Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)

There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet")
in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid
saving dissection information of "current packet" into the "flow" state,
i.e. in the flow management table.

The nDPI detection module processes only one packet at the time, so it is
safe to save packet dissection information in `struct ndpi_detection_module_struct`,
reusing always the same "packet" instance and saving a huge amount of memory.
Bottom line: we need only one copy of "packet" (for detection module),
not one for each "flow".

It is not clear how/why "packet" ended up in "flow" in the first place.
It has been there since the beginning of the GIT history, but in the original
OpenDPI code `struct ipoque_packet_struct` was embedded in
`struct ipoque_detection_module_struct`, i.e. there was the same exact
situation this commit wants to achieve.

Most of the changes in this PR are some boilerplate to update something
like "flow->packet" into something like "module->packet" throughout the code.
Some attention has been paid to update `ndpi_init_packet()` since we need
to reset some "packet" fields before starting to process another packet.

There has been one important change, though, in ndpi_detection_giveup().
Nothing changed for the applications/users, but this function can't access
"packet" anymore.
The reason is that this function can be called "asynchronously" with respect
to the data processing, i.e in context where there is no valid notion of
"current packet"; for example ndpiReader calls it after having processed all
the traffic, iterating the entire session table.

Mining LRU stuff seems a bit odd (even before this patch): probably we need
to rethink it, as a follow-up.

1 files changed, 23 insertions, 17 deletions

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 2270b05ab..aac8798b3 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -105,7 +105,7 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp
 
 static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 						 struct ndpi_flow_struct *flow, u_int32_t protocol) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
 
   // protocol = NDPI_PROTOCOL_TLS;
 
@@ -138,7 +138,7 @@ static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_st
 
 void ndpi_search_tls_tcp_memory(struct ndpi_detection_module_struct *ndpi_struct,
 				struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int avail_bytes;
 
   /* TCP */
@@ -284,11 +284,13 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet,
 
 static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				struct ndpi_flow_struct *flow) {
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+
   if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) {
     /* Subprotocol not yet set */
 
-    if(ndpi_struct->tls_cert_cache && flow->packet.iph && flow->packet.tcp) {
-      u_int32_t key = flow->packet.iph->daddr + flow->packet.tcp->dest;
+    if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) {
+      u_int32_t key = packet->iph->daddr + packet->tcp->dest;
       u_int16_t cached_proto;
 
       if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key,
@@ -311,7 +313,7 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct
 static void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct,
 				       struct ndpi_flow_struct *flow,
 				       u_int16_t p_offset, u_int16_t certificate_len) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int16_t num_found = 0, i;
   char buffer[64] = { '\0' }, rdnSeqBuf[2048];
   u_int rdn_len = 0;
@@ -431,7 +433,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	  offset += 2;
 
 	  if((offset+len) < packet->payload_packet_len) {
-	    u_int32_t time_sec = flow->packet.current_time_ms / 1000;
+	    u_int32_t time_sec = packet->current_time_ms / 1000;
 #ifdef DEBUG_TLS
 	    u_int j;
 
@@ -601,8 +603,8 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	if(ndpi_struct->tls_cert_cache == NULL)
 	  ndpi_struct->tls_cert_cache = ndpi_lru_cache_init(1024);
 
-	if(ndpi_struct->tls_cert_cache && flow->packet.iph) {
-	  u_int32_t key = flow->packet.iph->daddr + flow->packet.tcp->dest;
+	if(ndpi_struct->tls_cert_cache && packet->iph) {
+	  u_int32_t key = packet->iph->daddr + packet->tcp->dest;
 
 	  ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id);
 	}
@@ -624,7 +626,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 /* See https://blog.catchpoint.com/2017/05/12/dissecting-tls-using-wireshark/ */
 int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
 		       struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   int is_dtls = packet->udp ? 1 : 0;
   u_int32_t certificates_length, length = (packet->payload[1] << 16) + (packet->payload[2] << 8) + packet->payload[3];
   u_int32_t certificates_offset = 7 + (is_dtls ? 8 : 0);
@@ -749,7 +751,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
 
 static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct,
 			   struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   int ret;
 
 #ifdef DEBUG_TL
@@ -812,7 +814,7 @@ static void ndpi_looks_like_tls(struct ndpi_detection_module_struct *ndpi_struct
 
 static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 			       struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int8_t something_went_wrong = 0;
 
 #ifdef DEBUG_TLS_MEMORY
@@ -971,7 +973,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 
 static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct,
 			       struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t handshake_len;
   u_int16_t p_len, processed;
   const u_int8_t *p;
@@ -1069,11 +1071,13 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct,
 
 static void tlsInitExtraPacketProcessing(struct ndpi_detection_module_struct *ndpi_struct,
 					 struct ndpi_flow_struct *flow) {
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+
   flow->check_extra_packets = 1;
 
   /* At most 12 packets should almost always be enough to find the server certificate if it's there */
   flow->max_extra_packets_to_check = 12 + (ndpi_struct->num_tls_blocks_to_follow*4);
-  flow->extra_packets_func = (flow->packet.udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp;
+  flow->extra_packets_func = (packet->udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp;
 }
 
 /* **************************************** */
@@ -1108,11 +1112,13 @@ static void tlsCheckUncommonALPN(struct ndpi_detection_module_struct *ndpi_struc
 
 static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
 					struct ndpi_flow_struct *flow, u_int32_t protocol) {
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+
 #if DEBUG_TLS
   printf("[TLS] %s()\n", __FUNCTION__);
 #endif
 
-  if((flow->packet.udp != NULL) && (protocol == NDPI_PROTOCOL_TLS))
+  if((packet->udp != NULL) && (protocol == NDPI_PROTOCOL_TLS))
     protocol = NDPI_PROTOCOL_DTLS;
 
   if((flow->detected_protocol_stack[0] == protocol)
@@ -1138,7 +1144,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
 			    struct ndpi_flow_struct * const flow, int is_dtls,
                             u_int16_t extension_id, u_int16_t extension_len, u_int16_t extension_payload_offset)
 {
-  struct ndpi_packet_struct const * const packet = &flow->packet;
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
 
   if (extension_payload_offset + extension_len > packet->payload_packet_len)
   {
@@ -1206,7 +1212,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
 
 int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 			     struct ndpi_flow_struct *flow, uint32_t quic_version) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   union ja3_info ja3;
   u_int8_t invalid_ja3 = 0;
   u_int16_t tls_version, ja3_str_len;
@@ -2266,7 +2272,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 
 static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_struct,
 				    struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
 
 #ifdef DEBUG_TLS
   printf("==>> %s() %u [len: %u][version: %u]\n",