diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-03-02 10:06:37 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-03-02 10:06:37 +0100 |
| commit | 61053862dea6474150fd7c9d1b6c446911e2eea5 (patch) | |
| tree | be395d74c9e5d60d475b3bff08129b0db70325c1 | |
| parent | 7a7e4ee69f272900d6869b8fa07800653c4298a1 (diff) | |
Added configureable ndpi packet processing limit.improved/ndpi-max-packets-to-process
* The current behaviour ignores any user preferences
and was also incorrectly implemented, because the
flow->num_processed_pkts wraps every 65535 and nDPI
will process packets again until
NDPI_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT reached.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | src/include/ndpi_define.h.in | 3 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 15 |
3 files changed, 16 insertions, 6 deletions
diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index b16e0a63b..c6eb512ae 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -156,8 +156,7 @@ /* misc definitions */ #define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 -#define NDPI_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT 32 - +#define NDPI_DEFAULT_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT 32 /* TODO: rebuild all memory areas to have a more aligned memory block here */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 368cdb19d..d796606a0 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -921,7 +921,8 @@ typedef enum { typedef enum { ndpi_pref_direction_detect_disable = 0, - ndpi_pref_enable_tls_block_dissection /* nDPI considers only those blocks past the certificate exchange */ + ndpi_pref_max_packets_to_process, + ndpi_pref_enable_tls_block_dissection, /* nDPI considers only those blocks past the certificate exchange */ } ndpi_detection_preference; /* ntop extensions */ @@ -984,6 +985,7 @@ struct ndpi_detection_module_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; u_int32_t current_ts; + u_int16_t max_packets_to_process; u_int16_t num_tls_blocks_to_follow; u_int8_t skip_tls_blocks_until_change_cipher:1, enable_ja3_plus:1, _notused:6; u_int8_t tls_certificate_expire_in_x_days; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 1ceabfaba..d9dc9ec02 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -848,6 +848,13 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_str ndpi_str->skip_tls_blocks_until_change_cipher = 1; break; + case ndpi_pref_max_packets_to_process: + if (value > 0xFFFF) { + return(-1); + } + ndpi_str->max_packets_to_process = value; + break; + default: return(-1); } @@ -2478,6 +2485,8 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs } } + ndpi_str->max_packets_to_process = NDPI_DEFAULT_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT; + NDPI_BITMASK_RESET(ndpi_str->detection_bitmask); #ifdef NDPI_ENABLE_DEBUG_MESSAGES ndpi_str->user_data = NULL; @@ -5756,11 +5765,11 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct return(ret); } - flow->num_processed_pkts++; - - if(flow->num_processed_pkts > NDPI_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT) + if(ndpi_str->max_packets_to_process > 0 && flow->num_processed_pkts >= ndpi_str->max_packets_to_process) return(ret); /* Avoid spending too much time with this flow */ + flow->num_processed_pkts++; + /* Init default */ ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; |