aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2024-09-27 18:51:47 +0200
committerGitHub <noreply@github.com>2024-09-27 18:51:47 +0200
commite2ed23a72ae6027a52f7d92a0e96c56af8459600 (patch)
tree9acb189766f25f7a7e161459ba7b87005f295b5f /src/lib/ndpi_main.c
parent9c35627d874c4f6aca50abce037b55fc279fab68 (diff)
Let the library returning the packet direction calculated internally (#2572)
wireshark, lua: add basic analysis of possible obfuscated flows
Diffstat (limited to 'src/lib/ndpi_main.c')
-rw-r--r--src/lib/ndpi_main.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 3e16ca5c1..ef5bab840 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6804,7 +6804,7 @@ static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str,
const u_int64_t current_time_ms,
const unsigned char *packet_data,
unsigned short packetlen,
- const struct ndpi_flow_input_info *input_info) {
+ struct ndpi_flow_input_info *input_info) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
const struct ndpi_iphdr *decaps_iph = NULL;
u_int16_t l3len;
@@ -7261,6 +7261,14 @@ static void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_s
ndpi_unset_risk(flow, NDPI_UNIDIRECTIONAL_TRAFFIC); /* Clear bit */
}
}
+
+ if(ndpi_str->input_info &&
+ ndpi_str->input_info->in_pkt_dir == NDPI_IN_PKT_DIR_UNKNOWN) {
+ if(current_pkt_from_client_to_server(ndpi_str, flow))
+ ndpi_str->input_info->in_pkt_dir = NDPI_IN_PKT_DIR_C_TO_S;
+ else
+ ndpi_str->input_info->in_pkt_dir = NDPI_IN_PKT_DIR_S_TO_C;
+ }
}
/* ************************************************ */
@@ -7959,7 +7967,7 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
const unsigned char *packet_data, const unsigned short packetlen,
const u_int64_t current_time_ms,
- const struct ndpi_flow_input_info *input_info) {
+ struct ndpi_flow_input_info *input_info) {
if(flow == NULL)
return;
@@ -8562,7 +8570,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
const unsigned char *packet_data,
const unsigned short packetlen,
const u_int64_t current_time_ms,
- const struct ndpi_flow_input_info *input_info) {
+ struct ndpi_flow_input_info *input_info) {
struct ndpi_packet_struct *packet;
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet;
u_int32_t num_calls = 0;
@@ -8593,6 +8601,10 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
if(ndpi_str->cfg.max_packets_to_process > 0 && flow->num_processed_pkts >= ndpi_str->cfg.max_packets_to_process) {
flow->extra_packets_func = NULL; /* To allow ndpi_extra_dissection_possible() to fail */
flow->fail_with_unknown = 1;
+ /* Let's try to update ndpi_str->input_info->in_pkt_dir even in this case.
+ * It is quite uncommon, so we are not going to spend a lot of resources here... */
+ if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen, input_info) == 0)
+ ndpi_connection_tracking(ndpi_str, flow);
return(ret); /* Avoid spending too much time with this flow */
}
@@ -8892,7 +8904,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow, const unsigned char *packet_data,
const unsigned short packetlen, const u_int64_t current_time_ms,
- const struct ndpi_flow_input_info *input_info) {
+ struct ndpi_flow_input_info *input_info) {
ndpi_protocol p = ndpi_internal_detection_process_packet(ndpi_str, flow, packet_data,
packetlen, current_time_ms,
input_info);