config: move cfg of aggressiviness and opportunistic TLS to the new API

7 files changed, 18 insertions, 101 deletions

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6e593ccda..dea4770c3 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3277,14 +3277,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
     return(NULL);
   }
 
-  ndpi_str->opportunistic_tls_smtp_enabled = 1;
-  ndpi_str->opportunistic_tls_imap_enabled = 1;
-  ndpi_str->opportunistic_tls_pop_enabled = 1;
-  ndpi_str->opportunistic_tls_ftp_enabled = 1;
-  ndpi_str->opportunistic_tls_stun_enabled = 1;
-
-  ndpi_str->aggressiveness_ookla = NDPI_AGGRESSIVENESS_OOKLA_TLS;
-
   if(prefs & ndpi_enable_tcp_ack_payload_heuristic)
     ndpi_str->tcp_ack_paylod_heuristic = 1;
 
@@ -10558,92 +10550,6 @@ int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow)
 
 /* ******************************************************************** */
 
-int ndpi_set_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct,
-			       u_int16_t proto, int value)
-{
-  if(!ndpi_struct || (value != 0 && value != 1))
-    return -1;
-
-  switch(proto) {
-  case NDPI_PROTOCOL_MAIL_SMTP:
-    ndpi_struct->opportunistic_tls_smtp_enabled = value;
-    return 0;
-  case NDPI_PROTOCOL_MAIL_IMAP:
-    ndpi_struct->opportunistic_tls_imap_enabled = value;
-    return 0;
-  case NDPI_PROTOCOL_MAIL_POP:
-    ndpi_struct->opportunistic_tls_pop_enabled = value;
-    return 0;
-  case NDPI_PROTOCOL_FTP_CONTROL:
-    ndpi_struct->opportunistic_tls_ftp_enabled = value;
-    return 0;
-  case NDPI_PROTOCOL_STUN:
-    ndpi_struct->opportunistic_tls_stun_enabled = value;
-    return 0;
-  default:
-    return -1;
-  }
-}
-
-/* ******************************************************************** */
-
-int ndpi_get_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct,
-			       u_int16_t proto)
-{
-  if(!ndpi_struct)
-    return -1;
-
-  switch(proto) {
-  case NDPI_PROTOCOL_MAIL_SMTP:
-    return ndpi_struct->opportunistic_tls_smtp_enabled;
-  case NDPI_PROTOCOL_MAIL_IMAP:
-    return ndpi_struct->opportunistic_tls_imap_enabled;
-  case NDPI_PROTOCOL_MAIL_POP:
-    return ndpi_struct->opportunistic_tls_pop_enabled;
-  case NDPI_PROTOCOL_FTP_CONTROL:
-    return ndpi_struct->opportunistic_tls_ftp_enabled;
-  case NDPI_PROTOCOL_STUN:
-    return ndpi_struct->opportunistic_tls_stun_enabled;
-  default:
-    return -1;
-  }
-}
-
-/* ******************************************************************** */
-
-int ndpi_set_protocol_aggressiveness(struct ndpi_detection_module_struct *ndpi_struct,
-                                     u_int16_t proto, u_int32_t value)
-{
-  if(!ndpi_struct)
-    return -1;
-
-  switch(proto) {
-  case NDPI_PROTOCOL_OOKLA:
-    ndpi_struct->aggressiveness_ookla = value;
-    return 0;
-  default:
-    return -1;
-  }
-}
-
-/* ******************************************************************** */
-
-u_int32_t ndpi_get_protocol_aggressiveness(struct ndpi_detection_module_struct *ndpi_struct,
-                                           u_int16_t proto)
-{
-  if(!ndpi_struct)
-    return -1;
-
-  switch(proto) {
-  case NDPI_PROTOCOL_OOKLA:
-    return ndpi_struct->aggressiveness_ookla;
-  default:
-    return -1;
-  }
-}
-
-/* ******************************************************************** */
-
 void ndpi_set_user_data(struct ndpi_detection_module_struct *ndpi_str, void *user_data)
 {
   if (ndpi_str == NULL)
@@ -10695,7 +10601,6 @@ static u_int16_t __get_proto_id(const char *proto_name_or_id)
   NDPI_BITMASK_SET_ALL(all);
   ndpi_set_protocol_detection_bitmask2(module, &all);
   /* Try to be fast: we need only the protocol name -> protocol id mapping! */
-  /* TODO */
   ndpi_set_config(module, "any", "ip_list.load", "0");
   ndpi_set_config(module, NULL, "flow_risk_lists.load", "0");
   ndpi_finalize_initialization(module);
@@ -10904,6 +10809,18 @@ static const struct cfg_param {
 
