diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-10-05 15:49:52 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-05 15:49:52 +0200 |
| commit | 730c2360bd7c7df7c284f74cd0d56b52a553c03b (patch) | |
| tree | a7cc73981b50590d3cee939512b0890f2052ff6a /src/lib | |
| parent | f3fcf1e7c0c56224444897b321f698817f5129a0 (diff) | |
Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)
There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet")
in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid
saving dissection information of "current packet" into the "flow" state,
i.e. in the flow management table.
The nDPI detection module processes only one packet at the time, so it is
safe to save packet dissection information in `struct ndpi_detection_module_struct`,
reusing always the same "packet" instance and saving a huge amount of memory.
Bottom line: we need only one copy of "packet" (for detection module),
not one for each "flow".
It is not clear how/why "packet" ended up in "flow" in the first place.
It has been there since the beginning of the GIT history, but in the original
OpenDPI code `struct ipoque_packet_struct` was embedded in
`struct ipoque_detection_module_struct`, i.e. there was the same exact
situation this commit wants to achieve.
Most of the changes in this PR are some boilerplate to update something
like "flow->packet" into something like "module->packet" throughout the code.
Some attention has been paid to update `ndpi_init_packet()` since we need
to reset some "packet" fields before starting to process another packet.
There has been one important change, though, in ndpi_detection_giveup().
Nothing changed for the applications/users, but this function can't access
"packet" anymore.
The reason is that this function can be called "asynchronously" with respect
to the data processing, i.e in context where there is no valid notion of
"current packet"; for example ndpiReader calls it after having processed all
the traffic, iterating the entire session table.
Mining LRU stuff seems a bit odd (even before this patch): probably we need
to rethink it, as a follow-up.
Diffstat (limited to 'src/lib')
165 files changed, 487 insertions, 488 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8305cd2c6..cfe08922f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -119,6 +119,7 @@ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_p const char *_func, int _line); static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root); +static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet); /* ****************************************** */ @@ -1972,7 +1973,7 @@ static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_str, s /* ******************************************* */ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; if(packet->tcp != NULL) { if(packet->iph) { @@ -2813,6 +2814,7 @@ u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) { u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; *user_defined_proto = 0; /* Default */ if(sport && dport) { @@ -2847,20 +2849,20 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, flow->entropy = 0.0f; /* Run some basic consistency tests */ - if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr)) + if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); else { - u_int8_t icmp_type = (u_int8_t)flow->packet.payload[0]; - u_int8_t icmp_code = (u_int8_t)flow->packet.payload[1]; + u_int8_t icmp_type = (u_int8_t)packet->payload[0]; + u_int8_t icmp_code = (u_int8_t)packet->payload[1]; /* https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */ if(((icmp_type >= 44) && (icmp_type <= 252)) || (icmp_code > 15)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); - if (flow->packet.payload_packet_len > sizeof(struct ndpi_icmphdr)) { - flow->entropy = ndpi_entropy(flow->packet.payload + sizeof(struct ndpi_icmphdr), - flow->packet.payload_packet_len - sizeof(struct ndpi_icmphdr)); + if (packet->payload_packet_len > sizeof(struct ndpi_icmphdr)) { + flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr), + packet->payload_packet_len - sizeof(struct ndpi_icmphdr)); if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) { ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY); @@ -2889,11 +2891,11 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, if(flow) { /* Run some basic consistency tests */ - if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr)) + if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); else { - u_int8_t icmp6_type = (u_int8_t)flow->packet.payload[0]; - u_int8_t icmp6_code = (u_int8_t)flow->packet.payload[1]; + u_int8_t icmp6_type = (u_int8_t)packet->payload[0]; + u_int8_t icmp6_code = (u_int8_t)packet->payload[1]; /* https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6 */ if(((icmp6_type >= 5) && (icmp6_type <= 127)) @@ -4333,9 +4335,12 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) { /* ************************************************ */ -static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, - unsigned short packetlen) { +static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + const u_int64_t current_time_ms, + const unsigned char *packet_data, + unsigned short packetlen) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; const struct ndpi_iphdr *decaps_iph = NULL; u_int16_t l3len; u_int16_t l4len; @@ -4346,29 +4351,42 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str if(!flow) return(1); + /* need at least 20 bytes for ip header */ + if(packetlen < 20) + return 1; + + packet->current_time_ms = current_time_ms; + + packet->iph = (struct ndpi_iphdr *)packet_data; + /* reset payload_packet_len, will be set if ipv4 tcp or udp */ - flow->packet.payload_packet_len = 0; - flow->packet.l4_packet_len = 0; - flow->packet.l3_packet_len = packetlen; + packet->payload = NULL; + packet->payload_packet_len = 0; + packet->l4_packet_len = 0; + packet->l3_packet_len = packetlen; - flow->packet.tcp = NULL, flow->packet.udp = NULL; - flow->packet.generic_l4_ptr = NULL; - flow->packet.iphv6 = NULL; + packet->tcp = NULL, packet->udp = NULL; + packet->generic_l4_ptr = NULL; + packet->iphv6 = NULL; - l3len = flow->packet.l3_packet_len; + l3len = packet->l3_packet_len; - if(flow->packet.iph != NULL) - decaps_iph = flow->packet.iph; + ndpi_reset_packet_line_info(packet); + packet->packet_lines_parsed_complete = 0; + packet->http_check_content = 0; + + if(packet->iph != NULL) + decaps_iph = packet->iph; if(decaps_iph && decaps_iph->version == IPVERSION && decaps_iph->ihl >= 5) { NDPI_LOG_DBG2(ndpi_str, "ipv4 header\n"); } else if(decaps_iph && decaps_iph->version == 6 && l3len >= sizeof(struct ndpi_ipv6hdr) && (ndpi_str->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) { NDPI_LOG_DBG2(ndpi_str, "ipv6 header\n"); - flow->packet.iphv6 = (struct ndpi_ipv6hdr *) flow->packet.iph; - flow->packet.iph = NULL; + packet->iphv6 = (struct ndpi_ipv6hdr *)packet->iph; + packet->iph = NULL; } else { - flow->packet.iph = NULL; + packet->iph = NULL; return(1); } @@ -4389,38 +4407,27 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str return(1); } - flow->packet.l4_protocol = l4protocol; - flow->packet.l4_packet_len = l4len; + packet->l4_protocol = l4protocol; + packet->l4_packet_len = l4len; flow->l4_proto = l4protocol; /* TCP / UDP detection */ - if(l4protocol == IPPROTO_TCP && flow->packet.l4_packet_len >= 20 /* min size of tcp */) { + if(l4protocol == IPPROTO_TCP && packet->l4_packet_len >= 20 /* min size of tcp */) { /* tcp */ - flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr; - if(flow->packet.l4_packet_len >= flow->packet.tcp->doff * 4) { - flow->packet.payload_packet_len = flow->packet.l4_packet_len - flow->packet.tcp->doff * 4; - flow->packet.actual_payload_len = flow->packet.payload_packet_len; - flow->packet.payload = ((u_int8_t *) flow->packet.tcp) + (flow->packet.tcp->doff * 4); + packet->tcp = (struct ndpi_tcphdr *) l4ptr; + if(packet->l4_packet_len >= packet->tcp->doff * 4) { + packet->payload_packet_len = packet->l4_packet_len - packet->tcp->doff * 4; + packet->actual_payload_len = packet->payload_packet_len; + packet->payload = ((u_int8_t *) packet->tcp) + (packet->tcp->doff * 4); /* check for new tcp syn packets, here * idea: reset detection state if a connection is unknown */ - if(flow->packet.tcp->syn != 0 && flow->packet.tcp->ack == 0 && flow->init_finished != 0 && + if(packet->tcp->syn != 0 && packet->tcp->ack == 0 && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int16_t guessed_protocol_id, guessed_host_protocol_id; u_int16_t packet_direction_counter[2]; u_int8_t num_processed_pkts; - struct packet_save { - const struct ndpi_iphdr *iph; - const struct ndpi_ipv6hdr *iphv6; - const u_int8_t *payload; - u_int64_t current_time_ms; - u_int16_t l3_packet_len; - u_int16_t l4_packet_len; - u_int16_t payload_packet_len; - u_int16_t actual_payload_len; - u_int8_t l4_protocol; - } packet; #define flow_save(a) a = flow->a #define flow_restore(a) flow->a = a @@ -4430,21 +4437,11 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str flow_save(num_processed_pkts); flow_save(guessed_protocol_id); flow_save(guessed_host_protocol_id); - flow_save(packet.iph); - flow_save(packet.iphv6); - flow_save(packet.payload); - flow_save(packet.current_time_ms); - flow_save(packet.l3_packet_len); - flow_save(packet.l4_packet_len); - flow_save(packet.payload_packet_len); - flow_save(packet.actual_payload_len); - flow_save(packet.l4_protocol); ndpi_free_flow_data(flow); memset(flow, 0, sizeof(*(flow))); /* Restore pointers */ - flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr; flow->l4_proto = IPPROTO_TCP; flow_restore(packet_direction_counter[0]); @@ -4452,15 +4449,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str flow_restore(num_processed_pkts); flow_restore(guessed_protocol_id); flow_restore(guessed_host_protocol_id); - flow_restore(packet.iph); - flow_restore(packet.iphv6); - flow_restore(packet.payload); - flow_restore(packet.current_time_ms); - flow_restore(packet.l3_packet_len); - flow_restore(packet.l4_packet_len); - flow_restore(packet.payload_packet_len); - flow_restore(packet.actual_payload_len); - flow_restore(packet.l4_protocol); #undef flow_save #undef flow_restore @@ -4469,18 +4457,18 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str } } else { /* tcp header not complete */ - flow->packet.tcp = NULL; + packet->tcp = NULL; } - } else if(l4protocol == IPPROTO_UDP && flow->packet.l4_packet_len >= 8 /* size of udp */) { - flow->packet.udp = (struct ndpi_udphdr *) l4ptr; - flow->packet.payload_packet_len = flow->packet.l4_packet_len - 8; - flow->packet.payload = ((u_int8_t *) flow->packet.udp) + 8; - } else if((l4protocol == IPPROTO_ICMP && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmphdr)) - || (l4protocol == IPPROTO_ICMPV6 && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) { - flow->packet.payload = ((u_int8_t *) l4ptr); - flow->packet.payload_packet_len = flow->packet.l4_packet_len; + } else if(l4protocol == IPPROTO_UDP && packet->l4_packet_len >= 8 /* size of udp */) { + packet->udp = (struct ndpi_udphdr *) l4ptr; + packet->payload_packet_len = packet->l4_packet_len - 8; + packet->payload = ((u_int8_t *) packet->udp) + 8; + } else if((l4protocol == IPPROTO_ICMP && packet->l4_packet_len >= sizeof(struct ndpi_icmphdr)) + || (l4protocol == IPPROTO_ICMPV6 && packet->l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) { + packet->payload = ((u_int8_t *) l4ptr); + packet->payload_packet_len = packet->l4_packet_len; } else { - flow->packet.generic_l4_ptr = l4ptr; + packet->generic_l4_ptr = l4ptr; } return(0); @@ -4495,7 +4483,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, return; } else { /* const for gcc code optimization and cleaner code */ - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; const struct ndpi_iphdr *iph = packet->iph; const struct ndpi_ipv6hdr *iphv6 = packet->iphv6; const struct ndpi_tcphdr *tcph = packet->tcp; @@ -4552,7 +4540,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, * otherwise use the payload length. */ if(tcph->ack != 0) { - flow->next_tcp_seq_nr[flow->packet.packet_direction] = + flow->next_tcp_seq_nr[packet->packet_direction] = ntohl(tcph->seq) + (tcph->syn ? 