diff options
| author | Luca Deri <deri@ntop.org> | 2021-11-17 10:47:21 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-11-17 10:47:21 +0100 |
| commit | 2a6e5c634136e74651c0c39c9ea1987d4949cc69 (patch) | |
| tree | f3b88633ee1688b374ca177230386ace420aa38f /src/lib/protocols | |
| parent | a6545ea0954713719a2264601be3bd2666b8a469 (diff) | |
Improved BT hashing to minimize false positives
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 045e0891b..19b176bd7 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -44,6 +44,10 @@ struct ndpi_utp_hdr { u_int16_t sequence_nr, ack_nr; }; +static inline u_int32_t bt_hash_funct(u_int32_t ip, u_int16_t port) { + return(ip + 3 * port); +} + static u_int8_t is_utpv1_pkt(const u_int8_t *payload, u_int payload_len) { struct ndpi_utp_hdr *h = (struct ndpi_utp_hdr*)payload; @@ -85,16 +89,16 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); if(ndpi_struct->bittorrent_cache == NULL) - ndpi_struct->bittorrent_cache = ndpi_lru_cache_init(8192); + ndpi_struct->bittorrent_cache = ndpi_lru_cache_init(32768); if(ndpi_struct->bittorrent_cache && packet->iph) { u_int32_t key1, key2; if(packet->udp) - key1 = packet->iph->saddr + packet->udp->source, key2 = packet->iph->daddr + packet->udp->dest; + key1 = bt_hash_funct(packet->iph->saddr, packet->udp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->udp->dest); else - key1 = packet->iph->saddr + packet->tcp->source, key2 = packet->iph->daddr + packet->tcp->dest; - + key1 = bt_hash_funct(packet->iph->saddr, packet->tcp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->tcp->dest); + ndpi_lru_add_to_cache(ndpi_struct->bittorrent_cache, key1, NDPI_PROTOCOL_BITTORRENT); ndpi_lru_add_to_cache(ndpi_struct->bittorrent_cache, key2, NDPI_PROTOCOL_BITTORRENT); @@ -440,9 +444,9 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st /* Check cached communications */ if(packet->udp) - key1 = packet->iph->saddr + packet->udp->source, key2 = packet->iph->daddr + packet->udp->dest; + key1 = bt_hash_funct(packet->iph->saddr, packet->udp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->udp->dest); else - key1 = packet->iph->saddr + packet->tcp->source, key2 = packet->iph->daddr + packet->tcp->dest; + key1 = bt_hash_funct(packet->iph->saddr, packet->tcp->source), key2 = bt_hash_funct(packet->iph->daddr, packet->tcp->dest); found = ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key1, &cached_proto, 0 /* Don't remove it as it can be used for other connections */) || ndpi_lru_find_cache(ndpi_struct->bittorrent_cache, key2, &cached_proto, 0 /* Don't remove it as it can be used for other connections */); |