diff options
168 files changed, 516 insertions, 506 deletions
diff --git a/python/ndpi.py b/python/ndpi.py index 3eea870e2..a567d789b 100644 --- a/python/ndpi.py +++ b/python/ndpi.py @@ -645,6 +645,14 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_WIREGUARD */ uint8_t wireguard_stage; uint32_t wireguard_peer_index[2]; + + /* NDPI_PROTOCOL_QUIC */ + u_int8_t *quic_reasm_buf; + u_int32_t quic_reasm_buf_len; + + /* NDPI_PROTOCOL_CSGO */ + uint8_t csgo_strid[18],csgo_state,csgo_s2; + uint32_t csgo_id2; }; struct ndpi_int_one_line_struct { @@ -941,6 +949,9 @@ struct ndpi_detection_module_struct { uint8_t direction_detect_disable:1, /* disable internal detection of packet direction */ _pad:7; + + /* Current packet */ + struct ndpi_packet_struct packet; }; #define NDPI_CIPHER_SAFE 0 @@ -1163,15 +1174,13 @@ struct ndpi_flow_struct { uint8_t ovpn_session_id[8]; uint8_t ovpn_counter; + /* Flow key used to search a match into the mining cache */ + u_int32_t key_mining_cache; + /* NDPI_PROTOCOL_TINC */ uint8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; - /* NDPI_PROTOCOL_CSGO */ - uint8_t csgo_strid[18],csgo_state,csgo_s2; - uint32_t csgo_id2; - /* internal structures to save functions calls */ - struct ndpi_packet_struct packet; struct ndpi_id_struct *src; struct ndpi_id_struct *dst; }; diff --git a/python/ndpi_typestruct.py b/python/ndpi_typestruct.py index a0bdcee84..179cc7def 100644 --- a/python/ndpi_typestruct.py +++ b/python/ndpi_typestruct.py @@ -276,11 +276,9 @@ NDPIDetectionModuleStruct._fields_ = [ ("tinc_cache", POINTER(Cache)), ("proto_defaults", NDPIProtoDefaultsT * (ndpi.ndpi_wrap_ndpi_max_supported_protocols() + ndpi.ndpi_wrap_ndpi_max_num_custom_protocols())), - ("http_dont_dissect_response", c_uint8, 1), - ("dns_dont_dissect_response", c_uint8, 1), ("direction_detect_disable", c_uint8, 1), - ("disable_metadata_export", c_uint8, 1), - ("hyperscan", c_void_p) + ('_pad', c_uint8, 7), + ('packet', NDPIPacketStruct), ] @@ -408,6 +406,12 @@ class NDPIFlowUdpStruct(Structure): ('memcached_matches', c_uint8), ('wireguard_stage', c_uint8), ('wireguard_peer_index', c_uint32 * 2), + ('quic_reasm_buf', POINTER(c_uint8)), + ('quic_reasm_buf_len', c_uint32), + ('csgo_strid', c_uint8 * 18), + ('csgo_state', c_uint8), + ('csgo_s2', c_uint8), + ('csgo_id2', c_uint32), ] @@ -735,15 +739,9 @@ NDPIFlowStruct._fields_ = [ ('starcraft_udp_stage', c_uint8, 3), ('ovpn_session_id', c_uint8 * 8), ('ovpn_counter', c_uint8), + ('key_mining_cache', c_uint32), ('tinc_state', c_uint8), ('TincCacheEntry', TincCacheEntry), - ('csgo_strid', c_uint8 * 18), - ('csgo_state', c_uint8), - ('csgo_s2', c_uint8), - ('csgo_id2', c_uint32), - ('kxun_counter', c_uint16), - ('iqiyi_counter', c_uint16), - ('packet', NDPIPacketStruct), ('src', POINTER(NDPIIdStruct)), ('dst', POINTER(NDPIIdStruct)) ] diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a49b95b06..123c9edec 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1175,6 +1175,9 @@ struct ndpi_detection_module_struct { MMDB_s mmdb_city, mmdb_as; u_int8_t mmdb_city_loaded, mmdb_as_loaded; #endif + + /* Current packet */ + struct ndpi_packet_struct packet; }; #endif /* NDPI_LIB_COMPILATION */ @@ -1423,12 +1426,13 @@ struct ndpi_flow_struct { u_int8_t ovpn_session_id[8]; u_int8_t ovpn_counter; + /* Flow key used to search a match into the mining cache */ + u_int32_t key_mining_cache; + /* NDPI_PROTOCOL_TINC */ u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; - /* internal structures to save functions calls */ - struct ndpi_packet_struct packet; struct ndpi_id_struct *src; struct ndpi_id_struct *dst; }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8305cd2c6..cfe08922f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -119,6 +119,7 @@ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_p const char *_func, int _line); static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root); +static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet); /* ****************************************** */ @@ -1972,7 +1973,7 @@ static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_str, s /* ******************************************* */ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; if(packet->tcp != NULL) { if(packet->iph) { @@ -2813,6 +2814,7 @@ u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) { u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; *user_defined_proto = 0; /* Default */ if(sport && dport) { @@ -2847,20 +2849,20 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, flow->entropy = 0.0f; /* Run some basic consistency tests */ - if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr)) + if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); else { - u_int8_t icmp_type = (u_int8_t)flow->packet.payload[0]; - u_int8_t icmp_code = (u_int8_t)flow->packet.payload[1]; + u_int8_t icmp_type = (u_int8_t)packet->payload[0]; + u_int8_t icmp_code = (u_int8_t)packet->payload[1]; /* https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */ if(((icmp_type >= 44) && (icmp_type <= 252)) || (icmp_code > 15)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); - if (flow->packet.payload_packet_len > sizeof(struct ndpi_icmphdr)) { - flow->entropy = ndpi_entropy(flow->packet.payload + sizeof(struct ndpi_icmphdr), - flow->packet.payload_packet_len - sizeof(struct ndpi_icmphdr)); + if (packet->payload_packet_len > sizeof(struct ndpi_icmphdr)) { + flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr), + packet->payload_packet_len - sizeof(struct ndpi_icmphdr)); if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) { ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY); @@ -2889,11 +2891,11 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, if(flow) { /* Run some basic consistency tests */ - if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr)) + if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); else { - u_int8_t icmp6_type = (u_int8_t)flow->packet.payload[0]; - u_int8_t icmp6_code = (u_int8_t)flow->packet.payload[1]; + u_int8_t icmp6_type = (u_int8_t)packet->payload[0]; + u_int8_t icmp6_code = (u_int8_t)packet->payload[1]; /* https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6 */ if(((icmp6_type >= 5) && (icmp6_type <= 127)) @@ -4333,9 +4335,12 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) { /* ************************************************ */ -static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, - unsigned short packetlen) { +static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + const u_int64_t current_time_ms, + const unsigned char *packet_data, + unsigned short packetlen) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; const struct ndpi_iphdr *decaps_iph = NULL; u_int16_t l3len; u_int16_t l4len; @@ -4346,29 +4351,42 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str if(!flow) return(1); + /* need at least 20 bytes for ip header */ + if(packetlen < 20) + return 1; + + packet->current_time_ms = current_time_ms; + + packet->iph = (struct ndpi_iphdr *)packet_data; + /* reset payload_packet_len, will be set if ipv4 tcp or udp */ - flow->packet.payload_packet_len = 0; - flow->packet.l4_packet_len = 0; - flow->packet.l3_packet_len = packetlen; + packet->payload = NULL; + packet->payload_packet_len = 0; + packet->l4_packet_len = 0; + packet->l3_packet_len = packetlen; - flow->packet.tcp = NULL, flow->packet.udp = NULL; - flow->packet.generic_l4_ptr = NULL; - flow->packet.iphv6 = NULL; + packet->tcp = NULL, packet->udp = NULL; + packet->generic_l4_ptr = NULL; + packet->iphv6 = NULL; - l3len = flow->packet.l3_packet_len; + l3len = packet->l3_packet_len; - if(flow->packet.iph != NULL) - decaps_iph = flow->packet.iph; + ndpi_reset_packet_line_info(packet); + packet->packet_lines_parsed_complete = 0; + packet->http_check_content = 0; + + if(packet->iph != NULL) + decaps_iph = packet->iph; if(decaps_iph && decaps_iph->version == IPVERSION && decaps_iph->ihl >= 5) { NDPI_LOG_DBG2(ndpi_str, "ipv4 header\n"); } else if(decaps_iph && decaps_iph->version == 6 && l3len >= sizeof(struct ndpi_ipv6hdr) && (ndpi_str->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) { NDPI_LOG_DBG2(ndpi_str, "ipv6 header\n"); - flow->packet.iphv6 = (struct ndpi_ipv6hdr *) flow->packet.iph; - flow->packet.iph = NULL; + packet->iphv6 = (struct ndpi_ipv6hdr *)packet->iph; + packet->iph = NULL; } else { - flow->packet.iph = NULL; + packet->iph = NULL; return(1); } @@ -4389,38 +4407,27 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str return(1); } - flow->packet.l4_protocol = l4protocol; - flow->packet.l4_packet_len = l4len; + packet->l4_protocol = l4protocol; + packet->l4_packet_len = l4len; flow->l4_proto = l4protocol; /* TCP / UDP detection */ - if(l4protocol == IPPROTO_TCP && flow->packet.l4_packet_len >= 20 /* min size of tcp */) { + if(l4protocol == IPPROTO_TCP && packet->l4_packet_len >= 20 /* min size of tcp */) { /* tcp */ - flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr; - if(flow->packet.l4_packet_len >= flow->packet.tcp->doff * 4) { - flow->packet.payload_packet_len = flow->packet.l4_packet_len - flow->packet.tcp->doff * 4; - flow->packet.actual_payload_len = flow->packet.payload_packet_len; - flow->packet.payload = ((u_int8_t *) flow->packet.tcp) + (flow->packet.tcp->doff * 4); + packet->tcp = (struct ndpi_tcphdr *) l4ptr; + if(packet->l4_packet_len >= packet->tcp->doff * 4) { + packet->payload_packet_len = packet->l4_packet_len - packet->tcp->doff * 4; + packet->actual_payload_len = packet->payload_packet_len; + packet->payload = ((u_int8_t *) packet->tcp) + (packet->tcp->doff * 4); /* check for new tcp syn packets, here * idea: reset detection state if a connection is unknown */ - if(flow->packet.tcp->syn != 0 && flow->packet.tcp->ack == 0 && flow->init_finished != 0 && + if(packet->tcp->syn != 0 && packet->tcp->ack == 0 && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int16_t guessed_protocol_id, guessed_host_protocol_id; u_int16_t packet_direction_counter[2]; u_int8_t num_processed_pkts; - struct packet_save { - const struct ndpi_iphdr *iph; - const struct ndpi_ipv6hdr *iphv6; - const u_int8_t *payload; - u_int64_t current_time_ms; - u_int16_t l3_packet_len; - u_int16_t l4_packet_len; - u_int16_t payload_packet_len; - u_int16_t actual_payload_len; - u_int8_t l4_protocol; - } packet; #define flow_save(a) a = flow->a #define flow_restore(a) flow->a = a @@ -4430,21 +4437,11 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str