1 : packet->payload_packet_len); /* @@ -4560,7 +4548,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, but that is already started when nDPI being to process it. See also (***) below */ if(flow->num_processed_pkts > 1) - flow->next_tcp_seq_nr[1 - flow->packet.packet_direction] = ntohl(tcph->ack_seq); + flow->next_tcp_seq_nr[1 - packet->packet_direction] = ntohl(tcph->ack_seq); } } else if(packet->payload_packet_len > 0) { /* check tcp sequence counters */ @@ -4735,7 +4723,7 @@ static u_int32_t check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *n struct ndpi_flow_struct *flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { - if (flow->packet.payload_packet_len != 0) { + if (ndpi_str->packet.payload_packet_len != 0) { return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet, ndpi_str->callback_buffer_tcp_payload, ndpi_str->callback_buffer_size_tcp_payload); @@ -4754,9 +4742,9 @@ u_int32_t ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { if(!flow) return(0); - else if(flow->packet.tcp != NULL) + else if(ndpi_str->packet.tcp != NULL) return(check_ndpi_tcp_flow_func(ndpi_str, flow, ndpi_selection_packet)); - else if(flow->packet.udp != NULL) + else if(ndpi_str->packet.udp != NULL) return(check_ndpi_udp_flow_func(ndpi_str, flow, ndpi_selection_packet)); else return(check_ndpi_other_flow_func(ndpi_str, flow, ndpi_selection_packet)); @@ -4766,18 +4754,19 @@ u_int32_t ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str, u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; u_int16_t ret = NDPI_PROTOCOL_UNKNOWN; - if(flow->packet.iph) { + if(packet->iph) { struct in_addr addr; u_int16_t sport, dport; - addr.s_addr = flow->packet.iph->saddr; + addr.s_addr = packet->iph->saddr; - if((flow->l4_proto == IPPROTO_TCP) && flow->packet.tcp) - sport = flow->packet.tcp->source, dport = flow->packet.tcp->dest; - else if((flow->l4_proto == IPPROTO_UDP) && flow->packet.udp) - sport = flow->packet.udp->source, dport = flow->packet.udp->dest; + if((flow->l4_proto == IPPROTO_TCP) && packet->tcp) + sport = packet->tcp->source, dport = packet->tcp->dest; + else if((flow->l4_proto == IPPROTO_UDP) && packet->udp) + sport = packet->udp->source, dport = packet->udp->dest; else sport = dport = 0; @@ -4785,7 +4774,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ ret = ndpi_network_port_ptree_match(ndpi_str, &addr, sport); if(ret == NDPI_PROTOCOL_UNKNOWN) { - addr.s_addr = flow->packet.iph->daddr; + addr.s_addr = packet->iph->daddr; ret = ndpi_network_port_ptree_match(ndpi_str, &addr, dport); } } @@ -4799,6 +4788,10 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st u_int8_t enable_guess, u_int8_t *protocol_was_guessed) { ndpi_protocol ret = {NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED}; + /* + *** We can't access ndpi_str->packet from this function!! *** + */ + *protocol_was_guessed = 0; if(flow == NULL) @@ -4812,11 +4805,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)) return(ret); - if(ndpi_str->mining_cache && flow->packet.iph) { + /* TODO: this lookup seems in the wrong place here... + Move it somewhere else (?) or setting flow->guessed_protocol_id directly in the mining dissector? */ + if(ndpi_str->mining_cache && flow->key_mining_cache) { u_int16_t cached_proto; - u_int32_t key = flow->packet.iph->saddr + flow->packet.iph->daddr; - if(ndpi_lru_find_cache(ndpi_str->mining_cache, key, + if(ndpi_lru_find_cache(ndpi_str->mining_cache, flow->key_mining_cache, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN); ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; @@ -4841,14 +4835,14 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st *protocol_was_guessed = 1; ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN); } else if(enable_guess) { - if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->l4_proto == IPPROTO_TCP) && flow->protos.tls_quic_stun.tls_quic.hello_processed) flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) && - ((flow->packet.l4_protocol == IPPROTO_UDP) && + ((flow->l4_proto == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id) && is_udp_guessable_protocol(guessed_host_protocol_id))) flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; @@ -4856,7 +4850,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_UDP) && + && (flow->l4_proto == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id) && is_udp_guessable_protocol(guessed_protocol_id)) flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; @@ -4937,24 +4931,13 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* ********************************************************************************* */ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, - const unsigned char *packet, const unsigned short packetlen, + const unsigned char *packet_data, const unsigned short packetlen, const u_int64_t current_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst) { if(flow == NULL) return; - /* need at least 20 bytes for ip header */ - if(packetlen < 20) { - return; - } - - flow->packet.current_time_ms = current_time_ms; - - /* parse packet */ - flow->packet.iph = (struct ndpi_iphdr *) packet; - /* we are interested in ipv4 packet */ - /* set up the packet headers for the extra packet function to use if it wants */ - if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0) + if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0) return; /* detect traffic for tcp or udp only */ @@ -5213,6 +5196,7 @@ static int ndpi_check_protocol_port_mismatch_exceptions(struct ndpi_detection_mo static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; #if 0 if(flow) { @@ -5231,7 +5215,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s (MS Teams uses Skype as transport protocol for voice/video) */ case NDPI_PROTOCOL_MSTEAMS: - if(flow->packet.iph && flow->packet.tcp) { + if(packet->iph && packet->tcp) { // printf("====>> NDPI_PROTOCOL_MSTEAMS\n"); if(ndpi_str->msteams_cache == NULL) @@ -5239,21 +5223,21 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s if(ndpi_str->msteams_cache) ndpi_lru_add_to_cache(ndpi_str->msteams_cache, - flow->packet.iph->saddr, - (flow->packet.current_time_ms / 1000) & 0xFFFF /* 16 bit */); + packet->iph->saddr, + (packet->current_time_ms / 1000) & 0xFFFF /* 16 bit */); } break; case NDPI_PROTOCOL_SKYPE_TEAMS: case NDPI_PROTOCOL_SKYPE_CALL: - if(flow->packet.iph - && flow->packet.udp + if(packet->iph + && packet->udp && ndpi_str->msteams_cache) { u_int16_t when; - if(ndpi_lru_find_cache(ndpi_str->msteams_cache, flow->packet.iph->saddr, + if(ndpi_lru_find_cache(ndpi_str->msteams_cache, packet->iph->saddr, &when, 0 /* Don't remove it as it can be used for other connections */)) { - u_int16_t tdiff = ((flow->packet.current_time_ms /1000) & 0xFFFF) - when; + u_int16_t tdiff = ((packet->current_time_ms /1000) & 0xFFFF) - when; if(tdiff < 60 /* sec */) { // printf("====>> NDPI_PROTOCOL_SKYPE(_CALL) -> NDPI_PROTOCOL_MSTEAMS [%u]\n", tdiff); @@ -5261,15 +5245,15 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s /* Refresh cache */ ndpi_lru_add_to_cache(ndpi_str->msteams_cache, - flow->packet.iph->saddr, - (flow->packet.current_time_ms / 1000) & 0xFFFF /* 16 bit */); + packet->iph->saddr, + (packet->current_time_ms / 1000) & 0xFFFF /* 16 bit */); } } } break; case NDPI_PROTOCOL_ANYDESK: - if(flow->packet.tcp) /* TCP only */ + if(packet->tcp) /* TCP only */ ndpi_set_risk(ndpi_str, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance */ break; } /* switch */ @@ -5292,22 +5276,24 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s /* ****************************************************** */ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; + ret->master_protocol = ret->app_protocol = NDPI_PROTOCOL_UNKNOWN, ret->category = 0; - if(flow->packet.iphv6 || flow->packet.iph) { + if(packet->iphv6 || packet->iph) { u_int16_t sport, dport; u_int8_t protocol; u_int8_t user_defined_proto; - if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->ip6_hdr.ip6_un1_nxt; + if(packet->iphv6 != NULL) { + protocol = packet->iphv6->ip6_hdr.ip6_un1_nxt; } else - protocol = flow->packet.iph->protocol; + protocol = packet->iph->protocol; - if(flow->packet.udp) - sport = ntohs(flow->packet.udp->source), dport = ntohs(flow->packet.udp->dest); - else if(flow->packet.tcp) - sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest); + if(packet->udp) + sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); + else if(packet->tcp) + sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); else sport = dport = 0; @@ -5315,9 +5301,9 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_str, flow, protocol, sport, dport, &user_defined_proto); flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow); - if(ndpi_str->custom_categories.categories_loaded && flow->packet.iph) { + if(ndpi_str->custom_categories.categories_loaded && packet->iph) { if(ndpi_str->ndpi_num_custom_protocols != 0) - ndpi_fill_ip_protocol_category(ndpi_str, flow->packet.iph->saddr, flow->packet.iph->daddr, ret); + ndpi_fill_ip_protocol_category(ndpi_str, packet->iph->saddr, packet->iph->daddr, ret); flow->guessed_header_category = ret->category; } else flow->guessed_header_category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; @@ -5333,7 +5319,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n } if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { - if(flow->packet.iph) { + if(packet->iph) { if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { u_int8_t protocol_was_guessed; @@ -5347,7 +5333,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n } } else { /* guess host protocol */ - if(flow->packet.iph) { + if(packet->iph) { flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow); /* @@ -5393,9 +5379,10 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n /* ********************************************************************************* */ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, const unsigned char *packet, + struct ndpi_flow_struct *flow, const unsigned char *packet_data, const unsigned short packetlen, const u_int64_t current_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet; u_int32_t a, num_calls = 0; ndpi_protocol ret = { flow->detected_protocol_stack[1], flow->detected_protocol_stack[0], flow->category }; @@ -5424,61 +5411,61 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret.app_protocol = flow->detected_protocol_stack[0]; if(flow->check_extra_packets) { - ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_time_ms, src, dst); + ndpi_process_extra_packet(ndpi_str, flow, packet_data, packetlen, current_time_ms, src, dst); /* Update in case of new match */ ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0], ret.category = flow->category; - goto invalidate_ptr; - } else if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) + return ret; + } else if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { + if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0) + return ret; goto ret_protocols; - - /* need at least 20 bytes for ip header */ - if(packetlen < 20) { - goto invalidate_ptr; } - flow->packet.current_time_ms = current_time_ms; - - /* parse packet */ - flow->packet.iph = (struct ndpi_iphdr *) packet; - /* we are interested in ipv4 packet */ - - if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0) - goto invalidate_ptr; + if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0) + return ret; /* detect traffic for tcp or udp only */ flow->src = src, flow->dst = dst; + /* If/when calling ndpi_detection_giveup(), if this flow is still un-classified, + we will check if it is some kind of mining stuff. Save now the key, because we don't + have packet information later. + It seems quite hacky: any better way to do that? */ + if(flow->num_processed_pkts == 1 && packet->iph) { + flow->key_mining_cache = packet->iph->saddr + packet->iph->daddr; + } + ndpi_connection_tracking(ndpi_str, flow); /* build ndpi_selection packet bitmask */ ndpi_selection_packet = NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC; - if(flow->packet.iph != NULL) + if(packet->iph != NULL) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; - if(flow->packet.tcp != NULL) + if(packet->tcp != NULL) ndpi_selection_packet |= (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - if(flow->packet.udp != NULL) + if(packet->udp != NULL) ndpi_selection_packet |= (NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - if(flow->packet.payload_packet_len != 0) + if(packet->payload_packet_len != 0) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD; - if(flow->packet.tcp_retransmission == 0) + if(packet->tcp_retransmission == 0) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION; - if(flow->packet.iphv6 != NULL) + if(packet->iphv6 != NULL) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; if(!flow->protocol_id_already_guessed) { flow->protocol_id_already_guessed = 1; if(ndpi_do_guess(ndpi_str, flow, &ret) == -1) - goto invalidate_ptr; + return ret; } num_calls = ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); @@ -5516,7 +5503,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret.category = flow->category; if((flow->num_processed_pkts == 1) && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) && - (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.tcp && (flow->packet.tcp->syn == 0) && + (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && packet->tcp && (packet->tcp->syn == 0) && (flow->guessed_protocol_id == 0)) { u_int8_t protocol_was_guessed; @@ -5543,15 +5530,15 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ndpi_default_ports_tree_node_t *found; u_int16_t *default_ports, sport, dport; - if(flow->packet.udp) + if(packet->udp) found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_UDP, - sport = ntohs(flow->packet.udp->source), - dport = ntohs(flow->packet.udp->dest)), + sport = ntohs(packet->udp->source), + dport = ntohs(packet->udp->dest)), default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].udp_default_ports; - else if(flow->packet.tcp) + else if(packet->tcp) found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_TCP, - sport = ntohs(flow->packet.tcp->source), - dport = ntohs(flow->packet.tcp->dest)), + sport = ntohs(packet->tcp->source), + dport = ntohs(packet->tcp->dest)), default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].tcp_default_ports; else found = NULL, default_ports = NULL, sport = dport = 0; @@ -5592,7 +5579,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } /* for */ if((num_loops == 0) && (!found)) { - if(flow->packet.udp) + if(packet->udp) default_ports = ndpi_str->proto_defaults[ret.app_protocol].udp_default_ports; else default_ports = ndpi_str->proto_defaults[ret.app_protocol].tcp_default_ports; @@ -5615,14 +5602,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(num_calls == 0) flow->fail_with_unknown = 1; - invalidate_ptr: - /* - Invalidate packet memory to avoid accessing the pointers below - when the packet is no longer accessible - */ - flow->packet.iph = NULL, flow->packet.tcp = NULL, flow->packet.udp = NULL, flow->packet.payload = NULL; - ndpi_reset_packet_line_info(&flow->packet); - return(ret); } @@ -5779,7 +5758,7 @@ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t *str, u_int16_t max_chars_to_re /* internal function for every detection to parse one packet and to increase the info buffer */ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { u_int32_t a; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; if((packet->payload_packet_len < 3) || (packet->payload == NULL)) return; @@ -6059,7 +6038,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str, /* ********************************************************************************* */ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; u_int32_t a; u_int16_t end = packet->payload_packet_len; @@ -6102,7 +6081,7 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t counter) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; NDPI_LOG_DBG2(ndpi_str, "called ndpi_check_for_email_address\n"); diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 65c2d0ad4..f969c6c59 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2101,9 +2101,9 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp } /* TODO: add IPv6 support */ + struct ndpi_packet_struct *packet = &ndpi_str->packet; if(!flow->ip_risk_mask_evaluated) { - if(flow->packet.iph) { - struct ndpi_packet_struct *packet = &flow->packet; + if(packet->iph) { struct in_addr pin; pin.s_addr = packet->iph->saddr; diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c index 42d2b108c..c6b8e6203 100644 --- a/src/lib/protocols/afp.c +++ b/src/lib/protocols/afp.c @@ -43,7 +43,7 @@ static void ndpi_int_afp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search AFP\n"); diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index 2ef75e1fb..fd9b93d12 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -39,7 +39,7 @@ static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct * void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search aimini\n"); diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index f9658feb4..e84be938e 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -73,7 +73,7 @@ static void set_ajp_detected(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_check_ajp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ajp_header ajp_hdr; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len < sizeof(ajp_hdr)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c index 8decaea4d..756627ede 100644 --- a/src/lib/protocols/amazon_video.c +++ b/src/lib/protocols/amazon_video.c @@ -29,7 +29,7 @@ static void ndpi_check_amazon_video(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Amazon Prime\n"); diff --git a/src/lib/protocols/among_us.c b/src/lib/protocols/among_us.c index d63fbe849..3c799dcc9 100644 --- a/src/lib/protocols/among_us.c +++ b/src/lib/protocols/among_us.c @@ -33,7 +33,7 @@ static void ndpi_int_among_us_add_connection(struct ndpi_detection_module_struct void ndpi_search_among_us(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * const packet = &flow->packet; + struct ndpi_packet_struct * const packet = &ndpi_struct->packet; /* handshake packet */ if (packet->payload_packet_len > 9 && diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 74c3c6956..130030cf7 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -40,7 +40,7 @@ static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *nd } void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search amqp\n"); diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index b360e8a40..7e05faa83 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -29,7 +29,7 @@ static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->iph) { /* https://support.apple.com/en-us/HT203609 */ diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index 2c76f4475..cda7e75e2 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -38,7 +38,7 @@ static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_stru void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search applejuice\n"); diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index 71fe0a027..d144f0510 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -37,7 +37,7 @@ static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_stru void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search armagetron\n"); diff --git a/src/lib/protocols/avast_securedns.c b/src/lib/protocols/avast_securedns.c index 06fbaa17c..95bc848b5 100644 --- a/src/lib/protocols/avast_securedns.c +++ b/src/lib/protocols/avast_securedns.c @@ -34,7 +34,7 @@ static void ndpi_int_avast_securedns_add_connection(struct ndpi_detection_module static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; if (packet->payload_packet_len < 34 || ntohl(get_u_int32_t(packet->payload, 11)) != 0x00013209 || diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 6a9b61d21..441623974 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -42,7 +42,7 @@ struct ayiya { void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search AYIYA\n"); @@ -57,7 +57,7 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct u_int32_t epoch = ntohl(a->epoch), now; u_int32_t fiveyears = 86400 * 365 * 5; - now = flow->packet.current_time_ms; + now = packet->current_time_ms; if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) { NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n"); diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index 71cdd1902..ed8e94e66 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -31,7 +31,7 @@ /* this detection also works asymmetrically */ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t bgp_port = htons(179); NDPI_LOG_DBG(ndpi_struct, "search BGP\n"); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index f82ae7a35..f49c7f31a 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -63,19 +63,21 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc int bt_offset, int check_hash, const u_int8_t save_detection, const u_int8_t encrypted_connection) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + if(check_hash) { const char *bt_hash = NULL; /* 20 bytes long */ if(bt_offset == -1) { - const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload, - "BitTorrent protocol", flow->packet.payload_packet_len); + const char *bt_magic = ndpi_strnstr((const char *)packet->payload, + "BitTorrent protocol", packet->payload_packet_len); if(bt_magic) bt_hash = &bt_magic[19]; } else - bt_hash = (const char*)&flow->packet.payload[28]; + bt_hash = (const char*)&packet->payload[28]; - if(bt_hash && (flow->packet.payload_packet_len >= (20 + (bt_hash-(const char*)flow->packet.payload)))) + if(bt_hash && (packet->payload_packet_len >= (20 + (bt_hash-(const char*)packet->payload)))) memcpy(flow->protos.bittorrent.hash, bt_hash, 20); } @@ -85,7 +87,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t a = 0; if(packet->payload_packet_len == 1 && packet->payload[0] == 0x13) { @@ -359,7 +361,7 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /*Search for BitTorrent commands*/ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->payload_packet_len == 0) { return; @@ -384,7 +386,7 @@ static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) { void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; char *bt_proto = NULL; /* This is broadcast */ diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 31a404df6..e7e503989 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -14,7 +14,7 @@ static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(packet->udp != NULL) { diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c index 3221c4a4a..73ec2b887 100644 --- a/src/lib/protocols/capwap.c +++ b/src/lib/protocols/capwap.c @@ -38,7 +38,7 @@ static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct * static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t sport, dport; if(!packet->iph) { @@ -104,7 +104,7 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s void ndpi_search_capwap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) ndpi_search_setup_capwap(ndpi_struct, flow); diff --git a/src/lib/protocols/cassandra.c b/src/lib/protocols/cassandra.c index 248708b17..f7bbccfbc 100644 --- a/src/lib/protocols/cassandra.c +++ b/src/lib/protocols/cassandra.c @@ -103,7 +103,7 @@ static bool ndpi_check_valid_cassandra_opcode(uint8_t opcode) void ndpi_search_cassandra(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->tcp) { if (packet->payload_packet_len >= CASSANDRA_HEADER_LEN && diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index 7d6a68c3e..f2fbbf17a 100644 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -38,7 +38,7 @@ static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len >= 15) { diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index ff882319e..1d7cedb92 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -37,7 +37,7 @@ static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t udport = 0, usport = 0; u_int16_t tdport = 0, tsport = 0; diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index da5d2b78d..fd7035678 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -32,7 +32,7 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(packet->tcp != NULL) { diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index a32f7fad0..cf89748d7 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -106,7 +106,7 @@ static int isCoAPport(u_int16_t port) { void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_coap_hdr * h = (struct ndpi_coap_hdr*) packet->payload; if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { @@ -115,8 +115,8 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, // search for udp packet if(packet->udp != NULL) { - u_int16_t s_port = ntohs(flow->packet.udp->source); - u_int16_t d_port = ntohs(flow->packet.udp->dest); + u_int16_t s_port = ntohs(packet->udp->source); + u_int16_t d_port = ntohs(packet->udp->dest); if((!isCoAPport(s_port) && !isCoAPport(d_port)) || (packet->payload_packet_len < 4) ) { // header too short diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 50a8ee23a..26ad27a9d 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -28,7 +28,7 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int len = 0; NDPI_LOG_DBG(ndpi_struct, "search collectd\n"); diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index ffb12fec1..19f2f6165 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -31,7 +31,7 @@ static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct } void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search for CORBA\n"); if(packet->tcp != NULL) { diff --git a/src/lib/protocols/cpha.c b/src/lib/protocols/cpha.c index edd472a83..099285312 100644 --- a/src/lib/protocols/cpha.c +++ b/src/lib/protocols/cpha.c @@ -31,7 +31,7 @@ void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int16_t cpha_port = htons(8116); NDPI_LOG_DBG(ndpi_struct, "search CPHA\n"); diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index bf3c2946c..23a66d4bb 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -37,7 +37,7 @@ static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struc void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search crossfire\n"); diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index ae17d5f46..9a3606510 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; if(packet->udp != NULL) { if(packet->payload_packet_len < sizeof(uint32_t)) { diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index cef0d9306..0c6dc45a8 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -79,7 +79,7 @@ bool is_connectionless_dcerpc(struct ndpi_packet_struct *packet, struct ndpi_flo void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DCERPC\n"); if (is_connection_oriented_dcerpc(packet, flow) || is_connectionless_dcerpc(packet, flow)) { diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 88f279fda..21f052d95 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -60,7 +60,7 @@ static void ndpi_int_dhcp_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DHCP\n"); diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index ac569872a..e9ce83f60 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -38,7 +38,7 @@ static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct * void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DHCPv6\n"); diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c index 7fb443c34..c90848d27 100644 --- a/src/lib/protocols/diameter.c +++ b/src/lib/protocols/diameter.c @@ -93,7 +93,7 @@ int is_diameter(struct ndpi_packet_struct *packet, int size_payload) void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // Diameter is on TCP if(packet->tcp) { diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index c0eb62936..fef0c8282 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -78,7 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s const u_int8_t connection_type) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -123,7 +123,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -311,7 +311,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -397,7 +397,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct void ndpi_search_directconnect(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 7e4197c09..5d2ea6712 