Synchronized ndpi_l4_detection_process_packet impl

2 files changed, 93 insertions, 0 deletions

diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 95254a9fa..737e29cb9 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -224,6 +224,52 @@ extern "C" {
 					      struct ndpi_id_struct *src,
 					      struct ndpi_id_struct *dst);
 
+
+  /**
+   * Processes one packet of L4 and returns the ID of the detected protocol.
+   * L3 and L4 packet headers are passed in the arguments while payload
+   * points to the L4 body.
+   * This function mimics ndpi_detection_process_packet behaviour.
+   *
+   * @par    ndpi_struct           = the detection module
+   * @par    flow                  = pointer to the connection state machine
+   * @par    iph                   = IP packet header for IPv4 or NULL
+   * @par    iph6                  = IP packet header for IPv6 or NULL
+   * @par    tcp                   = TCP packet header for TCP or NULL
+   * @par    udp                   = UDP packet header for UDP or NULL
+   * @par    src_to_dst_direction  = order of src/dst state machines in a flow.
+   * @par    l4_proto              = L4 protocol of the packet.
+   * @par    src                   = pointer to the source subscriber state machine
+   * @par    dst                   = pointer to the destination subscriber state machine
+   * @par    sport                 = source port of L4 packet, used for protocol guessing.
+   * @par    dport                 = destination port of L4 packet, used for protocol guessing.
+   * @par    current_tick_l        = the current timestamp for the packet
+   * @par    payload               = unsigned char pointer to the Layer 4 (TCP/UDP body)
+   * @par    payload_len           = the length of the payload
+   * @return the detected ID of the protocol
+   *
+   * NOTE: in a current implementation flow->src and flow->dst are swapped with
+   * the src_to_dst_direction flag while ndpi_detection_process_packet does not swap
+   * these values.
+   *
+   */
+
+ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct,
+					       struct ndpi_flow_struct *flow,
+					       const struct ndpi_iphdr *iph,
+					       struct ndpi_ipv6hdr *iph6,
+					       struct ndpi_tcphdr *tcp,
+					       struct ndpi_udphdr *udp,
+					       u_int8_t src_to_dst_direction,
+					       u_int8_t l4_proto,
+					       struct ndpi_id_struct *src,
+					       u_int16_t sport,
+					       struct ndpi_id_struct *dst,
+					       u_int16_t dport,
+					       const u_int64_t current_tick_l,
+					       u_int8_t *payload, u_int16_t payload_len);
+
+
   
   /**
    * Get the main protocol of the passed flows for the detected module
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 2e2ac21ef..8a24ab183 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3212,16 +3212,33 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
 					       u_int16_t sport,
 					       struct ndpi_id_struct *dst,
 					       u_int16_t dport,
+					       const u_int64_t current_tick_l,
 					       u_int8_t *payload, u_int16_t payload_len) {
   NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet;
   u_int32_t a;
   ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN };
 
+  if(flow == NULL)
+    return(ret);
+
   if(payload_len == 0) return(ret);
 
   flow->packet.tcp = tcp, flow->packet.udp = udp;
   flow->packet.payload = payload, flow->packet.payload_packet_len = payload_len;
 
+  flow->packet.tick_timestamp_l = current_tick_l;
+  flow->packet.tick_timestamp = (u_int32_t)current_tick_l/1000;
+
+  if(flow) {
+    ndpi_apply_flow_protocol_to_packet(flow, &flow->packet);
+  } else {
+    ndpi_int_reset_packet_protocol(&flow->packet);
+  }
+
+  if(flow->server_id == NULL) flow->server_id = dst; /* Default */
+  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
+    goto ret_protocols;
+
   if(src_to_dst_direction)
     flow->src = src, flow->dst = dst;
   else
@@ -3235,6 +3252,8 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
     ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6;
 #endif							/* NDPI_DETECTION_SUPPORT_IPV6 */
 
+  ndpi_connection_tracking(ndpi_struct, flow);
+
   if(flow->packet.tcp != NULL)
     ndpi_selection_packet |=
       (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP);
@@ -3252,6 +3271,34 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
 
   flow->packet.l4_protocol = l4_proto, flow->packet.packet_direction = src_to_dst_direction;
 
+  if((!flow->protocol_id_already_guessed)
+     && (
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+	 flow->packet.iphv6 ||
+#endif
+	 flow->packet.iph)) {
+    u_int32_t saddr, daddr;
+
+    flow->protocol_id_already_guessed = 1;
+
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+    if(flow->packet.iphv6 != NULL) {
+      saddr = 0, daddr = 0;
+    } else
+#endif
+    {
+      saddr = ntohl(flow->packet.iph->saddr);
+      daddr = ntohl(flow->packet.iph->daddr);
+    }
+
+    flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport);
+
+    if(flow->packet.iph) {
+      if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN)
+        flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr);
+    }
+  }
+
   check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet);
 
   a = flow->packet.detected_protocol_stack[0];