postgres: improve detection (#1831)

Remove some dead code (found via coverage report)
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2022-12-22 21:41:32 +0100
committer: GitHub <noreply@github.com> 2022-12-22 21:41:32 +0100
commit: 5fafe8374a5cc0cc890053c5bf0cb81b3bda80c9 (patch)
tree: 41a82c662550d5aaab0c31e45875106c61e3949e /src/lib/protocols
parent: e9d5e72fb58d5989673487c4b4ef4584d8694467 (diff)
12 files changed, 28 insertions, 66 deletions
diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c
index 5a8dd00dd..75a99345a 100644
--- a/src/lib/protocols/ajp.c
+++ b/src/lib/protocols/ajp.c
@@ -110,12 +110,6 @@ static void ndpi_check_ajp(struct ndpi_detection_module_struct *ndpi_struct,
 void ndpi_search_ajp(struct ndpi_detection_module_struct *ndpi_struct,
  struct ndpi_flow_struct *flow)
 {
-  // Break after 20 packets.
-  if(flow->packet_counter > 20) {
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-    return;
-  }
-
   NDPI_LOG_DBG(ndpi_struct, "search AJP\n");
   ndpi_check_ajp(ndpi_struct, flow);
 
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 855232ecd..298f0967f 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -105,13 +105,10 @@ static u_int16_t checkPort(u_int16_t port) {
   switch(port) {
   case DNS_PORT:
     return(NDPI_PROTOCOL_DNS);
-    break;
   case LLMNR_PORT:
     return(NDPI_PROTOCOL_LLMNR);
-    break;
   case MDNS_PORT:
     return(NDPI_PROTOCOL_MDNS);
-    break;
   }
 
   return(0);
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 2566e55da..edc41e5f6 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -563,8 +563,6 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow,
   printf("%s() [%.*s]\n", __FUNCTION__, (int)payload_len, payload);
 #endif
 
-  if(payload_len == 0) return(1);
-
   switch(payload[0]) {
   case '1':
   case '2':
@@ -573,14 +571,12 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow,
     if(flow->l4.tcp.ftp_imap_pop_smtp.auth_found == 1)
       flow->l4.tcp.ftp_imap_pop_smtp.auth_tls = 1;
     return(1);
-    break;
 
   case '4':
   case '5':
     flow->l4.tcp.ftp_imap_pop_smtp.auth_failed = 1;
     flow->l4.tcp.ftp_imap_pop_smtp.auth_done = 1;
     return(1);
-    break;
   }
 
   return 0;
diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c
index 11c04744b..d532a6c66 100644
--- a/src/lib/protocols/ftp_data.c
+++ b/src/lib/protocols/ftp_data.c
@@ -250,12 +250,6 @@ static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct
 
 void ndpi_search_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
 	
-  /* Break after 20 packets. */
-  if(flow->packet_counter > 20) {
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-    return;
-  }
-
   NDPI_LOG_DBG(ndpi_struct, "search FTP_DATA\n");
   ndpi_check_ftp_data(ndpi_struct, flow);
 }
diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index 66eebc8a7..2e66e1bdc 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -90,9 +90,6 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 
 	NDPI_LOG_DBG(ndpi_struct, "search Mqtt\n");
 	struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-	if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
-		return;
-	}
 	if (flow->packet_counter > 10) {
 		NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. mandatory header not found!\n");
 		NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c
index 44ae5ac01..c023029e6 100644
--- a/src/lib/protocols/non_tcp_udp.c
+++ b/src/lib/protocols/non_tcp_udp.c
@@ -40,13 +40,6 @@
 void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct
 				*ndpi_struct, struct ndpi_flow_struct *flow)
 {
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
-  if (packet->iph == NULL) {
-    if (packet->iphv6 == NULL)
-      return;
-  }
-
   switch (flow->l4_proto) {
   case NDPI_IPSEC_PROTOCOL_ESP:
   case NDPI_IPSEC_PROTOCOL_AH:
diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c
index f3aec6e68..137b0a2a3 100644
--- a/src/lib/protocols/ookla.c
+++ b/src/lib/protocols/ookla.c
@@ -100,10 +100,8 @@ void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct
   } else {
     if(sport == ookla_port)
       addr = packet->iph->saddr;
-    else if(dport == ookla_port)
-      addr = packet->iph->daddr;
     else
-      goto ookla_exclude;
+      addr = packet->iph->daddr;
 
 #ifdef OOKLA_DEBUG
     printf("=>>>>>>>> [OOKLA IPv4] Searching %u\n", addr);
diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c
index fbefd44b5..a55f0ad45 100644
--- a/src/lib/protocols/postgres.c
+++ b/src/lib/protocols/postgres.c
@@ -40,7 +40,6 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
 								*ndpi_struct, struct ndpi_flow_struct *flow)
 {
 	struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-	u_int16_t size;
 