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -50,7 +50,7 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_m */ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t filename_start = 0; u_int16_t i = 1; u_int16_t host_line_len_without_port; diff --git a/src/lib/protocols/dnp3.c b/src/lib/protocols/dnp3.c index 8c7e6af6f..6f81149a8 100644 --- a/src/lib/protocols/dnp3.c +++ b/src/lib/protocols/dnp3.c @@ -32,7 +32,7 @@ void ndpi_search_dnp3_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DNP3\n"); diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index fdc5cb5b0..a326b8b68 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -178,9 +178,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, struct ndpi_dns_packet_header *dns_header, int payload_offset, u_int8_t *is_query) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int x = payload_offset; - memcpy(dns_header, (struct ndpi_dns_packet_header*)&flow->packet.payload[x], + memcpy(dns_header, (struct ndpi_dns_packet_header*)&packet->payload[x], sizeof(struct ndpi_dns_packet_header)); dns_header->tr_id = ntohs(dns_header->tr_id); @@ -211,10 +212,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, || ((dns_header->flags & 0xFCF0) == 0x00) /* Standard Query */ || ((dns_header->num_answers == 0) && (dns_header->authority_rrs == 0)))) { /* This is a good query */ - while(x+2 < flow->packet.payload_packet_len) { - if(flow->packet.payload[x] == '\0') { + while(x+2 < packet->payload_packet_len) { + if(packet->payload[x] == '\0') { x++; - flow->protos.dns.query_type = get16(&x, flow->packet.payload); + flow->protos.dns.query_type = get16(&x, packet->payload); #ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type); printf("[DNS] [request] query_type=%d\n", flow->protos.dns.query_type); @@ -241,9 +242,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, /* Leave the statement below commented necessary in case of call to ndpi_get_partial_detection() */ x++; - if(x < flow->packet.payload_packet_len && flow->packet.payload[x] != '\0') { - while((x < flow->packet.payload_packet_len) - && (flow->packet.payload[x] != '\0')) { + if(x < packet->payload_packet_len && packet->payload[x] != '\0') { + while((x < packet->payload_packet_len) + && (packet->payload[x] != '\0')) { x++; } @@ -259,21 +260,21 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, for(num = 0; num < dns_header->num_answers; num++) { u_int16_t data_len; - if((x+6) >= flow->packet.payload_packet_len) { + if((x+6) >= packet->payload_packet_len) { break; } - if((data_len = getNameLength(x, flow->packet.payload, - flow->packet.payload_packet_len)) == 0) { + if((data_len = getNameLength(x, packet->payload, + packet->payload_packet_len)) == 0) { break; } else x += data_len; - if((x+2) >= flow->packet.payload_packet_len) { + if((x+2) >= packet->payload_packet_len) { break; } - rsp_type = get16(&x, flow->packet.payload); + rsp_type = get16(&x, packet->payload); #ifdef DNS_DEBUG printf("[DNS] [response] response_type=%d\n", rsp_type); @@ -284,11 +285,11 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, flow->protos.dns.rsp_type = rsp_type; /* here x points to the response "class" field */ - if((x+12) <= flow->packet.payload_packet_len) { + if((x+12) <= packet->payload_packet_len) { x += 6; - data_len = get16(&x, flow->packet.payload); + data_len = get16(&x, packet->payload); - if((x + data_len) <= flow->packet.payload_packet_len) { + if((x + data_len) <= packet->payload_packet_len) { // printf("[rsp_type: %u][data_len: %u]\n", rsp_type, data_len); if(rsp_type == 0x05 /* CNAME */) { @@ -299,7 +300,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, if((((rsp_type == 0x1) && (data_len == 4)) /* A */ || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */ )) { - memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len); + memcpy(&flow->protos.dns.rsp_addr, packet->payload + x, data_len); } } } @@ -314,7 +315,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, // flow->extra_packets_func = NULL; /* Removed so the caller can keep dissecting DNS flows */ } else { /* We missed the request */ - u_int16_t s_port = flow->packet.udp ? ntohs(flow->packet.udp->source) : ntohs(flow->packet.tcp->source); + u_int16_t s_port = packet->udp ? ntohs(packet->udp->source) : ntohs(packet->tcp->source); ndpi_set_detected_protocol(ndpi_struct, flow, checkPort(s_port), NDPI_PROTOCOL_UNKNOWN); } @@ -338,19 +339,20 @@ static int search_dns_again(struct ndpi_detection_module_struct *ndpi_struct, st /* *********************************************** */ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int payload_offset; u_int8_t is_query; u_int16_t s_port = 0, d_port = 0; NDPI_LOG_DBG(ndpi_struct, "search DNS\n"); - if(flow->packet.udp != NULL) { - s_port = ntohs(flow->packet.udp->source); - d_port = ntohs(flow->packet.udp->dest); + if(packet->udp != NULL) { + s_port = ntohs(packet->udp->source); + d_port = ntohs(packet->udp->dest); payload_offset = 0; - } else if(flow->packet.tcp != NULL) /* pkt size > 512 bytes */ { - s_port = ntohs(flow->packet.tcp->source); - d_port = ntohs(flow->packet.tcp->dest); + } else if(packet->tcp != NULL) /* pkt size > 512 bytes */ { + s_port = ntohs(packet->tcp->source); + d_port = ntohs(packet->tcp->dest); payload_offset = 2; } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); @@ -360,7 +362,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(((s_port == DNS_PORT) || (d_port == DNS_PORT) || (s_port == MDNS_PORT) || (d_port == MDNS_PORT) || (d_port == LLMNR_PORT)) - && (flow->packet.payload_packet_len > sizeof(struct ndpi_dns_packet_header)+payload_offset)) { + && (packet->payload_packet_len > sizeof(struct ndpi_dns_packet_header)+payload_offset)) { struct ndpi_dns_packet_header dns_header; int j = 0, max_len, off; int invalid = search_valid_dns(ndpi_struct, flow, &dns_header, payload_offset, &is_query); @@ -380,11 +382,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st off = sizeof(struct ndpi_dns_packet_header) + payload_offset; /* Before continuing let's dissect the following queries to see if they are valid */ - for(idx=off, num_queries=0; (num_queries < dns_header.num_queries) && (idx < flow->packet.payload_packet_len);) { + for(idx=off, num_queries=0; (num_queries < dns_header.num_queries) && (idx < packet->payload_packet_len);) { u_int16_t i, tot_len = 0; - for(i=idx; i<flow->packet.payload_packet_len;) { - u_int8_t is_ptr = 0, name_len = flow->packet.payload[i]; /* Lenght of the individual name blocks aaa.bbb.com */ + for(i=idx; i<packet->payload_packet_len;) { + u_int8_t is_ptr = 0, name_len = packet->payload[i]; /* Lenght of the individual name blocks aaa.bbb.com */ if(name_len == 0) { tot_len++; /* \0 */ @@ -401,8 +403,8 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st int idx; for(idx=0; idx<name_len; idx++) - printf("%c", flow->packet.payload[i+1+idx]); - + printf("%c", packet->payload[i+1+idx]); + printf("]\n"); } } @@ -416,13 +418,13 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st printf("[DNS] [tot_len: %u]\n\n", tot_len+4 /* type + class */); #endif - if(((i+4 /* Skip query type and class */) > flow->packet.payload_packet_len) - || ((flow->packet.payload[i+1] == 0x0) && (flow->packet.payload[i+2] == 0x0)) /* Query type cannot be 0 */ + if(((i+4 /* Skip query type and class */) > packet->payload_packet_len) + || ((packet->payload[i+1] == 0x0) && (packet->payload[i+2] == 0x0)) /* Query type cannot be 0 */ || (tot_len > 253) ) { /* Invalid */ #ifdef DNS_DEBUG - printf("[DNS] Invalid query len [%u >= %u]\n", i+4, flow->packet.payload_packet_len); + printf("[DNS] Invalid query len [%u >= %u]\n", i+4, packet->payload_packet_len); #endif ndpi_set_risk(ndpi_struct, flow, NDPI_MALFORMED_PACKET); break; @@ -431,11 +433,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st } } /* for */ - while((j < max_len) && (off < flow->packet.payload_packet_len) && (flow->packet.payload[off] != '\0')) { - uint8_t c, cl = flow->packet.payload[off++]; + while((j < max_len) && (off < packet->payload_packet_len) && (packet->payload[off] != '\0')) { + uint8_t c, cl = packet->payload[off++]; if(((cl & 0xc0) != 0) || // we not support compressed names in query - (off + cl >= flow->packet.payload_packet_len)) { + (off + cl >= packet->payload_packet_len)) { j = 0; break; } @@ -445,7 +447,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st while((j < max_len) && (cl != 0)) { u_int32_t shift; - c = flow->packet.payload[off++]; + c = packet->payload[off++]; shift = ((u_int32_t) 1) << (c & 0x1f); flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_'); cl--; @@ -522,21 +524,21 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS) || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS)) { /* TODO: add support to RFC6891 to avoid some false positives */ - if(flow->packet.udp != NULL && flow->packet.payload_packet_len > PKT_LEN_ALERT) + if(packet->udp != NULL && packet->payload_packet_len > PKT_LEN_ALERT) ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_LARGE_PACKET); - if(flow->packet.iph != NULL) { + if(packet->iph != NULL) { /* IPv4 */ - u_int8_t flags = ((u_int8_t*)flow->packet.iph)[6]; + u_int8_t flags = ((u_int8_t*)packet->iph)[6]; /* 0: fragmented; 1: not fragmented */ if((flags & 0x20) - || (ndpi_iph_is_valid_and_not_fragmented(flow->packet.iph, flow->packet.l3_packet_len) == 0)) { + || (ndpi_iph_is_valid_and_not_fragmented(packet->iph, packet->l3_packet_len) == 0)) { ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED); } - } else if(flow->packet.iphv6 != NULL) { + } else if(packet->iphv6 != NULL) { /* IPv6 */ - const struct ndpi_ip6_hdrctl *ip6_hdr = &flow->packet.iphv6->ip6_hdr; + const struct ndpi_ip6_hdrctl *ip6_hdr = &packet->iphv6->ip6_hdr; if(ip6_hdr->ip6_un1_nxt == 0x2C /* Next Header: Fragment Header for IPv6 (44) */) { ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED); diff --git a/src/lib/protocols/dnscrypt.c b/src/lib/protocols/dnscrypt.c index a5bbd0c0e..a51ed60f7 100644 --- a/src/lib/protocols/dnscrypt.c +++ b/src/lib/protocols/dnscrypt.c @@ -33,7 +33,7 @@ static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; static char const * const dnscrypt_initial = "2\rdnscrypt"; NDPI_LOG_DBG(ndpi_struct, "search dnscrypt\n"); diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index 91c958bed..ceb3b9b74 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -36,7 +36,7 @@ static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search dofus\n"); diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 19671cf56..06d9a9855 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -36,7 +36,7 @@ struct ndpi_drda_hdr { void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; u_int16_t payload_len = packet->payload_packet_len; u_int count = 0; // prevent integer overflow diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index 3683ab131..d515bbd2b 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -39,7 +39,7 @@ static void ndpi_int_dropbox_add_connection(struct ndpi_detection_module_struct static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index a6ffc34dc..d088a9d2e 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -45,7 +45,7 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd return; } - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (!packet) { return; } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 39c29b475..24f14e603 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -156,7 +156,7 @@ static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) { } static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index bb4f40a50..299b8525d 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -37,7 +37,7 @@ static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struc void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n"); diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index 584986cca..92819c4ee 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -36,7 +36,7 @@ static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct * void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search fiesta\n"); diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index 5d27e1c98..eba60a372 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -30,7 +30,7 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search FIX\n"); if(packet->tcp && packet->payload_packet_len > 5) { diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index 9e3977422..14f1091c8 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -36,7 +36,7 @@ static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *n void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search florensia\n"); diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 53a283a99..7b6544bb4 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -581,7 +581,7 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow, static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check connection over TCP */ diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index affc58d7c..b8b526446 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -34,7 +34,7 @@ static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct } static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Check connection over TCP */ if(packet->tcp) { @@ -46,7 +46,7 @@ static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_st } static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(payload_len > 10) { @@ -70,7 +70,7 @@ static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *nd } static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* A