diff options
| author | Luca Deri <deri@ntop.org> | 2021-11-17 23:18:22 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-11-17 23:18:22 +0100 |
| commit | 4c39ed293e03c59af9d69a412107d41b00ebc21d (patch) | |
| tree | d9ec6a6f8181cb3bf75d18de012f840cc3b679a7 | |
| parent | 2e2d4c911a8ffce297a927addfe795a3b6b3d3fb (diff) | |
BitTorrent dissector code cleanup and merge of https://github.com/ntop/nDPI/pull/1374
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 106 |
1 files changed, 69 insertions, 37 deletions
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index bd02cd864..4f34ba8e3 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -156,6 +156,8 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc } } +/* ************************************* */ + static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -428,8 +430,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module return 0; } +/* ************************************* */ -/*Search for BitTorrent commands*/ +/* Search for BitTorrent commands */ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; @@ -451,10 +454,62 @@ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct * return; } +/* ************************************* */ + static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) { return(((what == a) || (what == b)) ? 1 : 0); } +/* ************************************* */ + +static int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + struct ndpi_packet_struct *packet) { + if((!flow->bittorrent.bt_check_performed /* Do the check once */) && ndpi_struct->bittorrent_cache) { + u_int16_t cached_proto; + u_int8_t found = 0; + u_int32_t key1, key2; + + flow->bittorrent.bt_check_performed = 1; + + /* Check cached communications */ + if(packet->udp) + key1 = bt_hash_funct(packet->iph->saddr, packet->udp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->udp->dest); + else + key1 = bt_hash_funct(packet->iph->saddr, packet->tcp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->tcp->dest); + + found = ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key1, &cached_proto, 0 /* Don't remove it as it can be used for other connections */) + || ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key2, &cached_proto, 0 /* Don't remove it as it can be used for other connections */); + +#ifdef CACHE_DEBUG + if(packet->udp) + printf("[BitTorrent] *** [UDP] SEARCHING ports %u / %u [%u][%u][found: %u][packet_counter: %u]\n", + ntohs(packet->udp->source), ntohs(packet->udp->dest), key1, key2, found, flow->packet_counter); + else + printf("[BitTorrent] *** [TCP] SEARCHING ports %u / %u [%u][%u][found: %u][packet_counter: %u]\n", + ntohs(packet->tcp->source), ntohs(packet->tcp->dest), key1, key2, found, flow->packet_counter); +#endif + + return(found); + } + + return(0); +} + +/* ************************************* */ + +static void ndpi_skip_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + struct ndpi_packet_struct *packet) { + if(search_into_bittorrent_cache(ndpi_struct, flow, packet)) + ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0, + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + else + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +/* ************************************* */ + static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; @@ -480,37 +535,13 @@ static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_str if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) { /* check for tcp retransmission here */ - if((!flow->bittorrent.bt_check_performed /* Do the check once */) && ndpi_struct->bittorrent_cache) { - u_int16_t cached_proto; - u_int8_t found = 0; - u_int32_t key1, key2; - - flow->bittorrent.bt_check_performed = 1; - - /* Check cached communications */ - if(packet->udp) - key1 = bt_hash_funct(packet->iph->saddr, packet->udp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->udp->dest); - else - key1 = bt_hash_funct(packet->iph->saddr, packet->tcp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->tcp->dest); - - found = ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key1, &cached_proto, 0 /* Don't remove it as it can be used for other connections */) - || ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key2, &cached_proto, 0 /* Don't remove it as it can be used for other connections */); - -#ifdef CACHE_DEBUG - if(packet->udp) - printf("[BitTorrent] *** [UDP] SEARCHING ports %u / %u [%u][%u][found: %u][packet_counter: %u]\n", - ntohs(packet->udp->source), ntohs(packet->udp->dest), key1, key2, found, flow->packet_counter); - else - printf("[BitTorrent] *** [TCP] SEARCHING ports %u / %u [%u][%u][found: %u][packet_counter: %u]\n", - ntohs(packet->tcp->source), ntohs(packet->tcp->dest), key1, key2, found, flow->packet_counter); -#endif - - if(found) { - ndpi_search_bittorrent_hash(ndpi_struct, flow, -1); - goto bittorrent_found; - } +#ifdef EXCLUDE_BITTORRENT_QUICKLY + if(search_into_bittorrent_cache(ndpi_struct, flow, packet)) { + ndpi_search_bittorrent_hash(ndpi_struct, flow, -1); + goto bittorrent_found; } - +#endif + if(packet->tcp != NULL) { ndpi_int_search_bittorrent_tcp(ndpi_struct, flow); } else if(packet->udp != NULL) { @@ -520,7 +551,7 @@ static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_str if((ntohs(packet->udp->source) < 1024) || (ntohs(packet->udp->dest) < 1024) /* High ports only */) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + ndpi_skip_bittorrent(ndpi_struct, flow, packet); return; } @@ -604,23 +635,24 @@ static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_str return; } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + ndpi_skip_bittorrent(ndpi_struct, flow, packet); } } if(flow->packet_counter > 8) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; + ndpi_skip_bittorrent(ndpi_struct, flow, packet); } } +/* ************************************* */ -void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("BitTorrent", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_BITTORRENT, ndpi_search_bittorrent, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; |