 	if (flow->l4.tcp.postgres_stage == 0) {
 		//SSL
@@ -60,6 +59,16 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
 			flow->l4.tcp.postgres_stage = 3 + packet->packet_direction;
 			return;
 		}
+		//GSS
+		if (packet->payload_packet_len > 7 &&
+			packet->payload[4] == 0x04 &&
+			packet->payload[5] == 0xd2 &&
+			packet->payload[6] == 0x16 &&
+			packet->payload[7] == 0x30 &&
+			ntohl(get_u_int32_t(packet->payload, 0)) == packet->payload_packet_len) {
+			flow->l4.tcp.postgres_stage = 5 + packet->packet_direction;
+			return;
+		}
 	} else {
 		if (flow->l4.tcp.postgres_stage == 2 - packet->packet_direction) {
 			//SSL accepted
@@ -76,7 +85,7 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
 			}
 		}
 		//no SSL
-		if (flow->l4.tcp.postgres_stage == 4 - packet->packet_direction)
+		if (flow->l4.tcp.postgres_stage == 4 - packet->packet_direction) {
 			if (packet->payload_packet_len > 8 &&
 				ntohl(get_u_int32_t(packet->payload, 5)) < 10 &&
 				ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1 && packet->payload[0] == 0x52) {
@@ -84,29 +93,25 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
 				ndpi_int_postgres_add_connection(ndpi_struct, flow);
 				return;
 			}
-		if (flow->l4.tcp.postgres_stage == 6
-			&& ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1 && packet->payload[0] == 'p') {
-			NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
-			ndpi_int_postgres_add_connection(ndpi_struct, flow);
-			return;
-		}
-		if (flow->l4.tcp.postgres_stage == 5 && packet->payload[0] == 'R') {
-			if (ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1) {
-				NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
+			if (packet->payload_packet_len > 8 &&
+				ntohl(get_u_int32_t(packet->payload, 5)) == 0 &&
+				ntohl(get_u_int32_t(packet->payload, 1)) == 8 && packet->payload[0] == 0x52) {
+				NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, no SSL, auth succ, multiple msg\n");
 				ndpi_int_postgres_add_connection(ndpi_struct, flow);
 				return;
 			}
-			size = (u_int16_t)ntohl(get_u_int32_t(packet->payload, 1)) + 1;
-			if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') {
-				if ((size + get_u_int32_t(packet->payload, (size + 1))) == packet->payload_packet_len) {
-					NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
-					ndpi_int_postgres_add_connection(ndpi_struct, flow);
-					return;
-				}
+		}
+		//GSS
+		if (flow->l4.tcp.postgres_stage == 6 - packet->packet_direction) {
+			//GSS accepted
+			if (packet->payload_packet_len == 1 && packet->payload[0] == 'G') {
+				NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, GSS accepted\n");
+				ndpi_int_postgres_add_connection(ndpi_struct, flow);
+				return;
 			}
-			size += get_u_int32_t(packet->payload, (size + 1)) + 1;
-			if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') {
-				NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
+			//GSS denied
+			if (packet->payload_packet_len == 1 && packet->payload[0] == 'N') {
+				NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, GSS denied\n");
 				ndpi_int_postgres_add_connection(ndpi_struct, flow);
 				return;
 			}
diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c
index eeda3dce8..ba5b114ee 100644
--- a/src/lib/protocols/rsync.c
+++ b/src/lib/protocols/rsync.c
@@ -50,8 +50,6 @@ void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct
       NDPI_LOG_INFO(ndpi_struct, "found rsync\n");
       ndpi_int_rsync_add_connection(ndpi_struct, flow);
     }
-  } else {
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
   }
 }
 
diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c
index 7d44cabaa..b903538cc 100644
--- a/src/lib/protocols/sopcast.c
+++ b/src/lib/protocols/sopcast.c
@@ -51,9 +51,6 @@ __forceinline static
 #endif
 u_int8_t ndpi_int_is_sopcast_tcp(const u_int8_t * payload, const u_int16_t payload_len)
 {
-  if (payload_len != 54)
-    return 0;
-
   if (payload[2] != payload[3] - 4 && payload[2] != payload[3] + 4)
     return 0;
 
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c
index 0dc993245..a53d12848 100644
--- a/src/lib/protocols/steam.c
+++ b/src/lib/protocols/steam.c
@@ -243,7 +243,7 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru
     }
 
     /* This is a packet in another direction. Check if we find the proper response. */
-    if ((payload_len == 0) || ((payload_len == 8) && (packet->payload[0] == 0x3a) && (packet->payload[1] == 0x18) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00))) {
+    if ((payload_len == 8) && (packet->payload[0] == 0x3a) && (packet->payload[1] == 0x18) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00)) {
       NDPI_LOG_INFO(ndpi_struct, "found STEAM\n");
       ndpi_int_steam_add_connection(ndpi_struct, flow);
     } else {
@@ -281,10 +281,6 @@ void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct
       return;
     }
 
-    /* skip marked packets */
-    if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM)
-      return;   
-
     NDPI_LOG_DBG(ndpi_struct, "search STEAM\n");
     ndpi_check_steam_http(ndpi_struct, flow);
 	
diff --git a/src/lib/protocols/z3950.c b/src/lib/protocols/z3950.c
index 18a06c1ec..279d8bf91 100644
--- a/src/lib/protocols/z3950.c
+++ b/src/lib/protocols/z3950.c
@@ -40,9 +40,6 @@ static int z3950_parse_sequences(struct ndpi_packet_struct const * const packet,
   int cur_sequences = 0;
   u_int8_t pdu_type;
 
-  if(packet->payload_packet_len < 2)
-    return(-1);  
-
   pdu_type = packet->payload[0] & 0x1F;
 
   if(((pdu_type < 20) || (pdu_type > 36)) && ((pdu_type < 43) || (pdu_type > 48)))
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-12-22 21:41:32 +0100
committer	GitHub <noreply@github.com>	2022-12-22 21:41:32 +0100
commit	5fafe8374a5cc0cc890053c5bf0cb81b3bda80c9 (patch)
tree	41a82c662550d5aaab0c31e45875106c61e3949e /src/lib/protocols
parent	e9d5e72fb58d5989673487c4b4ef4584d8694467 (diff)