memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info));
+  gettimeofday(&startup_time, NULL);
+  memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info));
 
-    if(getenv("AHO_DEBUG"))
-      ac_automata_enable_debug(1);
-    parseOptions(argc, argv);
+  if(getenv("AHO_DEBUG"))
+    ac_automata_enable_debug(1);
+  parseOptions(argc, argv);
 
-    ndpi_info_mod = ndpi_init_detection_module(init_prefs);
+  ndpi_info_mod = ndpi_init_detection_module(init_prefs);
 
-    if(ndpi_info_mod == NULL) return -1;
+  if(ndpi_info_mod == NULL) return -1;
 
-    if(domain_to_check) {
-      ndpiCheckHostStringMatch(domain_to_check);
-      exit(0);
-    }
+  if(domain_to_check) {
+    ndpiCheckHostStringMatch(domain_to_check);
+    exit(0);
+  }
 
-    if(!quiet_mode) {
-      printf("\n-----------------------------------------------------------\n"
-	     "* NOTE: This is demo app to show *some* nDPI features.\n"
-	     "* In this demo we have implemented only some basic features\n"
-	     "* just to show you what you can do with the library. Feel \n"
-	     "* free to extend it and send us the patches for inclusion\n"
-	     "------------------------------------------------------------\n\n");
-
-      printf("Using nDPI (%s) [%d thread(s)]\n", ndpi_revision(), num_threads);
-
-      const char *gcrypt_ver = ndpi_get_gcrypt_version();
-      if(gcrypt_ver)
-	printf("Using libgcrypt version %s\n", gcrypt_ver);
-    }
+  if(!quiet_mode) {
+    printf("\n-----------------------------------------------------------\n"
+	   "* NOTE: This is demo app to show *some* nDPI features.\n"
+	   "* In this demo we have implemented only some basic features\n"
+	   "* just to show you what you can do with the library. Feel \n"
+	   "* free to extend it and send us the patches for inclusion\n"
+	   "------------------------------------------------------------\n\n");
+
+    printf("Using nDPI (%s) [%d thread(s)]\n", ndpi_revision(), num_threads);
+
+    const char *gcrypt_ver = ndpi_get_gcrypt_version();
+    if(gcrypt_ver)
+      printf("Using libgcrypt version %s\n", gcrypt_ver);
+  }
 
-    signal(SIGINT, sigproc);
+  signal(SIGINT, sigproc);
 
-    for(i=0; i<num_loops; i++)
-      test_lib();
+  for(i=0; i<num_loops; i++)
+    test_lib();
 
-    if(results_path)  ndpi_free(results_path);
-    if(results_file)  fclose(results_file);
-    if(extcap_dumper) pcap_dump_close(extcap_dumper);
-    if(extcap_fifo_h) pcap_close(extcap_fifo_h);
-    if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod);
-    if(enable_malloc_bins)
-      ndpi_free_bin(&malloc_bins);
-    if(csv_fp)        fclose(csv_fp);
-    ndpi_free(_debug_protocols);
-    ndpi_free(_disabled_protocols);
+  if(results_path)  ndpi_free(results_path);
+  if(results_file)  fclose(results_file);
+  if(extcap_dumper) pcap_dump_close(extcap_dumper);
+  if(extcap_fifo_h) pcap_close(extcap_fifo_h);
+  if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod);
+  if(enable_malloc_bins)
+    ndpi_free_bin(&malloc_bins);
+  if(csv_fp)        fclose(csv_fp);
+  ndpi_free(_debug_protocols);
+  ndpi_free(_disabled_protocols);
 
 #ifdef DEBUG_TRACE
-    if(trace) fclose(trace);
+  if(trace) fclose(trace);
 #endif
-
-    return 0;
-  }
+  
+  return 0;
+}
 
 #ifdef _MSC_BUILD
 int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
diff --git a/src/include/ndpi_patricia_typedefs.h b/src/include/ndpi_patricia_typedefs.h
index 29e426b3c..f062677bd 100644
--- a/src/include/ndpi_patricia_typedefs.h
+++ b/src/include/ndpi_patricia_typedefs.h
@@ -66,20 +66,26 @@
 
 #define UV16_MAX_USER_VALUES  2
 
+struct patricia_uv16 {
+  u_int16_t user_value, additional_user_value;
+};
+
+struct patricia_uv16_list {
+  struct patricia_uv16 value;
+  struct patricia_uv16_list *next;
+};
+
+struct patricia_uv32 {
+  u_int32_t user_value, additional_user_value;
+};
+
 /* pointer to user data (ex. route flap info) */
 union ndpi_patricia_node_value_t { 
   /* User-defined values */
   union {
-    struct {
-      u_int16_t user_value, additional_user_value;
-    } uv16[UV16_MAX_USER_VALUES];
-      
-    struct {
-      u_int32_t user_value, additional_user_value;
-    } uv32;
-    
-    u_int64_t uv64;
-    
+    struct patricia_uv16 uv16[UV16_MAX_USER_VALUES];      
+    struct patricia_uv32 uv32;    
+    u_int64_t uv64;    
     void *user_data;
   } u;
 };
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index c7a39ca12..45a98a0e1 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1,7 +1,7 @@
 /*
  * ndpi_typedefs.h
  *
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-23 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -1156,18 +1156,18 @@ struct ndpi_detection_module_struct {
     risky_domain_automa, tls_cert_subject_automa,
     host_risk_mask_automa, common_alpns_automa;
   /* IMPORTANT: please, whenever you add a new automa:
-       * update ndpi_finalize_initialization()
-       * update automa_type above
-  */
+   * update ndpi_finalize_initialization()
+   * update automa_type above
+   */
 
   ndpi_str_hash *malicious_ja3_hashmap, *malicious_sha1_hashmap;
 
   ndpi_list *trusted_issuer_dn;
-  
-  void *ip_risk_mask_ptree;
-  void *ip_risk_ptree;
-  /* IP-based protocol detection */
-  void *protocols_ptree;
+
+  /* Patricia trees */
+  ndpi_patricia_tree_t *ip_risk_mask_ptree;
+  ndpi_patricia_tree_t *ip_risk_ptree; 
+  ndpi_patricia_tree_t *protocols_ptree;  /* IP-based protocol detection */
   
