TargusDataspeed: avoid false positives (#1628)

TargusDataspeed dissector doesn't perform any real DPI checks but it only
looks at the TCP/UDP ports.
Delete it, and use standard logic to classify these flows by port.

3 files changed, 1 insertions, 80 deletions

diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 25395c1fa..f7b33064a 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -206,7 +206,6 @@ void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_zabbix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_wireguard_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
-void init_targus_getdata_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_104_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_s7comm_dissector(struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index f8764b4b0..25b558b0a 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1775,7 +1775,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TARGUS_GETDATA,
 			  "TargusDataspeed", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			  ndpi_build_default_ports(ports_a, 5001, 5201, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 5001, 5201, 0, 0, 0) /* UDP */);
+			  ndpi_build_default_ports(ports_b, 5001, 5201, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
   ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMAZON_VIDEO,
 			  "AmazonVideo", NDPI_PROTOCOL_CATEGORY_CLOUD,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
@@ -4364,9 +4364,6 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* Amazon_Video */
   init_amazon_video_dissector(ndpi_str, &a, detection_bitmask);
 
-  /* Targus Getdata */
-  init_targus_getdata_dissector(ndpi_str, &a, detection_bitmask);
-
   /* S7 comm */
   init_s7comm_dissector(ndpi_str, &a, detection_bitmask);
 
diff --git a/src/lib/protocols/targus_getdata.c b/src/lib/protocols/targus_getdata.c
deleted file mode 100644
index 4fa002807..000000000
--- a/src/lib/protocols/targus_getdata.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * targus_getdata.c
- *
- * Copyright (C) 2018 by ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TARGUS_GETDATA
-
-#include "ndpi_api.h"
-
-static void ndpi_check_targus_getdata(struct ndpi_detection_module_struct *ndpi_struct,
-				  struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
-  if(packet->iph) {
-    u_int16_t targus_getdata_port       = ntohs(5201);
-    u_int16_t complex_link_port         = ntohs(5001);
-
-    if(((packet->tcp != NULL) && ((packet->tcp->dest == targus_getdata_port)
-                             || (packet->tcp->source == targus_getdata_port)
-                             || (packet->tcp->dest == complex_link_port)
-                             || (packet->tcp->source == complex_link_port)))
-      || ((packet->udp != NULL) && ((packet->udp->dest == targus_getdata_port)
-                                || (packet->udp->source == targus_getdata_port)
-                                || (packet->udp->dest == complex_link_port)
-                                || (packet->udp->source == complex_link_port)))) {
-
-      NDPI_LOG_INFO(ndpi_struct, "found targus getdata used for speedtest\n");
-      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TARGUS_GETDATA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      return;
-    }
-  }
-
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-void ndpi_search_targus_getdata(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  NDPI_LOG_DBG(ndpi_struct, "search targus getdata\n");
-
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_TARGUS_GETDATA)
-    ndpi_check_targus_getdata(ndpi_struct, flow);
-}
-
-
-void init_targus_getdata_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
-  ndpi_set_bitmask_protocol_detection("TARGUS_GETDATA", ndpi_struct, detection_bitmask, *id,
-				      NDPI_PROTOCOL_TARGUS_GETDATA,
-				      ndpi_search_targus_getdata,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
-				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-				      ADD_TO_DETECTION_BITMASK);
-  *id += 1;
-}