diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-05-16 16:01:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-16 16:01:55 +0200 |
| commit | 4e186f6bfbd734bf44124e6e0f710a3a0372c92c (patch) | |
| tree | 8c59a5ddd72d0e5feeb70ad512a8519cf65fddfc /src/lib/protocols/gnutella.c | |
| parent | 8c224b464f36da0497c9ef7c2fe2ec3c135a01ba (diff) | |
HTTP: rework state machine (#1966)
The goal if to correlate the right request-response pair, exporting
metadata from only one transaction (for example, the right url & return
state pair)
As a nice side effect, the code should be much cleaner, but that is a
matter of taste.
Two differences respect to the previous code:
* as it happens in the CI, if in the flow there are only one response
(before) and one request (after), only the metadata of the response are
saved/exported
* for performance reasons, we don't call `ndpi_parse_packet_line_info()`
anymore for ALL packets triggering the HTTP dissector, but only for the
packets that we already know belong to an HTTP flow. This is the reason
for the changes in RTSP/SOAP/... code
Diffstat (limited to 'src/lib/protocols/gnutella.c')
| -rw-r--r-- | src/lib/protocols/gnutella.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 13b8d99c7..09190b53b 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -59,6 +59,10 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc /* this case works asymmetrically */ if (packet->payload_packet_len > 17 && memcmp(packet->payload, "GNUTELLA CONNECT/", 17) == 0) { ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); + /* Extract some metadata HTTP-like */ + ndpi_parse_packet_line_info(ndpi_struct, flow); + if(packet->user_agent_line.ptr != NULL) + ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len); return; } @@ -73,6 +77,9 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc || (packet->line[c].len > 36 && memcmp(packet->line[c].ptr, "Content-Type: application/x-gnutella-", 37) == 0)) { ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); + /* Extract some metadata HTTP-like */ + if(packet->user_agent_line.ptr != NULL) + ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len); return; } } @@ -84,6 +91,9 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc || (packet->accept_line.ptr != NULL && packet->accept_line.len > 24 && memcmp(packet->accept_line.ptr, "application n/x-gnutella", 24) == 0)) { ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); + /* Extract some metadata HTTP-like */ + if(packet->user_agent_line.ptr != NULL) + ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len); } } |