   { "tls",           "metadata.sha1_fingerprint.enable",        "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tls_sha1_fingerprint_enabled) },
 
+  { "smtp",          "tls_dissection.enable",                   "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(smtp_opportunistic_tls_enabled) },
+
+  { "imap",          "tls_dissection.enable",                   "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(imap_opportunistic_tls_enabled) },
+
+  { "pop",           "tls_dissection.enable",                   "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(pop_opportunistic_tls_enabled) },
+
+  { "ftp",           "tls_dissection.enable",                   "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ftp_opportunistic_tls_enabled) },
+
+  { "stun",          "tls_dissection.enable",                   "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_opportunistic_tls_enabled) },
+
+  { "ookla",         "aggressiveness",                          "0x01", "0", "1", CFG_PARAM_INT, __OFF(ookla_aggressiveness) },
+
   { "$PROTO_NAME_OR_ID", "ip_list.load",                        "1", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(ip_list_bitmask)},
 
   /* Global parameters */
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 40378a4c6..ce7903397 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -640,7 +640,7 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str
 	 flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) {
 	flow->ftp_control_stage = 0;
       } else if (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 &&
-		 ndpi_struct->opportunistic_tls_ftp_enabled) {
+		 ndpi_struct->cfg.ftp_opportunistic_tls_enabled) {
 	flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */
 	/* Switch classification to FTPS */
 	ndpi_set_detected_protocol(ndpi_struct, flow,
diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c
index a9eeaf64f..1b8b31287 100644
--- a/src/lib/protocols/mail_imap.c
+++ b/src/lib/protocols/mail_imap.c
@@ -110,7 +110,7 @@ static void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_
 	  if(flow->l4.tcp.mail_imap_starttls == 1) {
 	    NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n");
 	    ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS);
-	    if(ndpi_struct->opportunistic_tls_imap_enabled) {
+	    if(ndpi_struct->cfg.imap_opportunistic_tls_enabled) {
 	      NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
 			   flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
 	      /* We are done (in IMAP dissector): delegating TLS... */
diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c
index 045ff1c7c..5741eba0e 100644
--- a/src/lib/protocols/mail_pop.c
+++ b/src/lib/protocols/mail_pop.c
@@ -174,7 +174,7 @@ static void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct
     if(packet->payload[0] == '+' && flow->l4.tcp.mail_imap_starttls == 1) {
       NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n");
       ndpi_int_mail_pop_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_POPS);
-      if(ndpi_struct->opportunistic_tls_pop_enabled) {
+      if(ndpi_struct->cfg.pop_opportunistic_tls_enabled) {
         NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
 		     flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
 	/* We are done (in POP dissector): delegating TLS... */
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index 980ebb8c9..cf8e31146 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -418,7 +418,7 @@ int ndpi_extra_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_st
          454 TLS not available due to temporary reason"
     */
 
-    if(ndpi_struct->opportunistic_tls_smtp_enabled &&
+    if(ndpi_struct->cfg.smtp_opportunistic_tls_enabled &&
        packet->payload_packet_len > 3 && memcmp(packet->payload, "220", 3) == 0) {
       rc = 1;
       /* Switch classification to SMTPS, keeping the hostname sub-classification (if any) */
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 59106c77e..ddb42c980 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -402,7 +402,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
   } else if(first_byte <= 63) {
     NDPI_LOG_DBG(ndpi_struct, "DTLS\n");
 
-    if(ndpi_struct->opportunistic_tls_stun_enabled &&
+    if(ndpi_struct->cfg.stun_opportunistic_tls_enabled &&
        is_dtls(packet->payload, packet->payload_packet_len, &unused)) {
 
       /* Process this DTLS packet via TLS/DTLS code but keep using STUN dissection.
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 943b817a4..11ef6dd4a 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1163,7 +1163,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
     printf("*** [TLS Block] No more blocks\n");
 #endif
     /* An ookla flow? */
-    if((ndpi_struct->aggressiveness_ookla & NDPI_AGGRESSIVENESS_OOKLA_TLS) && /* Feature enabled */
+    if((ndpi_struct->cfg.ookla_aggressiveness & NDPI_AGGRESSIVENESS_OOKLA_TLS) && /* Feature enabled */
        (!something_went_wrong &&
         flow->tls_quic.certificate_processed == 1 &&
         flow->protos.tls_quic.hello_processed == 1) && /* TLS handshake found without errors */