fragments management added (#1122)

Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
author: Roberto AGOSTINO <roberto.agostino@sistemiditlc.it> 2021-02-03 10:28:51 +0100
committer: GitHub <noreply@github.com> 2021-02-03 10:28:51 +0100
commit: b70ad0e2f19aa1d6f4b3b64208e14c6e5839d60a (patch)
tree: 4ba76c7f9a3ac3baab27697a2f040e5d02788f07 /src/include
parent: ee945349063418882eb7a4a968fe72176c4eda04 (diff)
2 files changed, 97 insertions, 7 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 35811c633..79c8b6c71 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -27,6 +27,7 @@
 #include "ndpi_define.h"
 #include "ndpi_protocol_ids.h"
 
+#include "ndpi_utils.h"
 /* NDPI_LOG_LEVEL */
 typedef enum {
 	      NDPI_LOG_ERROR,
@@ -430,6 +431,12 @@ struct ndpi_vxlanhdr {
 /* ******************* ********************* ****************** */
 /* ************************************************************ */
 
+typedef struct message {
+  u_int8_t *buffer;
+  u_int buffer_len, buffer_used, max_expected;
+  u_int32_t next_seq[2]; /* Directions */
+} message_t;
+
 /* NDPI_PROTOCOL_BITTORRENT */
 typedef struct spinlock {
   volatile int    val;
@@ -667,11 +674,9 @@ struct ndpi_flow_tcp_struct {
   u_int32_t telnet_stage:2;			// 0 - 2
 
   struct {
-    struct {
-      u_int8_t *buffer;
-      u_int buffer_len, buffer_used;
-      u_int32_t next_seq[2]; /* Directions */
-    } message;
+    message_t message;
+    
+    void* srv_cert_fingerprint_ctx; /* SHA-1 */
   
     /* NDPI_PROTOCOL_TLS */
     u_int8_t hello_processed:1, certificate_processed:1, subprotocol_detected:1,
@@ -1182,9 +1187,19 @@ struct ndpi_flow_struct {
   */
   u_int32_t next_tcp_seq_nr[2];
 
+#ifdef FRAG_MAN
+  /* tcp_segments lists */
+  u_int8_t tcp_segments_management:1;
+  u_int8_t not_sorted[2],must_free[2];     // 0: client->server and 1: server->client
+  uint32_t trigger[2];                     // the seq waited number to start to reassembly
+  fragments_wrapper_t tcp_segments_list[2];
+#endif // FRAG_MAN
+
+  // -----------------------------------------
+
   u_int8_t max_extra_packets_to_check;
   u_int8_t num_extra_packets_checked;
-  u_int8_t num_processed_pkts; /* <= WARNING it can wrap but we do expect people to giveup earlier */
+  u_int16_t num_processed_pkts; /* <= WARNING it can wrap but we do expect people to giveup earlier */
 
   int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
 
@@ -1272,7 +1287,8 @@ struct ndpi_flow_struct {
       } tls_quic;
 
       struct {
-	u_int8_t num_udp_pkts, num_processed_pkts, num_binding_requests;
+		    u_int8_t num_udp_pkts, num_binding_requests;
+        u_int16_t num_processed_pkts;
       } stun;
 
       /* We can have STUN over SSL/TLS thus they need to live together */
diff --git a/src/include/ndpi_utils.h b/src/include/ndpi_utils.h
new file mode 100644
index 000000000..296bd6254
--- /dev/null
+++ b/src/include/ndpi_utils.h
@@ -0,0 +1,74 @@
+
+
+#ifndef __NDPI_UTILS_H__
+#define __NDPI_UTILS_H__
+
+#include "ndpi_define.h"
+
+#define MYDBG(m, ...) \
+	printf(" DBG[%s:%s:%u]: \t" m "\n", __FILE__, __FUNCTION__, __LINE__, ##__VA_ARGS__);
+
+
+// #define NDPI_ENABLE_DEBUG_POINTER_MESSAGES
+// #define NDPI_ENABLE_DEBUG_INFO_MESSAGES
+// #define NDPI_ENABLE_DEBUG_TRACE_MESSAGES
+
+#ifdef NDPI_ENABLE_DEBUG_POINTER_MESSAGES
+#define DBGPOINTER(m, args...) MYDBG(m, ##args)
+#else
+#define DBGPOINTER(m, args...) 
+#endif
+
+#ifdef NDPI_ENABLE_DEBUG_INFO_MESSAGES
+#define DBGINFO(m, args...) MYDBG(m, ##args)
+#else
+#define DBGINFO(m, args...) 
+#endif
+
+#ifdef NDPI_ENABLE_DEBUG_TRACE_MESSAGES
+#define DBGTRACER(m, args...) MYDBG(m, ##args)
+#else
+#define DBGTRACER(m, args...) 
+#endif
+
+// FRAGMENTATION
+typedef struct {
+    uint32_t offset;
+    size_t len;
+    void *data;    
+} fragment_t;
+
+typedef struct fragment_wrapper {
+     uint16_t id;
+     uint8_t l4_protocol;
+     uint32_t initial_offset;
+     uint16_t ct_frag;
+#ifdef NDPI_DETECTION_SUPPORT_IPV6     
+     char   *flow_label;    // IP6
+#endif
+     char gap[200];
+     fragment_t **fragments_list;
+} fragments_wrapper_t;
+
+typedef struct fragments_buffer  {
+    u_int8_t *buffer;
+    u_int buffer_len, buffer_used;
+} fragments_buffer_t;
+
+// SORTING 
+typedef struct  {
+	int sort_value;
+	int item_index;
+} sorter_index_item_t;
+
+/* ***************************************************** */
+
+extern void ins_sort_array(sorter_index_item_t arr[], int len);
+extern void shell_sort_array(sorter_index_item_t arr[], int len);
+extern void free_fragment(fragments_wrapper_t *frag);
+
+extern void printRawData(const uint8_t *ptr, size_t len);
+//extern uint8_t add_segment_to_buffer( struct ndpi_flow_struct *flow, struct ndpi_tcphdr const * tcph, uint32_t waited);
+//extern uint8_t check_for_sequence( struct ndpi_flow_struct *flow, struct ndpi_tcphdr const * tcph);
+
+#endif
author	Roberto AGOSTINO <roberto.agostino@sistemiditlc.it>	2021-02-03 10:28:51 +0100
committer	GitHub <noreply@github.com>	2021-02-03 10:28:51 +0100
commit	b70ad0e2f19aa1d6f4b3b64208e14c6e5839d60a (patch)
tree	4ba76c7f9a3ac3baab27697a2f040e5d02788f07 /src/include
parent	ee945349063418882eb7a4a968fe72176c4eda04 (diff)