Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)

* Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Try to detect one subprotocol if a detected protocol can have one.

 * This adds a performance overhead due to much more protocol detection routine calls.
   See #1148 for more information.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactor subprotocol handling (1/2).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactor subprotocol handling (2/2).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactored aimini HTTP detection parts (somehow related to #1148).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Added aimini client/server test pcap.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto

 * Adjusted Python code to conform to the changes made during the refactoring process.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 29 insertions, 12 deletions

diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index dc5b0fdeb..db637ca66 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -31,6 +31,10 @@
 #include "ndpi_api.h"
 #include "ndpi_protocols.h"
 
+/* used by ndpi_set_proto_subprotocols */
+#define NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS (-1)
+#define NDPI_PROTOCOL_MATCHED_BY_CONTENT (-2)
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -95,11 +99,11 @@ extern "C" {
 				       struct ndpi_flow_struct *flow,
 				       ndpi_protocol_category_t protocol_category);
 
+  extern void ndpi_set_proto_subprotocols(struct ndpi_detection_module_struct *ndpi_mod,
+				      int protoId, ...);
+
   extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
-				      ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
-				      u_int8_t can_have_a_subprotocol,
-				      u_int16_t tcp_alias_protoId[2],
-				      u_int16_t udp_alias_protoId[2], char *protoName,
+				      ndpi_protocol_breed_t protoBreed, u_int16_t protoId, char *protoName,
 				      ndpi_protocol_category_t protoCategory,
 				      ndpi_port_range *tcpDefPorts,
 				      ndpi_port_range *udpDefPorts);
@@ -127,11 +131,7 @@ extern "C" {
   extern u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p);
 
   extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p);
-  extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct,
-					       u_int16_t protocol_id,
-					       u_int16_t** tcp_master_proto,
-					       u_int16_t** udp_master_proto);
-  #/* NDPI_PROTOCOL_NETBIOS */
+  /* NDPI_PROTOCOL_NETBIOS */
   int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len);
   
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 51a2beb61..da27e432b 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -809,6 +809,24 @@ struct ndpi_flow_udp_struct {
 
 /* ************************************************** */
 
+#define LINE_EQUALS(ndpi_int_one_line_struct, string_to_compare) \
+  ((ndpi_int_one_line_struct).len == strlen(string_to_compare) && \
+   LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
+
+#define LINE_STARTS(ndpi_int_one_line_struct, string_to_compare) \
+  ((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
+   LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
+
+#define LINE_ENDS(ndpi_int_one_line_struct, string_to_compare) \
+  ((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
+   memcmp((ndpi_int_one_line_struct).ptr + \
+          ((ndpi_int_one_line_struct).len - strlen(string_to_compare)), \
+          string_to_compare, strlen(string_to_compare)) == 0)
+
+#define LINE_CMP(ndpi_int_one_line_struct, string_to_compare, string_to_compare_length) \
+  ((ndpi_int_one_line_struct).ptr != NULL && \
+   memcmp((ndpi_int_one_line_struct).ptr, string_to_compare, string_to_compare_length) == 0)
+
 struct ndpi_int_one_line_struct {
   const u_int8_t *ptr;
   u_int16_t len;
@@ -825,7 +843,6 @@ struct ndpi_packet_struct {
   u_int64_t current_time_ms;
 
   u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
-  u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE];
   u_int16_t protocol_stack_info;
 
   struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET];
@@ -987,9 +1004,9 @@ typedef enum {
 typedef struct ndpi_proto_defaults {
   char *protoName;
   ndpi_protocol_category_t protoCategory;
-  u_int8_t can_have_a_subprotocol;
+  u_int16_t * subprotocols;
+  u_int32_t subprotocol_count;
   u_int16_t protoId, protoIdx;
-  u_int16_t master_tcp_protoId[2], master_udp_protoId[2]; /* The main protocols on which this sub-protocol sits on */
   u_int16_t tcp_default_ports[MAX_DEFAULT_PORTS], udp_default_ports[MAX_DEFAULT_PORTS];
   ndpi_protocol_breed_t protoBreed;
   void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);