Optimized code to avoid multiple calls to ndpi_network_ptree_match()

HTTP-based subprotocols have not HTTP set as master_protocols
author: Luca Deri <deri@ntop.org> 2017-01-31 15:04:24 +0100
committer: Luca Deri <deri@ntop.org> 2017-01-31 15:04:24 +0100
commit: 8805d8523b6f2f22d4db0a1344439f36e5f3f9c2 (patch)
tree: 8ff2ff1bfb898889d5b2e56f1841fd6a85fb925a /src
parent: 0610ae2d21d08a1e13d42e672362fdd05c72f33a (diff)
4 files changed, 22 insertions, 15 deletions
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index f34a12f13..edf4ca3dc 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -44,6 +44,7 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports,
 
 /* TCP/UDP protocols */
 u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct,
+				 struct ndpi_flow_struct *flow,
 				 u_int8_t protocol,
 				 u_int32_t saddr, u_int32_t daddr,
 				 u_int16_t sport, u_int16_t dport);
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 28ae1ff13..f6b6911df 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1680,10 +1680,8 @@ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct,
 
   if(packet->tcp != NULL) {
     if(packet->iph) {
-      if(tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->saddr)
-         || tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->daddr)) {
+      if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_TOR)
 	return(1);
-      }
     }
   }
 
@@ -4413,7 +4411,8 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
   u_int8_t user_defined_proto;
 
   if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) {
-    rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport);
+    rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto,
+				    shost, dhost, sport, dport);
 
     if(rc != NDPI_PROTOCOL_UNKNOWN) {
       ret.protocol = rc,
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 4b381f067..d405e407b 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -41,10 +41,11 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd
 
     /* If no custom protocol has been detected */
     if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-      if(protocol == NDPI_PROTOCOL_HTTP)
+      if(protocol == NDPI_PROTOCOL_HTTP) {
 	ndpi_int_reset_protocol(flow);
-
-      ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
+	ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol);
+      } else
+	ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP);
     }
 
     flow->http_detected = 1;
@@ -382,7 +383,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
   if(!ndpi_struct->http_dont_dissect_response && flow->http_detected)
     parseHttpSubprotocol(ndpi_struct, flow);
 
-  flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP;
+  if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)
+    flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP;
 
   /* check for accept line */
   if(packet->accept_line.ptr != NULL) {
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index 2c6792551..605ba54c3 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -24,7 +24,8 @@
 /* ndpi_main.c */
 extern u_int8_t  ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 
-u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, 
+u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct,
+				 struct ndpi_flow_struct *flow,
 				 u_int8_t protocol,
 				 u_int32_t saddr, u_int32_t daddr, /* host endianess */
 				 u_int16_t sport, u_int16_t dport) /* host endianess */
@@ -38,12 +39,15 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc
     }
   }
 
-  host.s_addr = htonl(saddr);
-  if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN)
-    return (rc);
-
-  host.s_addr = htonl(daddr);
-  return (ndpi_network_ptree_match(ndpi_struct, &host));
+  if(flow)
+    return(flow->guessed_host_protocol_id);
+  else {
+    if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN)
+      return (rc);
+    
+    host.s_addr = htonl(daddr);
+    return (ndpi_network_ptree_match(ndpi_struct, &host));
+  }
 }
 
 void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
@@ -66,6 +70,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st
   
   if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) {
     proto = ndpi_search_tcp_or_udp_raw(ndpi_struct,
+				       flow,
 				       flow->packet.iph ? flow->packet.iph->protocol :
 #ifdef NDPI_DETECTION_SUPPORT_IPV6
 				       flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt,
author	Luca Deri <deri@ntop.org>	2017-01-31 15:04:24 +0100
committer	Luca Deri <deri@ntop.org>	2017-01-31 15:04:24 +0100
commit	8805d8523b6f2f22d4db0a1344439f36e5f3f9c2 (patch)
tree	8ff2ff1bfb898889d5b2e56f1841fd6a85fb925a /src
parent	0610ae2d21d08a1e13d42e672362fdd05c72f33a (diff)