   /* *** If you add a new Patricia tree, please update ptree_type above! *** */
 
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index ffb38b1cc..4033bbdae 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2164,22 +2164,22 @@ void ndpi_patricia_get_stats(ndpi_patricia_tree_t *tree, struct ndpi_patricia_tr
 /* ******************************************************************** */
 
 int ndpi_get_patricia_stats(struct ndpi_detection_module_struct *ndpi_struct,
-                          ptree_type ptree_type,
-                          struct ndpi_patricia_tree_stats *stats) {
+			    ptree_type ptree_type,
+			    struct ndpi_patricia_tree_stats *stats) {
   if(!ndpi_struct || !stats)
     return -1;
 
   switch(ptree_type) {
   case NDPI_PTREE_RISK_MASK:
-    ndpi_patricia_get_stats((ndpi_patricia_tree_t *)ndpi_struct->ip_risk_mask_ptree, stats);
+    ndpi_patricia_get_stats(ndpi_struct->ip_risk_mask_ptree, stats);
     return 0;
     
   case NDPI_PTREE_RISK:
-    ndpi_patricia_get_stats((ndpi_patricia_tree_t *)ndpi_struct->ip_risk_ptree, stats);
+    ndpi_patricia_get_stats(ndpi_struct->ip_risk_ptree, stats);
     return 0;
     
   case NDPI_PTREE_PROTOCOLS:
-    ndpi_patricia_get_stats((ndpi_patricia_tree_t *)ndpi_struct->protocols_ptree, stats);
+    ndpi_patricia_get_stats(ndpi_struct->protocols_ptree, stats);
     return 0;
     
   default:
@@ -2336,12 +2336,27 @@ u_int16_t ndpi_network_port_ptree_match(struct ndpi_detection_module_struct *ndp
 
   if(node) {
     int i;
-
+    struct patricia_uv16_list *item;
+    
     for(i=0; i<UV16_MAX_USER_VALUES; i++) {
       if((node->value.u.uv16[i].additional_user_value == 0)
 	 || (node->value.u.uv16[i].additional_user_value == port))
 	return(node->value.u.uv16[i].user_value);
     }
+
+    /*
+      If we're here it means that we don't have
+      enough room for our custom value so we need
+      to check the custom_user_data pointer.
+    */
+    item = (struct patricia_uv16_list*)node->data;
+
+    while(item != NULL) {
+      if(item->value.additional_user_value == port)
+	return(item->value.user_value);
+      else
+	item = item->next;
+    }
   }
 
   return(NDPI_PROTOCOL_UNKNOWN);
@@ -2505,14 +2520,32 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp
 
   if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) {
     int i;
-
+    struct patricia_uv16_list *item;
+    
     for(i=0; i<UV16_MAX_USER_VALUES; i++) {
       if(node->value.u.uv16[i].user_value == 0) {
 	node->value.u.uv16[i].user_value = protocol_id, node->value.u.uv16[i].additional_user_value = htons(port);
+	
 	return(0);
       }
-    }
+    } /* for */
+
+    /*
+      If we're here it means that we don't have
+      enough room for our custom value
+    */
+    item = (struct patricia_uv16_list*)ndpi_malloc(sizeof(struct patricia_uv16_list));
+
+    if(item != NULL) {
+      item->value.user_value = protocol_id,
+	item->value.additional_user_value = htons(port),
+	item->next = (struct patricia_uv16_list*)node->data;
+      
+      node->data = item;
 
+      return(0);
+    }
+    
     return(-1); /* All slots are full */
   }
 
@@ -3295,7 +3328,14 @@ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str
 /* *********************************************** */
 
 static void free_ptree_data(void *data) {
-  ;
+  struct patricia_uv16_list *item = (struct patricia_uv16_list *)data;
+
+  while(item != NULL) {
+    struct patricia_uv16_list *next = item->next;
+    
+    free(item);
+    item = next;
+  }
 }
 
 /* ****************************************************** */
@@ -3315,7 +3355,7 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
     for(i = 0; (i < MAX_NBPF_CUSTOM_PROTO) && (ndpi_str->nbpf_custom_proto[i].tree != NULL); i++)
       nbpf_free(ndpi_str->nbpf_custom_proto[i].tree);
 #endif
-
+    
     /* NDPI_PROTOCOL_TINC */
     if(ndpi_str->tinc_cache)
       cache_free((cache_t)(ndpi_str->tinc_cache));
@@ -3348,10 +3388,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
       ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->protocols_ptree, free_ptree_data);
 
     if(ndpi_str->ip_risk_mask_ptree)
-      ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_mask_ptree, free_ptree_data);
+      ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_mask_ptree, NULL);
 
     if(ndpi_str->ip_risk_ptree)
-      ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree, free_ptree_data);
+      ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree, NULL);
 
     if(ndpi_str->udpRoot != NULL) ndpi_tdestroy(ndpi_str->udpRoot, ndpi_free);
     if(ndpi_str->tcpRoot != NULL) ndpi_tdestroy(ndpi_str->tcpRoot, ndpi_free);