FTP packet is pretty long so 256 is a bit conservative but it should be OK */ @@ -226,7 +226,7 @@ static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Make sure we see the beginning of the connection as otherwise we might have diff --git a/src/lib/protocols/genshin_impact.c b/src/lib/protocols/genshin_impact.c index 4144cecef..7ed0e7fa3 100644 --- a/src/lib/protocols/genshin_impact.c +++ b/src/lib/protocols/genshin_impact.c @@ -35,7 +35,7 @@ static void ndpi_int_genshin_impact_add_connection( static void ndpi_search_genshin_impact(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search genshin-impact\n"); diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index 05f22ff18..0c115e4bb 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -30,7 +30,7 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Git\n"); diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 66db0096e..67ec1b0d6 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -33,7 +33,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -64,7 +64,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 2c8316ac6..956ebe355 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -64,7 +64,7 @@ struct gtp_header_generic { static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) { diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 133009449..54391aed5 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -36,7 +36,7 @@ static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struc void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search guildwars\n"); diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 015a6a134..70d34d7ee 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -33,7 +33,7 @@ struct tpkt { void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, "search H323\n"); diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 11d2db813..79e7d0b1b 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -37,7 +37,7 @@ static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struc void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search halflife2\n"); diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 6edb6b178..0db373a04 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" /* stun.c */ -extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); +extern u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev); /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 @@ -63,7 +63,7 @@ static u_int8_t google_ptree_match(struct ndpi_detection_module_struct *ndpi_str static u_int8_t is_google_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->iph) { struct in_addr saddr, daddr; @@ -83,7 +83,7 @@ static u_int8_t is_google_flow(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Hangout\n"); @@ -101,9 +101,9 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); - if(ndpi_struct->stun_cache && flow->packet.iph && flow->packet.udp) { - u_int32_t key = get_stun_lru_key(flow, !matched_src); - + if(ndpi_struct->stun_cache && packet->iph && packet->udp) { + u_int32_t key = get_stun_lru_key(packet, !matched_src); + #ifdef DEBUG_LRU printf("[LRU] ADDING %u / %u.%u\n", key, NDPI_PROTOCOL_STUN, NDPI_PROTOCOL_HANGOUT_DUO); #endif diff --git a/src/lib/protocols/hpvirtgrp.c b/src/lib/protocols/hpvirtgrp.c index a2b977a48..8ba9d9b8d 100644 --- a/src/lib/protocols/hpvirtgrp.c +++ b/src/lib/protocols/hpvirtgrp.c @@ -35,7 +35,7 @@ static void ndpi_int_hpvirtgrp_add_connection( static void ndpi_search_hpvirtgrp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search hpvirtgrp\n"); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index d7d670a86..055726af0 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -139,7 +139,7 @@ static void ndpi_http_check_human_redeable_content(struct ndpi_detection_module_ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *double_ret = (const u_int8_t *)ndpi_strnstr((const char *)packet->payload, "\r\n\r\n", packet->payload_packet_len); NDPI_LOG_DBG(ndpi_struct, "==>>> [len: %u] ", packet->payload_packet_len); @@ -174,7 +174,7 @@ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi /* https://www.freeformatter.com/mime-types-list.html */ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->content_line.len > 0) { u_int app_len = sizeof("application"); @@ -314,7 +314,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if((packet->accept_line.len >= 28) && (memcmp(packet->accept_line.ptr, "application/x-rtsp-tunnelled", 28) == 0)) { @@ -499,7 +499,7 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct */ static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int ret; if(flow->http_detected && (flow->http.response_status_code != 0)) @@ -524,8 +524,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[packet->host_line.len]); } - flow->http.method = ndpi_http_str2method((const char*)flow->packet.http_method.ptr, - (u_int16_t)flow->packet.http_method.len); + flow->http.method = ndpi_http_str2method((const char*)packet->http_method.ptr, + (u_int16_t)packet->http_method.len); } if(packet->server_line.ptr != NULL && (packet->server_line.len > 7)) { @@ -723,7 +723,7 @@ static const char *http_fs = "CDGHOPR"; static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; unsigned int i; NDPI_LOG_DBG2(ndpi_struct, "====>>>> HTTP: %c%c%c%c [len: %u]\n", @@ -794,7 +794,7 @@ static int is_a_suspicious_header(const char* suspicious_headers[], struct ndpi_ static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { u_int32_t i; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; for(i=0; (i < packet->parsed_lines) && (packet->line[i].ptr != NULL) @@ -862,7 +862,7 @@ static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_str static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/ packet->packet_lines_parsed_complete = 0; diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index de5796d3c..a3087e572 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -39,7 +39,7 @@ static void ndpi_int_iax_add_connection(struct ndpi_detection_module_struct *ndp static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t i; u_int16_t packet_len; @@ -87,7 +87,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 9171b09d9..d8b4ffb25 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -35,7 +35,7 @@ static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i; NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); diff --git a/src/lib/protocols/iec60870-5-104.c b/src/lib/protocols/iec60870-5-104.c index b2da8c34c..97c367d92 100644 --- a/src/lib/protocols/iec60870-5-104.c +++ b/src/lib/protocols/iec60870-5-104.c @@ -30,7 +30,7 @@ void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Check connection over TCP */ NDPI_LOG_DBG(ndpi_struct, "search IEC60870\n"); diff --git a/src/lib/protocols/imo.c b/src/lib/protocols/imo.c index 90f2c6086..2784e7143 100644 --- a/src/lib/protocols/imo.c +++ b/src/lib/protocols/imo.c @@ -33,7 +33,7 @@ static void ndpi_int_imo_add_connection(struct ndpi_detection_module_struct } void ndpi_search_imo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search IMO\n"); diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index 7d2c0b6fb..0a91cc46a 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -37,7 +37,7 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t i; NDPI_LOG_DBG(ndpi_struct, "search ipp\n"); diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index a6ed0466b..bb1b65929 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -64,7 +64,7 @@ u_int8_t ndpi_is_duplicate(struct ndpi_id_struct *id_t, u_int16_t port) static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // u_int16_t i; u_int8_t number_of_lines_to_be_searched_for = 0; @@ -88,7 +88,7 @@ static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_st static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i, packetl = packet->payload_packet_len; if (packetl < 4) { @@ -110,7 +110,7 @@ static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndp static u_int8_t ndpi_check_for_cmd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i; if (packet->payload_packet_len < 4) { @@ -150,7 +150,7 @@ static u_int8_t ndpi_check_for_IRC_traces(const u_int8_t * ptr, u_int16_t len) u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "start fast detect\n"); @@ -367,7 +367,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 1dbf5122e..46516a3ee 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -49,7 +49,7 @@ static void ndpi_int_jabber_add_connection(struct ndpi_detection_module_struct * static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t x) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int i, left = packet->payload_packet_len-x; if(left <= 0) return; @@ -64,7 +64,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; u_int16_t x; diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 987a40f62..2368ab3ab 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -32,7 +32,7 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search kakaotalk_voice\n"); diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 2f8c550ca..fe1aba684 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -42,7 +42,7 @@ static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t sport = packet->tcp ? ntohs(packet->tcp->source) : ntohs(packet->udp->source); u_int16_t dport = packet->tcp ? ntohs(packet->tcp->dest) : ntohs(packet->udp->dest); const u_int8_t *original_packet_payload = NULL; diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 8f23402cd..69bca3d7b 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -39,7 +39,7 @@ static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Kontiki\n"); diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index 00e1bf9d8..9f6c0fec0 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -37,7 +37,7 @@ static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search ldap\n"); diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index b56f43b20..df9f0ef60 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -38,7 +38,7 @@ static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->udp != NULL) { diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 73cae8fe0..a0d69ffa6 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -29,7 +29,7 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 5810ec219..7646b9e82 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -37,7 +37,7 @@ static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struc void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i = 0; u_int16_t space_pos = 0; u_int16_t command_start = 0; diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index e522fc187..c51192b44 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -58,7 +58,7 @@ static void popInitExtraPacketProcessing(struct ndpi_flow_struct *flow); static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->payload_packet_len > 4) { if((packet->payload[0] == 'A' || packet->payload[0] == 'a') @@ -147,7 +147,7 @@ static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_mod void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t a = 0; u_int8_t bit_count = 0; diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 256026c25..7ee1cdd8d 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -67,7 +67,7 @@ static void smtpInitExtraPacketProcessing(struct ndpi_flow_struct *flow); void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n"); diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index ea13205ae..9268ff0e2 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -36,7 +36,7 @@ static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_stru void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search maplestory\n"); diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index 2cfae0199..b729bfed1 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -28,7 +28,7 @@ void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search for MEGACO\n"); diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c index 0722c5fc5..3aef1fd55 100644 --- a/src/lib/protocols/memcached.c +++ b/src/lib/protocols/memcached.c @@ -103,7 +103,7 @@ void ndpi_search_memcached( struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *offset = packet->payload; u_int16_t length = packet->payload_packet_len; u_int8_t *matches; diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index bc643ba9d..a00a2fdab 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -37,7 +37,7 @@ static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t pos = 5; diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c index e336bc8de..f20ff7167 100644 --- a/src/lib/protocols/mining.c +++ b/src/lib/protocols/mining.c @@ -38,7 +38,7 @@ static void cacheMiningHostTwins(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t source = ntohs(packet->udp->source); u_int16_t dest = ntohs(packet->udp->dest); @@ -62,7 +62,7 @@ void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } } @@ -80,7 +80,7 @@ static u_int8_t isEthPort(u_int16_t dport) { void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search MINING TCP\n"); @@ -98,7 +98,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } } @@ -111,7 +111,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } else flow->guessed_protocol_id = NDPI_PROTOCOL_MINING; @@ -132,7 +132,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len) && (ndpi_strnstr((const char *)packet->payload, "\"method\":", packet->payload_packet_len) @@ -156,7 +156,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } } diff --git a/src/lib/protocols/modbus.c