Make LRU caches ipv6 aware (#1810)

Simplest solution, keeping the existing cache data structure

TLS certificate cache is used for DTLS traffic, too.

Note that Ookla cache already works with ipv6 flows.

TODO:
 * make the key/hashing more robust (extending the key size?)
 * update bittorrent cache too. That task is quite difficult because
   ntopng uses a public function (`ndpi_guess_undetected_protocol()`)
   intrinsically ipv4 only...

4 files changed, 76 insertions, 28 deletions

diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c
index ebc978420..867e0544f 100644
--- a/src/lib/protocols/hangout.c
+++ b/src/lib/protocols/hangout.c
@@ -73,7 +73,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct,
 
       /* Hangout is over STUN hence the LRU cache is shared */
 
-      if(ndpi_struct->stun_cache && packet->iph) {
+      if(ndpi_struct->stun_cache) {
 	u_int32_t key = get_stun_lru_key(flow, !matched_src);
 
 #ifdef DEBUG_LRU
diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c
index 6d6e48f02..1f6fecd7b 100644
--- a/src/lib/protocols/mining.c
+++ b/src/lib/protocols/mining.c
@@ -24,12 +24,27 @@
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MINING
 #include "ndpi_api.h"
 
+
+/* ************************************************************************** */
+
+u_int32_t make_mining_key(struct ndpi_flow_struct *flow) {
+  u_int32_t key;
+
+  /* network byte order */
+  if(flow->is_ipv6)
+    key = ndpi_quick_hash(flow->c_address.v6, 16) + ndpi_quick_hash(flow->s_address.v6, 16);
+  else
+    key = flow->c_address.v4 + flow->s_address.v4;
+
+  return key;
+}
+
 /* ************************************************************************** */
 
 static void cacheMiningHostTwins(struct ndpi_detection_module_struct *ndpi_struct,
-				 u_int32_t host_keys /* network byte order */) {
+				 struct ndpi_flow_struct *flow) {
   if(ndpi_struct->mining_cache)
-    ndpi_lru_add_to_cache(ndpi_struct->mining_cache, host_keys, NDPI_PROTOCOL_MINING);
+    ndpi_lru_add_to_cache(ndpi_struct->mining_cache, make_mining_key(flow), NDPI_PROTOCOL_MINING);
 }
 
 /* ************************************************************************** */
@@ -59,8 +74,7 @@ static void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_str
     else {
       ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      if(packet->iph) /* TODO: ipv6 */
-        cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+      cacheMiningHostTwins(ndpi_struct, flow);
       return;
     }
   }
@@ -96,8 +110,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       if((*to_match == magic) || (*to_match == magic1)) {
        ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
 	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	if(packet->iph) /* TODO: ipv6 */
-	  cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+	cacheMiningHostTwins(ndpi_struct, flow);
 	return;
       }
     }
@@ -108,8 +121,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       if(isEthPort(ntohs(packet->tcp->dest)) /* Ethereum port */) {
        ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
 	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	if(packet->iph) /* TODO: ipv6 */
-	  cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+	cacheMiningHostTwins(ndpi_struct, flow);
 	return;
       } 
     } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len)
@@ -127,8 +139,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       */
       ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      if(packet->iph) /* TODO: ipv6 */
-        cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+      cacheMiningHostTwins(ndpi_struct, flow);
       return;
     } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len)
 	      && (ndpi_strnstr((const char *)packet->payload, "\"method\":", packet->payload_packet_len)
@@ -151,8 +162,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       */
       ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      if(packet->iph) /* TODO: ipv6 */
-        cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+      cacheMiningHostTwins(ndpi_struct, flow);
       return;
     }
   }
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index d60270ecc..a06612b28 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -37,10 +37,17 @@
 /* ************************************************************ */
 
