diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2024-06-14 20:20:58 +0200 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-06-17 10:19:55 +0200 |
| commit | 526cf6f2919398e1c9c5698b1b5783f18ed41fff (patch) | |
| tree | 52efef17aefb9aa01ca702b53b4831a199b17b5e /src/lib/protocols | |
| parent | 2bedd14aae1294528bafbe03b9307a4eacb09bcb (diff) | |
Zoom: remove "stun_zoom" LRU cache
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/stun.c | 49 | ||||
| -rw-r--r-- | src/lib/protocols/zoom.c | 4 |
2 files changed, 4 insertions, 49 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 78d0a11d9..eba865ecb 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -29,7 +29,6 @@ #include "ndpi_private.h" // #define DEBUG_LRU 1 -// #define DEBUG_ZOOM_LRU 1 #define STUN_HDR_LEN 20 /* STUN message header length, Classic-STUN (RFC 3489) and STUN (RFC 8489) both */ @@ -167,9 +166,9 @@ static u_int16_t search_into_cache(struct ndpi_detection_module_struct *ndpi_str return NDPI_PROTOCOL_UNKNOWN; } -static void add_to_caches(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int16_t app_proto) +static void add_to_cache(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t app_proto) { u_int64_t key, key_rev; @@ -185,19 +184,6 @@ static void add_to_caches(struct ndpi_detection_module_struct *ndpi_struct, ntohs(flow->c_port), ntohs(flow->s_port)); #endif } - - /* TODO: extend to other protocols? */ - if(ndpi_struct->stun_zoom_cache && - app_proto == NDPI_PROTOCOL_ZOOM && - flow->l4_proto == IPPROTO_UDP) { - key = get_stun_lru_key(flow, 0); /* Src */ - ndpi_lru_add_to_cache(ndpi_struct->stun_zoom_cache, key, - 0 /* dummy */, ndpi_get_current_time(flow)); - -#ifdef DEBUG_ZOOM_LRU - printf("[LRU ZOOM] ADDING 0x%llu [src_port %u]\n", (long long unsigned int)key, ntohs(flow->c_port)); -#endif - } } static void parse_ip_port_attribute(const u_int8_t *payload, u_int16_t payload_length, @@ -904,33 +890,6 @@ static u_int64_t get_stun_lru_key_raw6(u_int8_t *ip, u_int16_t port_host_order) /* ************************************************************ */ -int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) -{ - u_int16_t dummy; - u_int64_t key; - - if(ndpi_struct->stun_zoom_cache && - flow->l4_proto == IPPROTO_UDP) { - key = get_stun_lru_key(flow, 0); /* Src */ -#ifdef DEBUG_ZOOM_LRU - printf("[LRU ZOOM] Search 0x%llx [src_port %u]\n", (long long unsigned int)key, ntohs(flow->c_port)); -#endif - - if(ndpi_lru_find_cache(ndpi_struct->stun_zoom_cache, key, - &dummy, 0 /* Don't remove it as it can be used for other connections */, - ndpi_get_current_time(flow))) { -#ifdef DEBUG_ZOOM_LRU - printf("[LRU ZOOM] Found"); -#endif - return 1; - } - } - return 0; -} - -/* ************************************************************ */ - static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t app_proto, @@ -995,7 +954,7 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd /* Adding only real subclassifications */ if(is_subclassification_real_by_proto(app_proto)) - add_to_caches(ndpi_struct, flow, app_proto); + add_to_cache(ndpi_struct, flow, app_proto); if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN || app_proto != NDPI_PROTOCOL_UNKNOWN) { diff --git a/src/lib/protocols/zoom.c b/src/lib/protocols/zoom.c index 4ec16353f..bb677d4de 100644 --- a/src/lib/protocols/zoom.c +++ b/src/lib/protocols/zoom.c @@ -187,8 +187,6 @@ static void ndpi_search_zoom(struct ndpi_detection_module_struct *ndpi_struct, u_int64_t ip_len, uuid_len; /* Check if it is a Peer-To-Peer call. - We have been identifing such flows using the "stun_zoom" LRU cache; let's - see if we are able to detect them properly via DPI. According to the paper, P2P calls should use "Zoom Media Encapsulation" header without any "Zoom SFU Encapsulation". Looking at the traces, it seems that the packet structure is something like: @@ -198,8 +196,6 @@ static void ndpi_search_zoom(struct ndpi_detection_module_struct *ndpi_struct, * an ip address (as string) * some kind of UUID * 4 bytes as 0x00 at the end - - TODO: if everything will work as expected, we can remove stun_zoom cache */ ip_len = ntohl(*(u_int32_t *)&packet->payload[24]); |