b/src/lib/protocols/modbus.c index c98c71298..cd6d55dec 100644 --- a/src/lib/protocols/modbus.c +++ b/src/lib/protocols/modbus.c @@ -29,7 +29,7 @@ void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Modbus\n"); u_int16_t modbus_port = htons(502); // port used by modbus diff --git a/src/lib/protocols/mongodb.c b/src/lib/protocols/mongodb.c index 7d079273c..70d841709 100644 --- a/src/lib/protocols/mongodb.c +++ b/src/lib/protocols/mongodb.c @@ -66,7 +66,7 @@ static void set_mongodb_detected(struct ndpi_detection_module_struct *ndpi_struc static void ndpi_check_mongodb(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct mongo_message_header mongodb_hdr; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len <= sizeof(mongodb_hdr)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 2209294bd..a0feed111 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -27,7 +27,7 @@ void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search MPEGTS\n"); diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index fc2d5c5fd..58bb2fb1c 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -68,7 +68,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t rl,pt,flags; NDPI_LOG_DBG(ndpi_struct, "search Mqtt\n"); - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 03b4640ec..f168d418d 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -46,7 +46,7 @@ static void ndpi_int_mssql_tds_add_connection(struct ndpi_detection_module_struc void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; NDPI_LOG_DBG(ndpi_struct, "search mssql_tds\n"); diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index 948a5cb77..0a4c07c36 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -30,7 +30,7 @@ #include "ndpi_api.h" void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search MySQL\n"); diff --git a/src/lib/protocols/nats.c b/src/lib/protocols/nats.c index 0254a02c4..a036303e8 100644 --- a/src/lib/protocols/nats.c +++ b/src/lib/protocols/nats.c @@ -40,7 +40,7 @@ static const char* commands[] = void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Check connection over TCP */ NDPI_LOG_DBG(ndpi_struct, "search NATS\n"); @@ -49,14 +49,14 @@ void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct, int i; for(i=0; commands[i] != NULL; i++) { - char *match = ndpi_strnstr((const char *)flow->packet.payload, + char *match = ndpi_strnstr((const char *)packet->payload, commands[i], - flow->packet.payload_packet_len); + packet->payload_packet_len); if(!match) continue; if(ndpi_strnstr((const char *)match, "\r\n", - flow->packet.payload_packet_len - ((size_t)match - (size_t)flow->packet.payload)) != NULL) { + packet->payload_packet_len - ((size_t)match - (size_t)packet->payload)) != NULL) { NDPI_LOG_INFO(ndpi_struct, "found NATS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NATS, NDPI_PROTOCOL_UNKNOWN); diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c index 70eb515b7..739e4ebe0 100644 --- a/src/lib/protocols/nest_log_sink.c +++ b/src/lib/protocols/nest_log_sink.c @@ -37,7 +37,7 @@ void ndpi_search_nest_log_sink( struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search nest_log_sink\n"); diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index fa77c9f6f..ccf910489 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -94,12 +94,14 @@ int ndpi_netbios_name_interpret(u_char *in, u_int in_len, u_char *out, u_int out static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t sub_protocol) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + unsigned char name[64]; - u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14; + u_int off = packet->payload[12] == 0x20 ? 12 : 14; - if((off < flow->packet.payload_packet_len) - && ndpi_netbios_name_interpret((unsigned char*)&flow->packet.payload[off], - (u_int)(flow->packet.payload_packet_len - off), name, sizeof(name)-1) > 0) { + if((off < packet->payload_packet_len) + && ndpi_netbios_name_interpret((unsigned char*)&packet->payload[off], + (u_int)(packet->payload_packet_len - off), name, sizeof(name)-1) > 0) { snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1); @@ -115,7 +117,7 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport; NDPI_LOG_DBG(ndpi_struct, "search netbios\n"); diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index d91993854..0cb9cd163 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -99,7 +99,7 @@ struct flow_ver7_rec { void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; time_t now; diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index 2eb930ca2..0e7bd0895 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -38,7 +38,7 @@ static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search NFS\n"); diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index bbc87a495..963087909 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -35,7 +35,7 @@ static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(packet->udp != NULL) { diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 61eec9468..4728510fd 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -39,7 +39,7 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search NOE\n"); diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index 46ff4e67b..b860ca784 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -40,7 +40,7 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->iph == NULL) { if (packet->iphv6 == NULL) diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 211ac446f..db9416121 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -36,7 +36,7 @@ static void ndpi_int_ntp_add_connection(struct ndpi_detection_module_struct void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search NTP\n"); diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c index 216ad7833..9d9cc981c 100644 --- a/src/lib/protocols/ookla.c +++ b/src/lib/protocols/ookla.c @@ -28,7 +28,7 @@ const u_int16_t ookla_port = 8080; /* ************************************************************* */ void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; u_int32_t addr = 0; u_int16_t sport, dport; diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index 035b3724e..96e0735ca 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -37,7 +37,7 @@ static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct void ndpi_search_openft_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) { NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index e218b44d1..5c08ed6c5 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -81,7 +81,7 @@ int8_t check_pkid_and_detect_hmac_size(const u_int8_t * payload) { void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; const u_int8_t * ovpn_payload = packet->payload; const u_int8_t * session_remote; u_int8_t opcode; diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index a24837a68..bd04922bc 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -33,7 +33,7 @@ static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, "search ORACLE\n"); diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index 68e5d02f1..19cdec4c7 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -39,7 +39,7 @@ static void ndpi_int_postgres_add_connection(struct ndpi_detection_module_struct void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t size; if (flow->l4.tcp.postgres_stage == 0) { diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 5f119b984..44eb812dc 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -41,7 +41,7 @@ static void ndpi_int_ppstream_add_connection(struct ndpi_detection_module_struct void ndpi_search_ppstream(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search PPStream\n"); /** diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index e87106f88..d3ff2bd15 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -37,7 +37,7 @@ static void ndpi_int_pptp_add_connection(struct ndpi_detection_module_struct void ndpi_search_pptp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search pptp\n"); diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 51f6d2859..76f34a241 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -39,7 +39,7 @@ static void ndpi_int_qq_add_connection(struct ndpi_detection_module_struct *ndpi void ndpi_search_qq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search QQ\n"); diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 1a79de2b9..dbdb9e6f1 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -929,7 +929,7 @@ static uint8_t *decrypt_initial_packet(struct ndpi_detection_module_struct *ndpi uint32_t *clear_payload_len) { uint64_t token_length, payload_length, packet_number; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; uint8_t first_byte; uint32_t pkn32, pn_offset, pkn_len, offset; quic_ciphers ciphers; /* Client initial ciphers */ @@ -1235,7 +1235,7 @@ static uint8_t *get_clear_payload(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_flow_struct *flow, uint32_t version, uint32_t *clear_payload_len) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t *clear_payload; u_int8_t dest_conn_id_len; #ifdef HAVE_LIBGCRYPT @@ -1286,7 +1286,7 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t *crypto_data, uint32_t crypto_data_len, uint32_t version) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Overwriting packet payload */ u_int16_t p_len; @@ -1409,7 +1409,7 @@ static int may_be_initial_pkt(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t *version) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t first_byte; u_int8_t pub_bit1, pub_bit2, pub_bit3, pub_bit4, pub_bit5, pub_bit7, pub_bit8; u_int8_t dest_conn_id_len, source_conn_id_len; @@ -1529,7 +1529,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* We are elaborating a packet following the initial CHLO/ClientHello. Two cases: diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index ed0c888ce..ffc7ffc13 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -33,7 +33,7 @@ struct radius_header { static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index e783d7d4e..6b3564e79 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -36,7 +36,7 @@ static void ndpi_int_rdp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search RDP\n"); diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 200183d66..72b247130 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -31,7 +31,7 @@ static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *n static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(payload_len == 0) return; /* Shouldn't happen */ diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 8cc3dd16d..978cc42e0 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -33,7 +33,7 @@ static void ndpi_int_rsync_add_connection(struct ndpi_detection_module_struct void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search RSYNC\n"); diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index 0e03ea8a8..253402955 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -20,7 +20,7 @@ static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, "search RTCP\n"); diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index 2f49b9faa..80d92f151 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -37,7 +37,7 @@ static void ndpi_int_rtmp_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 111c57737..24f92afe2 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -77,7 +77,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_len) { u_int8_t payloadType, payload_type; - u_int16_t d_port = ntohs(flow->packet.udp->dest); + u_int16_t d_port = ntohs(ndpi_struct->packet.udp->dest); NDPI_LOG_DBG(ndpi_struct, "search RTP\n"); @@ -122,7 +122,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t source = ntohs(packet->udp->source); u_int16_t dest = ntohs(packet->udp->dest); diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 4a365650e..2a882fe54 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -40,7 +40,7 @@ static void ndpi_int_rtsp_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index bd24b979d..a20594c05 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -78,7 +78,7 @@ struct ndpi_rx_header { void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; NDPI_LOG_DBG2(ndpi_struct, "RX: pck: %d, dir[0]: %d, dir[1]: %d\n", diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c index ac1584225..4aef6fa6f 100644 --- a/src/lib/protocols/s7comm.c +++ b/src/lib/protocols/s7comm.c @@ -26,7 +26,7 @@ void ndpi_search_s7comm_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search S7\n");
u_int16_t s7comm_port = htons(102);
if(packet->tcp) {
diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index dadd3ec4f..01ab1e226 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -26,7 +26,7 @@ void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index bc1782508..3fdb060d1 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -37,7 +37,7 @@ static void ndpi_int_shoutcast_add_connection(struct ndpi_detection_module_struc void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search shoutcast\n"); diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 2a0357789..6c159afdd 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -44,7 +44,7 @@ __forceinline static void ndpi_search_sip_handshake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index 5ec54dbdf..23a3b32c3 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -32,7 +32,7 @@ static void ndpi_int_skinny_add_connection(struct ndpi_detection_module_struct void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; const char pattern_9_bytes[9] = { 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; const char pattern_8_bytes[8] = { 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 7508283ce..4bbc46bb8 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -28,7 +28,7 @@ static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { } static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; int i; const uint8_t id_flags_iv_crc_len = 11; @@ -67,7 +67,7 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ } static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 23a61164c..c8e4333da 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -27,7 +27,7 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search SMB\n"); diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 7ddb4b4d2..aaf129743 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -41,9 +41,10 @@ static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_l void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &ndpi_struct->packet; + NDPI_LOG_DBG(ndpi_struct, "search SMPP\n"); if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SMPP){ - struct ndpi_packet_struct* packet = &flow->packet; // min SMPP packet length = 16 bytes if (packet->payload_packet_len < 16) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index a3054d76c..786b18d5d 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -32,7 +32,7 @@ static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t snmp_port = htons(161), trap_port = htons(162); if((packet->payload_packet_len <= 32) diff --git a/src/lib/protocols/soap.c b/src/lib/protocols/soap.c index dfbaf6c1e..6ae0bdae3 100644 --- a/src/lib/protocols/soap.c +++ b/src/lib/protocols/soap.c @@ -33,7 +33,7 @@ static void ndpi_int_soap_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_soap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search soap\n"); diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index a39d8da47..4f57ff7ea 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -36,7 +36,7 @@ static void ndpi_int_socks_add_connection(struct ndpi_detection_module_struct *n static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ @@ -77,7 +77,7 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 5c617fa86..12174a505 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -101,7 +101,7 @@ static u_int32_t someip_data_cover_32(const u_int8_t *data) void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - const struct ndpi_packet_struct *packet = &flow->packet; + const struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len < 16) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index e723b9017..8cacee346 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -101,7 +101,7 @@ static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (flow->packet_counter == 1 && packet->payload_packet_len == 54 && get_u_int16_t(packet->payload, 0) == ntohs(0x0036)) { if (ndpi_int_is_sopcast_tcp(packet->payload, packet->payload_packet_len)) { @@ -118,7 +118,7 @@ static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search sopcast. \n"); @@ -202,7 +202,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct void ndpi_search_sopcast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->udp != NULL) ndpi_search_sopcast_udp(ndpi_struct, flow); diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index c20c8e6dc..50dd98719 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -37,7 +37,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index b0a077251..6e5efb36e 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -38,7 +38,7 @@ static void ndpi_int_spotify_add_connection(struct ndpi_detection_module_struct static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index 0b8f45d0d..d3752d4d1 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -38,7 +38,7 @@ static void ndpi_int_ssdp_add_connection(struct ndpi_detection_module_struct /* this detection also works asymmetrically */ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search ssdp\n"); if (packet->udp != NULL) { diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 6d62c3724..fdf0b55b0 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -401,7 +401,7 @@ static void ndpi_ssh_zap_cr(char *str, int len) { /* ************************************************************************ */ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; #ifdef SSH_DEBUG printf("[SSH] %s()\n", __FUNCTION__); diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 9419b7a5b..c26b76a0a 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -49,10 +49,12 @@ u_int8_t sc2_match_logon_ip(struct ndpi_packet_struct* packet) */ u_int8_t ndpi_check_starcraft_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - if (sc2_match_logon_ip(&flow->packet) - && flow->packet.tcp->dest == htons(1119) //bnetgame port - && (ndpi_match_strprefix(flow->packet.payload, flow->packet.payload_packet_len, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66") - || ndpi_match_strprefix(flow->packet.payload, flow->packet.payload_packet_len, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66"))) + struct ndpi_packet_struct* packet = &ndpi_struct->packet; + + if (sc2_match_logon_ip(packet) + && packet->tcp->dest == htons(1119) //bnetgame port + && (ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66") + || ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66"))) return 1; else return -1; @@ -66,7 +68,7 @@ u_int8_t ndpi_check_starcraft_tcp(struct ndpi_detection_module_struct* ndpi_stru */ u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; /* First off, filter out any traffic not using port 1119, removing the chance of any false positive if we assume that non allowed protocols don't use the port */ if (packet->udp->source != htons(1119) && packet->udp->dest != htons(1119)) @@ -114,9 +116,10 @@ u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_stru void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &ndpi_struct->packet; + NDPI_LOG_DBG(ndpi_struct, "search Starcraft\n"); if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_STARCRAFT) { - struct ndpi_packet_struct* packet = &flow->packet; int8_t result = 0; if (packet->udp != NULL) { diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 972033016..4eb505a41 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -38,7 +38,7 @@ static void ndpi_int_stealthnet_add_connection(struct ndpi_detection_module_stru void ndpi_search_stealthnet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search stealthnet\n"); diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 5a72d9f8d..930152b17 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -35,7 +35,7 @@ static void ndpi_int_steam_add_connection(struct ndpi_detection_module_struct *n } static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); if (packet->user_agent_line.ptr != NULL @@ -47,7 +47,7 @@ static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if (flow->steam_stage == 0) { @@ -104,7 +104,7 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc } static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if (ndpi_match_strprefix(packet->payload, payload_len, "VS01")) { @@ -185,7 +185,7 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ @@ -220,7 +220,7 @@ static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ @@ -255,8 +255,9 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru } void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; - if(flow->packet.udp != NULL) { + if(packet->udp != NULL) { if(flow->packet_counter > 5) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 2f14639c9..19129165b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -40,11 +40,11 @@ struct stun_packet_header { /* ************************************************************ */ -u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { +u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev) { if(rev) - return(flow->packet.iph->daddr + flow->packet.udp->dest); + return(packet->iph->daddr + packet->udp->dest); else - return(flow->packet.iph->saddr + flow->packet.udp->source); + return(packet->iph->saddr + packet->udp->source); } /* ************************************************************ */ @@ -52,15 +52,17 @@ u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int proto, u_int app_proto) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); if(ndpi_struct->stun_cache - && flow->packet.iph - && flow->packet.udp + && packet->iph + && packet->udp && (app_proto != NDPI_PROTOCOL_UNKNOWN) ) /* Cache flow sender info */ { - u_int32_t key = get_stun_lru_key(flow, 0); + u_int32_t key = get_stun_lru_key(packet, 0); u_int16_t cached_proto; if(ndpi_lru_find_cache(ndpi_struct->stun_cache, key, @@ -70,7 +72,7 @@ void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_stru #endif app_proto = cached_proto, proto = NDPI_PROTOCOL_STUN; } else { - u_int32_t key_rev = get_stun_lru_key(flow, 1); + u_int32_t key_rev = get_stun_lru_key(packet, 1); if(ndpi_lru_find_cache(ndpi_struct->stun_cache, key_rev, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { @@ -146,12 +148,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_length) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t msg_type, msg_len; int rc; - if(flow->packet.iph && - ((flow->packet.iph->daddr == 0xFFFFFFFF /* 255.255.255.255 */) || - ((ntohl(flow->packet.iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */))) { + if(packet->iph && + ((packet->iph->daddr == 0xFFFFFFFF /* 255.255.255.255 */) || + ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */))) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return(NDPI_IS_NOT_STUN); } @@ -193,7 +196,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * */ if(payload[0] == 0x16) { /* Let's check if this is DTLS used by some socials */ - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t total_len, version = htons(*((u_int16_t*) &packet->payload[1])); switch (version) { @@ -220,7 +223,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(ndpi_struct->stun_cache) { u_int16_t proto; - u_int32_t key = get_stun_lru_key(flow, 0); + u_int32_t key = get_stun_lru_key(packet, 0); int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -229,7 +232,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #endif if(!rc) { - key = get_stun_lru_key(flow, 1); + key = get_stun_lru_key(packet, 1); rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -468,8 +471,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * udp_stun_found: flow->protos.tls_quic_stun.stun.num_processed_pkts++; - struct ndpi_packet_struct *packet = &flow->packet; - #ifdef DEBUG_STUN printf("==>> NDPI_PROTOCOL_WHATSAPP_CALL\n"); #endif @@ -486,7 +487,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search stun\n"); diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index f0e7ae7df..45b005030 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -37,7 +37,7 @@ static void ndpi_int_syslog_add_connection(struct ndpi_detection_module_struct void ndpi_search_syslog(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t i; NDPI_LOG_DBG(ndpi_struct, "search syslog\n"); diff --git a/src/lib/protocols/targus_getdata.c b/src/lib/protocols/targus_getdata.c index bbc524bd9..acaa4f6a2 100644 --- a/src/lib/protocols/targus_getdata.c +++ b/src/lib/protocols/targus_getdata.c @@ -29,7 +29,7 @@ static void ndpi_check_targus_getdata(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->iph) { u_int16_t targus_getdata_port = ntohs(5201); diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index b167b08e4..df3a8bf68 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -55,7 +55,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st { u_int16_t sport, dport; u_int proto; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(flow->host_server_name[0] != '\0') return; @@ -72,8 +72,8 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, flow, - flow->packet.iph ? flow->packet.iph->protocol : - flow->packet.iphv6->ip6_hdr.ip6_un1_nxt, + packet->iph ? packet->iph->protocol : + packet->iphv6->ip6_hdr.ip6_un1_nxt, ntohl(packet->iph->saddr), ntohl(packet->iph->daddr), sport, dport); diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index a2a1002ff..8f6cdc7ba 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -32,7 +32,7 @@ static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struc void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search teamspeak\n"); diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index d279b1a8a..54408b2d1 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -39,7 +39,7 @@ static void ndpi_int_teamview_add_connection(struct ndpi_detection_module_struct void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search teamwiewer\n"); /* @@ -48,9 +48,9 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru http://myip.ms/view/ip_owners/144885/Teamviewer_Gmbh.html */ - if(flow->packet.iph) { - u_int32_t src = ntohl(flow->packet.iph->saddr); - u_int32_t dst = ntohl(flow->packet.iph->daddr); + if(packet->iph) { + u_int32_t src = ntohl(packet->iph->saddr); + u_int32_t dst = ntohl(packet->iph->daddr); /* 95.211.37.195 - 95.211.37.203 */ if(((src >= 1607673283) && (src <= 1607673291)) diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index cb21092ae..f035d914e 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -45,7 +45,7 @@ static u_int8_t is_telegram_port_range(u_int16_t port) { void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search telegram\n"); diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index b08022b05..bdf695687 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -35,7 +35,7 