diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-03-07 14:39:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-07 14:39:32 +0100 |
| commit | 6152d595e8a9e9c0f366367e33af36dd69e512aa (patch) | |
| tree | d28ef817b3614774f0728958ad784b8aaf626982 /src/lib | |
| parent | 56ce228a8b172d67eaad9cbf5dc7df66a8591d54 (diff) | |
STUN: add a parameter to configure how long the extra dissection lasts (#2336)
Tradeoff: performance (i.e. number of packets) vs sub-classification
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 17 |
2 files changed, 4 insertions, 14 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 488ee323e..15c7f055a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -11065,6 +11065,7 @@ static const struct cfg_param { { "ftp", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ftp_opportunistic_tls_enabled), NULL }, { "stun", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_opportunistic_tls_enabled), NULL }, + { "stun", "max_packets_extra_dissection", "4", "0", "255", CFG_PARAM_INT, __OFF(stun_max_packets_extra_dissection), NULL }, { "dns", "subclassification", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_subclassification_enabled), NULL }, { "dns", "process_response", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_parse_response_enabled), NULL }, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index fc215d448..737a8448e 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -440,7 +440,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct, /* Give room for DTLS handshake, where we might have retransmissions and fragments */ - flow->max_extra_packets_to_check += 10; + flow->max_extra_packets_to_check = ndpi_min(255, (int)flow->max_extra_packets_to_check + 10); flow->stun.maybe_dtls = 1; } NDPI_LOG_DBG(ndpi_struct, "Switch to TLS (%d/%d)\n", @@ -626,19 +626,8 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN /* No-subclassification */ || flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP /* Metadata. TODO: other protocols? */) { NDPI_LOG_DBG(ndpi_struct, "Enabling extra dissection\n"); - - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) { - flow->max_extra_packets_to_check = 10; /* Looking for metadata. There are no really RTP packets - in Telegram flows, so no need to enable monitoring for them */ - } else { - flow->max_extra_packets_to_check = 4; - flow->extra_packets_func = stun_search_again; - } - } - } else { - /* Already in extra dissection, but we just sub-classied */ - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) { - flow->max_extra_packets_to_check = 10; + flow->max_extra_packets_to_check = ndpi_struct->cfg.stun_max_packets_extra_dissection; + flow->extra_packets_func = stun_search_again; } } } |