 u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) {
-  if(rev)
-    return(ntohl(flow->s_address.v4) + ntohs(flow->s_port));
-  else
-    return(ntohl(flow->c_address.v4) + ntohs(flow->c_port));
+  if(rev) {
+    if(flow->is_ipv6)
+      return ndpi_quick_hash(flow->s_address.v6, 16) + ntohs(flow->s_port);
+    else
+      return ntohl(flow->s_address.v4) + ntohs(flow->s_port);
+  } else {
+    if(flow->is_ipv6)
+      return ndpi_quick_hash(flow->c_address.v6, 16) + ntohs(flow->c_port);
+    else
+      return ntohl(flow->c_address.v4) + ntohs(flow->c_port);
+  }
 }
 
 /* ************************************************************ */
@@ -48,7 +55,6 @@ u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) {
 static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
 					 struct ndpi_flow_struct *flow,
 					 u_int app_proto) {
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   ndpi_confidence_t confidence = NDPI_CONFIDENCE_DPI;
 
   if(app_proto == NDPI_PROTOCOL_UNKNOWN) {
@@ -59,7 +65,6 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd
   }
 
   if(ndpi_struct->stun_cache
-     && packet->iph
      && (app_proto != NDPI_PROTOCOL_UNKNOWN)
      ) /* Cache flow sender info */ {
     u_int32_t key = get_stun_lru_key(flow, 0);
@@ -182,7 +187,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
     return(NDPI_IS_NOT_STUN);
   }
 
-  if(ndpi_struct->stun_cache && packet->iph) { /* TODO: ipv6 */
+  if(ndpi_struct->stun_cache) {
     u_int16_t proto;
     u_int32_t key = get_stun_lru_key(flow, 0);
     int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto,
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 3e8b50c4e..e8ce0ea97 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -290,6 +290,42 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet,
 
 /* **************************************** */
 
+static u_int32_t make_tls_cert_key(struct ndpi_packet_struct *packet, int is_from_client)
+{
+  u_int32_t key;
+
+  /* Server ip/port */
+  if(packet->iphv6 == NULL) {
+    if(packet->tcp) {
+      if(is_from_client)
+        key = packet->iph->daddr + packet->tcp->dest;
+      else
+        key = packet->iph->saddr + packet->tcp->source;
+    } else {
+      if(is_from_client)
+        key = packet->iph->daddr + packet->udp->dest;
+      else
+        key = packet->iph->saddr + packet->udp->source;
+    }
+  } else {
+    if(packet->tcp) {
+      if(is_from_client)
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_dst, 16) + packet->tcp->dest;
+      else
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_src, 16) + packet->tcp->source;
+    } else {
+      if(is_from_client)
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_dst, 16) + packet->udp->dest;
+      else
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_src, 16) + packet->udp->source;
+    }
+  }
+
+  return key;
+}
+
+/* **************************************** */
+
 static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				struct ndpi_flow_struct *flow,
 				int is_from_client) {
@@ -298,14 +334,11 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct
   if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) {
     /* Subprotocol not yet set */
 
-    if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) {
-      u_int32_t key; /* Server ip/port */
+    if(ndpi_struct->tls_cert_cache) {
       u_int16_t cached_proto;
+      u_int32_t key;
 
-      if(is_from_client)
-        key = packet->iph->daddr + packet->tcp->dest;
-      else
-        key = packet->iph->saddr + packet->tcp->source;
+      key = make_tls_cert_key(packet, is_from_client);
 
       if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key,
 			     &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) {
@@ -695,8 +728,8 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	flow->category = ndpi_get_proto_category(ndpi_struct, ret);
 	ndpi_check_subprotocol_risk(ndpi_struct, flow, proto_id);
 
-	if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) {
-	  u_int32_t key = packet->iph->saddr + packet->tcp->source; /* Server */
+	if(ndpi_struct->tls_cert_cache) {
+	  u_int32_t key = make_tls_cert_key(packet, 0 /* from the server */);
 
 	  ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id);
 	}