diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-28 12:39:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-28 12:39:18 +0200 |
| commit | 172e698bb8239d0060d9d494adfba928507f95b2 (patch) | |
| tree | f5637b5f324a99d7186421daa57cd99a337db798 /src/lib/protocols/tinc.c | |
| parent | d8d525fff2dc34db62de2598767046de813e4f0d (diff) | |
TINC: avoid processing SYN packets (#1676)
Since e6b332aa, we have proper support for detecting client/server
direction. So Tinc dissector is now able to properly initialize the
cache entry only when needed and not anymore at the SYN time; initializing
that entry for **every** SYN packets was a complete waste of resources.
Since 4896dabb, the various `struct ndpi_call_function_struct`
structures are not more separate objects and therefore comparing them
using only their pointers is bogus: this bug was triggered by this
change because `ndpi_str->callback_buffer_size_tcp_no_payload` is now 0.
Diffstat (limited to 'src/lib/protocols/tinc.c')
| -rw-r--r-- | src/lib/protocols/tinc.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index c366cba01..4b3282bec 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -25,6 +25,11 @@ #include "ndpi_api.h" #include "libcache.h" +PACK_ON struct tinc_cache_entry { + u_int32_t src_address; + u_int32_t dst_address; + u_int16_t dst_port; +} PACK_OFF; static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -62,14 +67,6 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } else if(packet->tcp != NULL) { - if(payload_len == 0) { - if(packet->tcp->syn == 1 && packet->tcp->ack == 0) { - flow->tinc_cache_entry.src_address = packet->iph->saddr; - flow->tinc_cache_entry.dst_address = packet->iph->daddr; - flow->tinc_cache_entry.dst_port = packet->tcp->dest; - } - return; - } switch(flow->tinc_state) { case 0: @@ -110,10 +107,16 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st if(i < payload_len && packet_payload[i] == '\n') { if(++flow->tinc_state > 3) { + struct tinc_cache_entry tinc_cache_entry = { + .src_address = flow->c_address.v4, + .dst_address = flow->s_address.v4, + .dst_port = flow->s_port, + }; + if(ndpi_struct->tinc_cache == NULL) ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); - cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); + cache_add(ndpi_struct->tinc_cache, &tinc_cache_entry, sizeof(tinc_cache_entry)); NDPI_LOG_INFO(ndpi_struct, "found tinc tcp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } @@ -142,7 +145,7 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TINC, ndpi_search_tinc, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION, /* TODO: IPv6? */ + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, /* TODO: IPv6? */ SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); |