diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-12-11 14:53:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-11 14:53:12 +0100 |
| commit | b3f2b1bb7f90c18a7542ab06acdf26318cdfa6fe (patch) | |
| tree | 1d23bc99d1c2271fdbeadad5a571e3907f5e40f5 /src/lib | |
| parent | 673b6e73451cce242aa612c06e80b5865b243ed6 (diff) | |
STUN: rework extra dissection (#2202)
Keep looking for RTP packets but remove the monitoring concept.
We will re-introduce a more general concept of "flow in monitoring
state" later.
The function was disabled by default.
Some configuration knobs will be provided when/if #2190 is merged.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 39 | ||||
| -rw-r--r-- | src/lib/ndpi_private.h | 3 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 20 |
3 files changed, 8 insertions, 54 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 02db29a68..6eafa598b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3387,9 +3387,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ndpi_str->opportunistic_tls_ftp_enabled = 1; ndpi_str->opportunistic_tls_stun_enabled = 1; - ndpi_str->monitoring_stun_pkts_to_process = 4; - ndpi_str->monitoring_stun_flags = 0; - ndpi_str->aggressiveness_ookla = NDPI_AGGRESSIVENESS_OOKLA_TLS; if(prefs & ndpi_enable_tcp_ack_payload_heuristic) @@ -10430,42 +10427,6 @@ int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow) /* ******************************************************************** */ -int ndpi_set_monitoring_state(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto, u_int32_t num_pkts, u_int32_t flags) -{ - if(!ndpi_struct || num_pkts > 0xFFFF) - return -1; - - switch(proto) { - case NDPI_PROTOCOL_STUN: - ndpi_struct->monitoring_stun_pkts_to_process = num_pkts; - ndpi_struct->monitoring_stun_flags = flags; - return 0; - default: - return -1; - } -} - -/* ******************************************************************** */ - -int ndpi_get_monitoring_state(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto, u_int32_t *num_pkts, u_int32_t *flags) -{ - if(!ndpi_struct || !num_pkts || !flags) - return -1; - - switch(proto) { - case NDPI_PROTOCOL_STUN: - *num_pkts = ndpi_struct->monitoring_stun_pkts_to_process; - *flags = ndpi_struct->monitoring_stun_flags; - return 0; - default: - return -1; - } -} - -/* ******************************************************************** */ - int ndpi_set_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t proto, int value) { diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h index e45a0aabe..148b4b9eb 100644 --- a/src/lib/ndpi_private.h +++ b/src/lib/ndpi_private.h @@ -253,9 +253,6 @@ struct ndpi_detection_module_struct { int opportunistic_tls_ftp_enabled; int opportunistic_tls_stun_enabled; - u_int32_t monitoring_stun_pkts_to_process; - u_int32_t monitoring_stun_flags; - u_int32_t aggressiveness_ookla; int tcp_ack_paylod_heuristic; diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index b3d83da8c..74dfc829b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -345,9 +345,8 @@ static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struc /* We have a sub-classification */ - if((ndpi_struct->monitoring_stun_flags & NDPI_MONITORING_STUN_SUBCLASSIFIED) && - flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RTP) - return 1; + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_RTP) + return 0; /* Looking for XOR-PEER-ADDRESS metadata; TODO: other protocols? */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) @@ -614,25 +613,22 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd ndpi_set_detected_protocol(ndpi_struct, flow, app_proto, __get_master(flow), confidence); } - /* This is quite complex. We want extra dissection for: + /* We want extra dissection for: * sub-classification - * metadata extraction in general - * Telegram: we need more packets to find all XOR-PEER-ADDRESS attributes - * monitoring, i.e. looking for RTP - And all these cases might overlap... + * metadata extraction or looking for RTP + The latter is enabled only without sub-classification or for Telegram + (to find all XOR-PEER-ADDRESS attributes) */ if(!flow->extra_packets_func) { if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN /* No-subclassification */ || - flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP /* Metadata. TODO: other protocols? */ || - (ndpi_struct->monitoring_stun_pkts_to_process > 0 && - (ndpi_struct->monitoring_stun_flags & NDPI_MONITORING_STUN_SUBCLASSIFIED))) { + flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP /* Metadata. TODO: other protocols? */) { NDPI_LOG_DBG(ndpi_struct, "Enabling extra dissection\n"); if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) { flow->max_extra_packets_to_check = 10; /* Looking for metadata. There are no really RTP packets in Telegram flows, so no need to enable monitoring for them */ } else { - flow->max_extra_packets_to_check = ndpi_max(4, ndpi_struct->monitoring_stun_pkts_to_process); + flow->max_extra_packets_to_check = 4; flow->extra_packets_func = stun_search_again; } } |