diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-29 12:07:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-29 12:07:14 +0200 |
| commit | 95e16872fadfc98256fdcf729f267237c727e4c3 (patch) | |
| tree | 226da4705b52e2b8acdb43f802aab62fb07507f1 /src | |
| parent | 172e698bb8239d0060d9d494adfba928507f95b2 (diff) | |
First step in simplify `ndpi_process_extra_packet()` (#1680)
Move the prottocol specific logic into the proper dissector code, where
it belongs.
Next step: remove that list of protocols. Long goal: remove this
function altogether...
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 43 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/mail_pop.c | 5 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 6 |
5 files changed, 16 insertions, 45 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 86e94e3aa..875e6e755 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5778,8 +5778,10 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, st /* call the extra packet function (which may add more data/info to flow) */ if(flow->extra_packets_func) { - if((flow->extra_packets_func(ndpi_str, flow)) == 0) + if((flow->extra_packets_func(ndpi_str, flow)) == 0) { flow->check_extra_packets = 0; + flow->extra_packets_func = NULL; /* Enough packets detected */ + } if(++flow->num_extra_packets_checked == flow->max_extra_packets_to_check) flow->extra_packets_func = NULL; /* Enough packets detected */ @@ -8116,61 +8118,22 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp switch(proto) { case NDPI_PROTOCOL_TLS: case NDPI_PROTOCOL_DTLS: - if(flow->l4.tcp.tls.certificate_processed) return(0); - - if(flow->l4.tcp.tls.num_tls_blocks <= ndpi_str->num_tls_blocks_to_follow) { - // printf("*** %u/%u\n", flow->l4.tcp.tls.num_tls_blocks, ndpi_str->num_tls_blocks_to_follow); - return(1); - } - break; - case NDPI_PROTOCOL_HTTP: case NDPI_PROTOCOL_HTTP_PROXY: case NDPI_PROTOCOL_HTTP_CONNECT: - if((flow->host_server_name[0] == '\0') || (flow->http.response_status_code == 0)) - return(1); - break; - case NDPI_PROTOCOL_DNS: case NDPI_PROTOCOL_MDNS: - if(flow->protos.dns.num_answers == 0) - return(1); - break; - case NDPI_PROTOCOL_FTP_CONTROL: - if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' && - flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0 && - flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0) - return(1); - break; case NDPI_PROTOCOL_MAIL_POP: case NDPI_PROTOCOL_MAIL_IMAP: case NDPI_PROTOCOL_MAIL_SMTP: - if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' && - (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 || - flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0)) - return(1); - break; - case NDPI_PROTOCOL_SSH: - if((flow->protos.ssh.hassh_client[0] == '\0') || (flow->protos.ssh.hassh_server[0] == '\0')) - return(1); - break; - case NDPI_PROTOCOL_TELNET: - if(!flow->protos.telnet.password_detected) - return(1); - break; - case NDPI_PROTOCOL_SKYPE_TEAMS: case NDPI_PROTOCOL_QUIC: case NDPI_PROTOCOL_KERBEROS: case NDPI_PROTOCOL_SNMP: - return(1); - break; - case NDPI_PROTOCOL_BITTORRENT: - if(flow->protos.bittorrent.hash[0] == '\0') return(1); break; } diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 5b214170a..4589af3a0 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -370,6 +370,9 @@ static int search_dns_again(struct ndpi_detection_module_struct *ndpi_struct, st /* possibly dissect the DNS reply */ ndpi_search_dns(ndpi_struct, flow); + if(flow->protos.dns.num_answers != 0) + return(0); + /* Possibly more processing */ return(1); } diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index ad5b30a1c..e061e2cc8 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -46,6 +46,7 @@ static void ndpi_int_mail_pop_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + NDPI_LOG_INFO(ndpi_struct, "mail_pop identified\n"); flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid POP3S to be used s sub-protocol */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_POP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } @@ -185,12 +186,12 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct if((bit_count + flow->l4.tcp.mail_pop_stage) >= 3) { if(flow->l4.tcp.mail_pop_stage > 0) { - NDPI_LOG_INFO(ndpi_struct, "mail_pop identified\n"); if((flow->l4.tcp.ftp_imap_pop_smtp.password[0] != '\0') || (flow->l4.tcp.mail_pop_stage > 3)) { ndpi_int_mail_pop_add_connection(ndpi_struct, flow); - popInitExtraPacketProcessing(flow); + if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0') + popInitExtraPacketProcessing(flow); } } diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index a2035bfe6..1bb6068a4 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -440,7 +440,9 @@ int ndpi_extra_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_st } } else { ndpi_search_mail_smtp_tcp(ndpi_struct, flow); - rc = (flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0') ? 1 : 0; + rc = ((flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0') && + (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 || + flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0)) ? 1 : 0; } #ifdef SMTP_DEBUG diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 25b765f9e..3e69869c3 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -936,7 +936,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t content_type; if(message->buffer_used < 5) - return(1); /* Keep working */ + break; len = (message->buffer[3] << 8) + message->buffer[4] + 5; @@ -1074,6 +1074,8 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(something_went_wrong || ((ndpi_struct->num_tls_blocks_to_follow > 0) && (flow->l4.tcp.tls.num_tls_blocks == ndpi_struct->num_tls_blocks_to_follow)) + || ((ndpi_struct->num_tls_blocks_to_follow == 0) + && (flow->l4.tcp.tls.certificate_processed == 1)) ) { #ifdef DEBUG_TLS_BLOCKS printf("*** [TLS Block] No more blocks\n"); @@ -1187,7 +1189,7 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, packet->payload = p; packet->payload_packet_len = p_len; /* Restore */ - if(no_dtls || change_cipher_found) { + if(no_dtls || change_cipher_found || flow->l4.tcp.tls.certificate_processed) { NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_DTLS); flow->check_extra_packets = 0; flow->extra_packets_func = NULL; |