flow_save(num_processed_pkts); flow_save(guessed_protocol_id); flow_save(guessed_host_protocol_id); - flow_save(packet.iph); - flow_save(packet.iphv6); - flow_save(packet.payload); - flow_save(packet.current_time_ms); - flow_save(packet.l3_packet_len); - flow_save(packet.l4_packet_len); - flow_save(packet.payload_packet_len); - flow_save(packet.actual_payload_len); - flow_save(packet.l4_protocol); ndpi_free_flow_data(flow); memset(flow, 0, sizeof(*(flow))); /* Restore pointers */ - flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr; flow->l4_proto = IPPROTO_TCP; flow_restore(packet_direction_counter[0]); @@ -4452,15 +4449,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str flow_restore(num_processed_pkts); flow_restore(guessed_protocol_id); flow_restore(guessed_host_protocol_id); - flow_restore(packet.iph); - flow_restore(packet.iphv6); - flow_restore(packet.payload); - flow_restore(packet.current_time_ms); - flow_restore(packet.l3_packet_len); - flow_restore(packet.l4_packet_len); - flow_restore(packet.payload_packet_len); - flow_restore(packet.actual_payload_len); - flow_restore(packet.l4_protocol); #undef flow_save #undef flow_restore @@ -4469,18 +4457,18 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str } } else { /* tcp header not complete */ - flow->packet.tcp = NULL; + packet->tcp = NULL; } - } else if(l4protocol == IPPROTO_UDP && flow->packet.l4_packet_len >= 8 /* size of udp */) { - flow->packet.udp = (struct ndpi_udphdr *) l4ptr; - flow->packet.payload_packet_len = flow->packet.l4_packet_len - 8; - flow->packet.payload = ((u_int8_t *) flow->packet.udp) + 8; - } else if((l4protocol == IPPROTO_ICMP && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmphdr)) - || (l4protocol == IPPROTO_ICMPV6 && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) { - flow->packet.payload = ((u_int8_t *) l4ptr); - flow->packet.payload_packet_len = flow->packet.l4_packet_len; + } else if(l4protocol == IPPROTO_UDP && packet->l4_packet_len >= 8 /* size of udp */) { + packet->udp = (struct ndpi_udphdr *) l4ptr; + packet->payload_packet_len = packet->l4_packet_len - 8; + packet->payload = ((u_int8_t *) packet->udp) + 8; + } else if((l4protocol == IPPROTO_ICMP && packet->l4_packet_len >= sizeof(struct ndpi_icmphdr)) + || (l4protocol == IPPROTO_ICMPV6 && packet->l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) { + packet->payload = ((u_int8_t *) l4ptr); + packet->payload_packet_len = packet->l4_packet_len; } else { - flow->packet.generic_l4_ptr = l4ptr; + packet->generic_l4_ptr = l4ptr; } return(0); @@ -4495,7 +4483,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, return; } else { /* const for gcc code optimization and cleaner code */ - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; const struct ndpi_iphdr *iph = packet->iph; const struct ndpi_ipv6hdr *iphv6 = packet->iphv6; const struct ndpi_tcphdr *tcph = packet->tcp; @@ -4552,7 +4540,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, * otherwise use the payload length. */ if(tcph->ack != 0) { - flow->next_tcp_seq_nr[flow->packet.packet_direction] = + flow->next_tcp_seq_nr[packet->packet_direction] = ntohl(tcph->seq) + (tcph->syn ? 1 : packet->payload_packet_len); /* @@ -4560,7 +4548,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, but that is already started when nDPI being to process it. See also (***) below */ if(flow->num_processed_pkts > 1) - flow->next_tcp_seq_nr[1 - flow->packet.packet_direction] = ntohl(tcph->ack_seq); + flow->next_tcp_seq_nr[1 - packet->packet_direction] = ntohl(tcph->ack_seq); } } else if(packet->payload_packet_len > 0) { /* check tcp sequence counters */ @@ -4735,7 +4723,7 @@ static u_int32_t check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *n struct ndpi_flow_struct *flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { - if (flow->packet.payload_packet_len != 0) { + if (ndpi_str->packet.payload_packet_len != 0) { return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet, ndpi_str->callback_buffer_tcp_payload, ndpi_str->callback_buffer_size_tcp_payload); @@ -4754,9 +4742,9 @@ u_int32_t ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { if(!flow) return(0); - else if(flow->packet.tcp != NULL) + else if(ndpi_str->packet.tcp != NULL) return(check_ndpi_tcp_flow_func(ndpi_str, flow, ndpi_selection_packet)); - else if(flow->packet.udp != NULL) + else if(ndpi_str->packet.udp != NULL) return(check_ndpi_udp_flow_func(ndpi_str, flow, ndpi_selection_packet)); else return(check_ndpi_other_flow_func(ndpi_str, flow, ndpi_selection_packet)); @@ -4766,18 +4754,19 @@ u_int32_t ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str, u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; u_int16_t ret = NDPI_PROTOCOL_UNKNOWN; - if(flow->packet.iph) { + if(packet->iph) { struct in_addr addr; u_int16_t sport, dport; - addr.s_addr = flow->packet.iph->saddr; + addr.s_addr = packet->iph->saddr; - if((flow->l4_proto == IPPROTO_TCP) && flow->packet.tcp) - sport = flow->packet.tcp->source, dport = flow->packet.tcp->dest; - else if((flow->l4_proto == IPPROTO_UDP) && flow->packet.udp) - sport = flow->packet.udp->source, dport = flow->packet.udp->dest; + if((flow->l4_proto == IPPROTO_TCP) && packet->tcp) + sport = packet->tcp->source, dport = packet->tcp->dest; + else if((flow->l4_proto == IPPROTO_UDP) && packet->udp) + sport = packet->udp->source, dport = packet->udp->dest; else sport = dport = 0; @@ -4785,7 +4774,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ ret = ndpi_network_port_ptree_match(ndpi_str, &addr, sport); if(ret == NDPI_PROTOCOL_UNKNOWN) { - addr.s_addr = flow->packet.iph->daddr; + addr.s_addr = packet->iph->daddr; ret = ndpi_network_port_ptree_match(ndpi_str, &addr, dport); } } @@ -4799,6 +4788,10 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st u_int8_t enable_guess, u_int8_t *protocol_was_guessed) { ndpi_protocol ret = {NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED}; + /* + *** We can't access ndpi_str->packet from this function!! *** + */ + *protocol_was_guessed = 0; if(flow == NULL) @@ -4812,11 +4805,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)) return(ret); - if(ndpi_str->mining_cache && flow->packet.iph) { + /* TODO: this lookup seems in the wrong place here... + Move it somewhere else (?) or setting flow->guessed_protocol_id directly in the mining dissector? */ + if(ndpi_str->mining_cache && flow->key_mining_cache) { u_int16_t cached_proto; - u_int32_t key = flow->packet.iph->saddr + flow->packet.iph->daddr; - if(ndpi_lru_find_cache(ndpi_str->mining_cache, key, + if(ndpi_lru_find_cache(ndpi_str->mining_cache, flow->key_mining_cache, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN); ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; @@ -4841,14 +4835,14 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st *protocol_was_guessed = 1; ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN); } else if(enable_guess) { - if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->l4_proto == IPPROTO_TCP) && flow->protos.tls_quic_stun.tls_quic.hello_processed) flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) && - ((flow->packet.l4_protocol == IPPROTO_UDP) && + ((flow->l4_proto == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id) && is_udp_guessable_protocol(guessed_host_protocol_id))) flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; @@ -4856,7 +4850,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_UDP) && + && (flow->l4_proto == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id) && is_udp_guessable_protocol(guessed_protocol_id)) flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; @@ -4937,24 +4931,13 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* ********************************************************************************* */ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, - const unsigned char *packet, const unsigned short packetlen, + const unsigned char *packet_data, const unsigned short packetlen, const u_int64_t current_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst) { if(flow == NULL) return; - /* need at least 20 bytes for ip header */ - if(packetlen < 20) { - return; - } - - flow->packet.current_time_ms = current_time_ms; - - /* parse packet */ - flow->packet.iph = (struct ndpi_iphdr *) packet; - /* we are interested in ipv4 packet */ - /* set up the packet headers for the extra packet function to use if it wants */ - if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0) + if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0) return; /* detect traffic for tcp or udp only */ @@ -5213,6 +5196,7 @@ static int ndpi_check_protocol_port_mismatch_exceptions(struct ndpi_detection_mo static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; #if 0 if(flow) { @@ -5231,7 +5215,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s (MS Teams uses Skype as transport protocol for voice/video) */ case NDPI_PROTOCOL_MSTEAMS: - if(flow->packet.iph && flow->packet.tcp) { + if(packet->iph && packet->tcp) { // printf("====>> NDPI_PROTOCOL_MSTEAMS\n"); if(ndpi_str->msteams_cache == NULL) @@ -5239,21 +5223,21 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s if(ndpi_str->msteams_cache) ndpi_lru_add_to_cache(ndpi_str->msteams_cache, - flow->packet.iph->saddr, - (flow->packet.current_time_ms / 1000) & 0xFFFF /* 16 bit */); + packet->iph->saddr, + (packet->current_time_ms / 1000) & 0xFFFF /* 16 bit */); } break; case NDPI_PROTOCOL_SKYPE_TEAMS: case NDPI_PROTOCOL_SKYPE_CALL: - if(flow->packet.iph - && flow->packet.udp + if(packet->iph + && packet->udp && ndpi_str->msteams_cache) { u_int16_t when; - if(ndpi_lru_find_cache(ndpi_str->msteams_cache, flow->packet.iph->saddr, + if(ndpi_lru_find_cache(ndpi_str->msteams_cache, packet->iph->saddr, &when, 0 /* Don't remove it as it can be used for other connections */)) { - u_int16_t tdiff = ((flow->packet.current_time_ms /1000) & 0xFFFF) - when; + u_int16_t tdiff = ((packet->current_time_ms /1000) & 0xFFFF) - when; if(tdiff < 60 /* sec */) { // printf("====>> NDPI_PROTOCOL_SKYPE(_CALL) -> NDPI_PROTOCOL_MSTEAMS [%u]\n", tdiff); @@ -5261,15 +5245,15 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s /* Refresh cache */ ndpi_lru_add_to_cache(ndpi_str->msteams_cache, - flow->packet.iph->saddr, - (flow->packet.current_time_ms / 1000) & 0xFFFF /* 16 bit */); + packet->iph->saddr, + (packet->current_time_ms / 1000) & 0xFFFF /* 16 bit */); } } } break; case NDPI_PROTOCOL_ANYDESK: - if(flow->packet.tcp) /* TCP only */ + if(packet->tcp) /* TCP only */ ndpi_set_risk(ndpi_str, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance */ break; } /* switch */ @@ -5292,22 +5276,24 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s /* ****************************************************** */ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; + ret->master_protocol = ret->app_protocol = NDPI_PROTOCOL_UNKNOWN, ret->category = 0; - if(flow->packet.iphv6 || flow->packet.iph) { + if(packet->iphv6 || packet->iph) { u_int16_t sport, dport; u_int8_t protocol; u_int8_t user_defined_proto; - if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->ip6_hdr.ip6_un1_nxt; + if(packet->iphv6 != NULL) { + protocol = packet->iphv6->ip6_hdr.ip6_un1_nxt; } else - protocol = flow->packet.iph->protocol; + protocol = packet->iph->protocol; - if(flow->packet.udp) - sport = ntohs(flow->packet.udp->source), dport = ntohs(flow->packet.udp->dest); - else if(flow->packet.tcp) - sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest); + if(packet->udp) + sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); + else if(packet->tcp) + sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); else sport = dport = 0; @@ -5315,9 +5301,9 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_str, flow, protocol, sport, dport, &user_defined_proto); flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow); - if(ndpi_str->custom_categories.categories_loaded && flow->packet.iph) { + if(ndpi_str->custom_categories.categories_loaded && packet->iph) { if(ndpi_str->ndpi_num_custom_protocols != 0) - ndpi_fill_ip_protocol_category(ndpi_str, flow->packet.iph->saddr, flow->packet.iph->daddr, ret); + ndpi_fill_ip_protocol_category(ndpi_str, packet->iph->saddr, packet->iph->daddr, ret); flow->guessed_header_category = ret->category; } else flow->guessed_header_category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; @@ -5333,7 +5319,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n } if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { - if(flow->packet.iph) { + if(packet->iph) { if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { u_int8_t protocol_was_guessed; @@ -5347,7 +5333,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n } } else { /* guess host protocol */ - if(flow->packet.iph) { + if(packet->iph) { flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow); /* @@ -5393,9 +5379,10 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n /* ********************************************************************************* */ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, const unsigned char *packet, + struct ndpi_flow_struct *flow, const unsigned char *packet_data, const unsigned short packetlen, const u_int64_t current_time_ms, struct ndpi_id_struct *src, struct ndpi_id_struct *dst) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet; u_int32_t a, num_calls = 0; ndpi_protocol ret = { flow->detected_protocol_stack[1], flow->detected_protocol_stack[0], flow->category }; @@ -5424,61 +5411,61 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret.app_protocol = flow->detected_protocol_stack[0]; if(flow->check_extra_packets) { - ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_time_ms, src, dst); + ndpi_process_extra_packet(ndpi_str, flow, packet_data, packetlen, current_time_ms, src, dst); /* Update in case of new match */ ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0], ret.category = flow->category; - goto invalidate_ptr; - } else if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) + return ret; + } else if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { + if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0) + return ret; goto ret_protocols; - - /* need at least 20 bytes for ip header */ - if(packetlen < 20) { - goto invalidate_ptr; } - flow->packet.current_time_ms = current_time_ms; - - /* parse packet */ - flow->packet.iph = (struct ndpi_iphdr *) packet; - /* we are interested in ipv4 packet */ - - if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0) - goto invalidate_ptr; + if(ndpi_init_packet(ndpi_str, flow, current_time_ms, packet_data, packetlen) != 0) + return ret; /* detect traffic for tcp or udp only */ flow->src = src, flow->dst = dst; + /* If/when calling ndpi_detection_giveup(), if this flow is still un-classified, + we will check if it is some kind of mining stuff. Save now the key, because we don't + have packet information later. + It seems quite hacky: any better way to do that? */ + if(flow->num_processed_pkts == 1 && packet->iph) { + flow->key_mining_cache = packet->iph->saddr + packet->iph->daddr; + } + ndpi_connection_tracking(ndpi_str, flow); /* build ndpi_selection packet bitmask */ ndpi_selection_packet = NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC; - if(flow->packet.iph != NULL) + if(packet->iph != NULL) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; - if(flow->packet.tcp != NULL) + if(packet->tcp != NULL) ndpi_selection_packet |= (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - if(flow->packet.udp != NULL) + if(packet->udp != NULL) ndpi_selection_packet |= (NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - if(flow->packet.payload_packet_len != 0) + if(packet->payload_packet_len != 0) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD; - if(flow->packet.tcp_retransmission == 0) + if(packet->tcp_retransmission == 0) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION; - if(flow->packet.iphv6 != NULL) + if(packet->iphv6 != NULL) ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; if(!flow->protocol_id_already_guessed) { flow->protocol_id_already_guessed = 1; if(ndpi_do_guess(ndpi_str, flow, &ret) == -1) - goto invalidate_ptr; + return ret; } num_calls = ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); @@ -5516,7 +5503,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret.category = flow->category; if((flow->num_processed_pkts == 1) && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) && - (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.tcp && (flow->packet.tcp->syn == 0) && + (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && packet->tcp && (packet->tcp->syn == 0) && (flow->guessed_protocol_id == 0)) { u_int8_t protocol_was_guessed; @@ -5543,15 +5530,15 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ndpi_default_ports_tree_node_t *found; u_int16_t *default_ports, sport, dport; - if(flow->packet.udp) + if(packet->udp) found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_UDP, - sport = ntohs(flow->packet.udp->source), - dport = ntohs(flow->packet.udp->dest)), + sport = ntohs(packet->udp->source), + dport = ntohs(packet->udp->dest)), default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].udp_default_ports; - else if(flow->packet.tcp) + else if(packet->tcp) found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_TCP, - sport = ntohs(flow->packet.tcp->source), - dport = ntohs(flow->packet.tcp->dest)), + sport = ntohs(packet->tcp->source), + dport = ntohs(packet->tcp->dest)), default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].tcp_default_ports; else found = NULL, default_ports = NULL, sport = dport = 0; @@ -5592,7 +5579,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } /* for */ if((num_loops == 0) && (!found)) { - if(flow->packet.udp) + if(packet->udp) default_ports = ndpi_str->proto_defaults[ret.app_protocol].udp_default_ports; else default_ports = ndpi_str->proto_defaults[ret.app_protocol].tcp_default_ports; @@ -5615,14 +5602,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(num_calls == 0) flow->fail_with_unknown = 1; - invalidate_ptr: - /* - Invalidate packet memory to avoid accessing the pointers below - when the packet is no longer accessible - */ - flow->packet.iph = NULL, flow->packet.tcp = NULL, flow->packet.udp = NULL, flow->packet.payload = NULL; - ndpi_reset_packet_line_info(&flow->packet); - return(ret); } @@ -5779,7 +5758,7 @@ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t *str, u_int16_t max_chars_to_re /* internal function for every detection to parse one packet and to increase the info buffer */ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { u_int32_t a; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; if((packet->payload_packet_len < 3) || (packet->payload == NULL)) return; @@ -6059,7 +6038,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str, /* ********************************************************************************* */ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; u_int32_t a; u_int16_t end = packet->payload_packet_len; @@ -6102,7 +6081,7 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t counter) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_str->packet; NDPI_LOG_DBG2(ndpi_str, "called ndpi_check_for_email_address\n"); diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 65c2d0ad4..f969c6c59 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2101,9 +2101,9 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp } /* TODO: add IPv6 support */ + struct ndpi_packet_struct *packet = &ndpi_str->packet; if(!flow->ip_risk_mask_evaluated) { - if(flow->packet.iph) { - struct ndpi_packet_struct *packet = &flow->packet; + if(packet->iph) { struct in_addr pin; pin.s_addr = packet->iph->saddr; diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c index 42d2b108c..c6b8e6203 100644 --- a/src/lib/protocols/afp.c +++ b/src/lib/protocols/afp.c @@ -43,7 +43,7 @@ static void ndpi_int_afp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search AFP\n"); diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index 2ef75e1fb..fd9b93d12 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -39,7 +39,7 @@ static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct * void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search aimini\n"); diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index f9658feb4..e84be938e 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -73,7 +73,7 @@ static void set_ajp_detected(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_check_ajp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ajp_header ajp_hdr; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len < sizeof(ajp_hdr)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c index 8decaea4d..756627ede 100644 --- a/src/lib/protocols/amazon_video.c +++ b/src/lib/protocols/amazon_video.c @@ -29,7 +29,7 @@ static void ndpi_check_amazon_video(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Amazon Prime\n"); diff --git a/src/lib/protocols/among_us.c b/src/lib/protocols/among_us.c index d63fbe849..3c799dcc9 100644 --- a/src/lib/protocols/among_us.c +++ b/src/lib/protocols/among_us.c @@ -33,7 +33,7 @@ static void ndpi_int_among_us_add_connection(struct ndpi_detection_module_struct void ndpi_search_among_us(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * const packet = &flow->packet; + struct ndpi_packet_struct * const packet = &ndpi_struct->packet; /* handshake packet */ if (packet->payload_packet_len > 9 && diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 74c3c6956..130030cf7 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -40,7 +40,7 @@ static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *nd } void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search amqp\n"); diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index b360e8a40..7e05faa83 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -29,7 +29,7 @@ static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->iph) { /* https://support.apple.com/en-us/HT203609 */ diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index 2c76f4475..cda7e75e2 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -38,7 +38,7 @@ static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_stru void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search applejuice\n"); diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index 71fe0a027..d144f0510 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -37,7 +37,7 @@ static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_stru void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search armagetron\n"); diff --git a/src/lib/protocols/avast_securedns.c b/src/lib/protocols/avast_securedns.c index 06fbaa17c..95bc848b5 100644 --- a/src/lib/protocols/avast_securedns.c +++ b/src/lib/protocols/avast_securedns.c @@ -34,7 +34,7 @@ static void ndpi_int_avast_securedns_add_connection(struct ndpi_detection_module static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; if (packet->payload_packet_len < 34 || ntohl(get_u_int32_t(packet->payload, 11)) != 0x00013209 || diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 6a9b61d21..441623974 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -42,7 +42,7 @@ struct ayiya { void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search AYIYA\n"); @@ -57,7 +57,7 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct u_int32_t epoch = ntohl(a->epoch), now; u_int32_t fiveyears = 86400 * 365 * 5; - now = flow->packet.current_time_ms; + now = packet->current_time_ms; if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) { NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n"); diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index 71cdd1902..ed8e94e66 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -31,7 +31,7 @@ /* this detection also works asymmetrically */ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t bgp_port = htons(179); NDPI_LOG_DBG(ndpi_struct, "search BGP\n"); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index f82ae7a35..f49c7f31a 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -63,19 +63,21 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc int bt_offset, int check_hash, const u_int8_t save_detection, const u_int8_t encrypted_connection) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + if(check_hash) { const char *bt_hash = NULL; /* 20 bytes long */ if(bt_offset == -1) { - const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload, - "BitTorrent protocol", flow->packet.payload_packet_len); + const char *bt_magic = ndpi_strnstr((const char *)packet->payload, + "BitTorrent protocol", packet->payload_packet_len); if(bt_magic) bt_hash = &bt_magic[19]; } else - bt_hash = (const char*)&flow->packet.payload[28]; + bt_hash = (const char*)&packet->payload[28]; - if(bt_hash && (flow->packet.payload_packet_len >= (20 + (bt_hash-(const char*)flow->packet.payload)))) + if(bt_hash && (packet->payload_packet_len >= (20 + (bt_hash-(const char*)packet->payload)))) memcpy(flow->protos.bittorrent.hash, bt_hash, 20); } @@ -85,7 +87,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t a = 0; if(packet->payload_packet_len == 1 && packet->payload[0] == 0x13) { @@ -359,7 +361,7 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /*Search for BitTorrent commands*/ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->payload_packet_len == 0) { return; @@ -384,7 +386,7 @@ static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) { void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; char *bt_proto = NULL; /* This is broadcast */ diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 31a404df6..e7e503989 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -14,7 +14,7 @@ static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(packet->udp != NULL) { diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c index 3221c4a4a..73ec2b887 100644 --- a/src/lib/protocols/capwap.c +++ b/src/lib/protocols/capwap.c @@ -38,7 +38,7 @@ static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct * static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t sport, dport; if(!packet->iph) { @@ -104,7 +104,7 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s void ndpi_search_capwap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) ndpi_search_setup_capwap(ndpi_struct, flow); diff --git a/src/lib/protocols/cassandra.c b/src/lib/protocols/cassandra.c index 248708b17..f7bbccfbc 100644 --- a/src/lib/protocols/cassandra.c +++ b/src/lib/protocols/cassandra.c @@ -103,7 +103,7 @@ static bool ndpi_check_valid_cassandra_opcode(uint8_t opcode) void