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int i; #ifdef TELNET_DEBUG @@ -130,7 +130,7 @@ __forceinline static #endif u_int8_t search_iac(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t a; diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 87b6804dd..3a81b1b4b 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -27,7 +27,7 @@ /* https://en.wikipedia.org/wiki/Teredo_tunneling */ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index f783353d0..fed53506e 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -39,7 +39,7 @@ static void ndpi_int_tftp_add_connection(struct ndpi_detection_module_struct void ndpi_search_tftp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search TFTP\n"); diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 42fc8c83e..31fa720d4 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -32,7 +32,7 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -58,7 +58,7 @@ __forceinline static void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { @@ -89,7 +89,7 @@ __forceinline static void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { @@ -145,7 +145,7 @@ __forceinline static void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -195,7 +195,7 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct void ndpi_search_thunder(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // //struct ndpi_id_struct *src = flow->src; //struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index 0adfbebd5..04974cd8e 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -28,7 +28,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 2270b05ab..aac8798b3 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -105,7 +105,7 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int32_t protocol) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // protocol = NDPI_PROTOCOL_TLS; @@ -138,7 +138,7 @@ static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_st void ndpi_search_tls_tcp_memory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int avail_bytes; /* TCP */ @@ -284,11 +284,13 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet, static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) { /* Subprotocol not yet set */ - if(ndpi_struct->tls_cert_cache && flow->packet.iph && flow->packet.tcp) { - u_int32_t key = flow->packet.iph->daddr + flow->packet.tcp->dest; + if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) { + u_int32_t key = packet->iph->daddr + packet->tcp->dest; u_int16_t cached_proto; if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key, @@ -311,7 +313,7 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct static void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t p_offset, u_int16_t certificate_len) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t num_found = 0, i; char buffer[64] = { '\0' }, rdnSeqBuf[2048]; u_int rdn_len = 0; @@ -431,7 +433,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi offset += 2; if((offset+len) < packet->payload_packet_len) { - u_int32_t time_sec = flow->packet.current_time_ms / 1000; + u_int32_t time_sec = packet->current_time_ms / 1000; #ifdef DEBUG_TLS u_int j; @@ -601,8 +603,8 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi if(ndpi_struct->tls_cert_cache == NULL) ndpi_struct->tls_cert_cache = ndpi_lru_cache_init(1024); - if(ndpi_struct->tls_cert_cache && flow->packet.iph) { - u_int32_t key = flow->packet.iph->daddr + flow->packet.tcp->dest; + if(ndpi_struct->tls_cert_cache && packet->iph) { + u_int32_t key = packet->iph->daddr + packet->tcp->dest; ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id); } @@ -624,7 +626,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi /* See https://blog.catchpoint.com/2017/05/12/dissecting-tls-using-wireshark/ */ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int is_dtls = packet->udp ? 1 : 0; u_int32_t certificates_length, length = (packet->payload[1] << 16) + (packet->payload[2] << 8) + packet->payload[3]; u_int32_t certificates_offset = 7 + (is_dtls ? 8 : 0); @@ -749,7 +751,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int ret; #ifdef DEBUG_TL @@ -812,7 +814,7 @@ static void ndpi_looks_like_tls(struct ndpi_detection_module_struct *ndpi_struct static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t something_went_wrong = 0; #ifdef DEBUG_TLS_MEMORY @@ -971,7 +973,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t handshake_len; u_int16_t p_len, processed; const u_int8_t *p; @@ -1069,11 +1071,13 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, static void tlsInitExtraPacketProcessing(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + flow->check_extra_packets = 1; /* At most 12 packets should almost always be enough to find the server certificate if it's there */ flow->max_extra_packets_to_check = 12 + (ndpi_struct->num_tls_blocks_to_follow*4); - flow->extra_packets_func = (flow->packet.udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp; + flow->extra_packets_func = (packet->udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp; } /* **************************************** */ @@ -1108,11 +1112,13 @@ static void tlsCheckUncommonALPN(struct ndpi_detection_module_struct *ndpi_struc static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int32_t protocol) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + #if DEBUG_TLS printf("[TLS] %s()\n", __FUNCTION__); #endif - if((flow->packet.udp != NULL) && (protocol == NDPI_PROTOCOL_TLS)) + if((packet->udp != NULL) && (protocol == NDPI_PROTOCOL_TLS)) protocol = NDPI_PROTOCOL_DTLS; if((flow->detected_protocol_stack[0] == protocol) @@ -1138,7 +1144,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct * const flow, int is_dtls, u_int16_t extension_id, u_int16_t extension_len, u_int16_t extension_payload_offset) { - struct ndpi_packet_struct const * const packet = &flow->packet; + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; if (extension_payload_offset + extension_len > packet->payload_packet_len) { @@ -1206,7 +1212,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct, int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t quic_version) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; union ja3_info ja3; u_int8_t invalid_ja3 = 0; u_int16_t tls_version, ja3_str_len; @@ -2266,7 +2272,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; #ifdef DEBUG_TLS printf("==>> %s() %u [len: %u][version: %u]\n", diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index a0ecad9de..be6ce943e 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -37,7 +37,7 @@ static void ndpi_int_tvuplayer_add_connection(struct ndpi_detection_module_struc void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search tvuplayer. \n"); diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index b2d3f5ab4..0f3aaa9bd 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -33,7 +33,7 @@ static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search ubntac2\n"); NDPI_LOG_DBG2(ndpi_struct, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 27efb488a..f63948cb1 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -40,7 +40,7 @@ static void ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search usenet\n"); diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index b91793b1b..36e9f3a37 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -38,7 +38,7 @@ static void ndpi_int_vhua_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; u_char p0[] = { 0x05, 0x14, 0x3a, 0x05, 0x08, 0xf8, 0xa1, 0xb1, 0x03 }; diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 04f781e7b..4a09a07f6 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -27,7 +27,7 @@ void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search for VIBER\n"); diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index bdced12dd..4c161867e 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -26,7 +26,7 @@ void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search vmware\n"); /* Check whether this is an VMWARE flow */ diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index 4bcd0e35c..cac2fe46d 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -28,7 +28,7 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search vnc\n"); /* search over TCP */ diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index c33dfc184..f11d5fc6e 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -37,7 +37,7 @@ static void ndpi_int_warcraft3_add_connection(struct ndpi_detection_module_struc void ndpi_search_warcraft3(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t l; /* Leave it as u_int32_t because otherwise 'u_int16_t temp' diff --git a/src/lib/protocols/websocket.c b/src/lib/protocols/websocket.c index 853ce8094..84aaf12f0 100644 --- a/src/lib/protocols/websocket.c +++ b/src/lib/protocols/websocket.c @@ -61,7 +61,7 @@ static void set_websocket_detected(struct ndpi_detection_module_struct *ndpi_str static void ndpi_check_websocket(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len < sizeof(u_int16_t)) { diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index 608e6576e..bfb39273a 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -25,7 +25,7 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; static u_int8_t whatsapp_sequence[] = { 0x45, 0x44, 0x0, 0x01, 0x0, 0x0, 0x02, 0x08, 0x0, 0x57, 0x41, 0x02, 0x0, 0x0, 0x0 diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index ed30de9e2..7321626d2 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -27,7 +27,7 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search WHOIS/DAS\n"); if(packet->tcp != NULL) { diff --git a/src/lib/protocols/wireguard.c b/src/lib/protocols/wireguard.c index b2cc4287c..eb18d94a8 100644 --- a/src/lib/protocols/wireguard.c +++ b/src/lib/protocols/wireguard.c @@ -42,7 +42,7 @@ enum wg_message_type { void ndpi_search_wireguard(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *payload = packet->payload; u_int8_t message_type = payload[0]; diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 25f287e66..aabc4a520 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -35,7 +35,7 @@ static void ndpi_int_world_of_kung_fu_add_connection(struct ndpi_detection_modul void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search world_of_kung_fu\n"); diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index e53a4caf9..9a61497dc 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -54,7 +54,7 @@ u_int8_t ndpi_int_is_wow_port(const u_int16_t port) void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/wsd.c b/src/lib/protocols/wsd.c index c557c7c52..f428eaa35 100644 --- a/src/lib/protocols/wsd.c +++ b/src/lib/protocols/wsd.c @@ -30,7 +30,7 @@ void ndpi_search_wsd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search wsd\n"); diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index 282086cd9..88e7042ba 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -35,7 +35,7 @@ static void ndpi_int_xbox_add_connection(struct ndpi_detection_module_struct void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* * XBOX UDP DETCTION ONLY diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index a6cbd679b..3bfdc8275 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -38,7 +38,7 @@ static void ndpi_int_xdmcp_add_connection(struct ndpi_detection_module_struct void ndpi_search_xdmcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search xdmcp\n"); diff --git a/src/lib/protocols/z3950.c b/src/lib/protocols/z3950.c index 0c95e5d85..fe168ea9b 100644 --- a/src/lib/protocols/z3950.c +++ b/src/lib/protocols/z3950.c @@ -87,7 +87,7 @@ static int z3950_parse_sequences(struct ndpi_packet_struct const * const packet, static void ndpi_search_z3950(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; int const minimum_expected_sequences = 6; NDPI_LOG_DBG(ndpi_struct, "search z39.50\n"); diff --git a/src/lib/protocols/zabbix.c b/src/lib/protocols/zabbix.c index 9e67a3159..bc2eb562b 100644 --- a/src/lib/protocols/zabbix.c +++ b/src/lib/protocols/zabbix.c @@ -36,7 +36,7 @@ static void ndpi_int_zabbix_add_connection(struct ndpi_detection_module_struct * void ndpi_search_zabbix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t tomatch[] = { 'Z', 'B', 'X', 'D', 0x1 }; NDPI_LOG_DBG(ndpi_struct, "search Zabbix\n"); diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 961c15d65..6b3e9625c 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -35,8 +35,10 @@ __forceinline static #endif u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - if(flow->packet.user_agent_line.ptr != NULL && flow->packet.user_agent_line.len == 111) { - if(memcmp(flow->packet.user_agent_line.ptr + flow->packet.user_agent_line.len - 25, "Zattoo/4", sizeof("Zattoo/4") - 1) == 0) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + + if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len == 111) { + if(memcmp(packet->user_agent_line.ptr + packet->user_agent_line.len - 25, "Zattoo/4", sizeof("Zattoo/4") - 1) == 0) { NDPI_LOG_DBG(ndpi_struct, "found zattoo useragent\n"); return 1; } @@ -54,7 +56,7 @@ u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndp void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index c955beca5..244e0603e 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -31,7 +31,7 @@ static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndp static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; u_char p0[] = { 0x00, 0x00, 0x00, 0x05, 0x01, 0x66, 0x6c, 0x6f, 0x77 }; u_char p1[] = { 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x7f }; |