ndpi_search_cassandra(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->tcp) { if (packet->payload_packet_len >= CASSANDRA_HEADER_LEN && diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index 7d6a68c3e..f2fbbf17a 100644 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -38,7 +38,7 @@ static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len >= 15) { diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index ff882319e..1d7cedb92 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -37,7 +37,7 @@ static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t udport = 0, usport = 0; u_int16_t tdport = 0, tsport = 0; diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index da5d2b78d..fd7035678 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -32,7 +32,7 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(packet->tcp != NULL) { diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index a32f7fad0..cf89748d7 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -106,7 +106,7 @@ static int isCoAPport(u_int16_t port) { void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_coap_hdr * h = (struct ndpi_coap_hdr*) packet->payload; if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { @@ -115,8 +115,8 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, // search for udp packet if(packet->udp != NULL) { - u_int16_t s_port = ntohs(flow->packet.udp->source); - u_int16_t d_port = ntohs(flow->packet.udp->dest); + u_int16_t s_port = ntohs(packet->udp->source); + u_int16_t d_port = ntohs(packet->udp->dest); if((!isCoAPport(s_port) && !isCoAPport(d_port)) || (packet->payload_packet_len < 4) ) { // header too short diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 50a8ee23a..26ad27a9d 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -28,7 +28,7 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int len = 0; NDPI_LOG_DBG(ndpi_struct, "search collectd\n"); diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index ffb12fec1..19f2f6165 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -31,7 +31,7 @@ static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct } void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search for CORBA\n"); if(packet->tcp != NULL) { diff --git a/src/lib/protocols/cpha.c b/src/lib/protocols/cpha.c index edd472a83..099285312 100644 --- a/src/lib/protocols/cpha.c +++ b/src/lib/protocols/cpha.c @@ -31,7 +31,7 @@ void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int16_t cpha_port = htons(8116); NDPI_LOG_DBG(ndpi_struct, "search CPHA\n"); diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index bf3c2946c..23a66d4bb 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -37,7 +37,7 @@ static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struc void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search crossfire\n"); diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index ae17d5f46..9a3606510 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; if(packet->udp != NULL) { if(packet->payload_packet_len < sizeof(uint32_t)) { diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index cef0d9306..0c6dc45a8 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -79,7 +79,7 @@ bool is_connectionless_dcerpc(struct ndpi_packet_struct *packet, struct ndpi_flo void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DCERPC\n"); if (is_connection_oriented_dcerpc(packet, flow) || is_connectionless_dcerpc(packet, flow)) { diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 88f279fda..21f052d95 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -60,7 +60,7 @@ static void ndpi_int_dhcp_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DHCP\n"); diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index ac569872a..e9ce83f60 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -38,7 +38,7 @@ static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct * void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DHCPv6\n"); diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c index 7fb443c34..c90848d27 100644 --- a/src/lib/protocols/diameter.c +++ b/src/lib/protocols/diameter.c @@ -93,7 +93,7 @@ int is_diameter(struct ndpi_packet_struct *packet, int size_payload) void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // Diameter is on TCP if(packet->tcp) { diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index c0eb62936..fef0c8282 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -78,7 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s const u_int8_t connection_type) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -123,7 +123,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -311,7 +311,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -397,7 +397,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct void ndpi_search_directconnect(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 7e4197c09..5d2ea6712 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -50,7 +50,7 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_m */ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t filename_start = 0; u_int16_t i = 1; u_int16_t host_line_len_without_port; diff --git a/src/lib/protocols/dnp3.c b/src/lib/protocols/dnp3.c index 8c7e6af6f..6f81149a8 100644 --- a/src/lib/protocols/dnp3.c +++ b/src/lib/protocols/dnp3.c @@ -32,7 +32,7 @@ void ndpi_search_dnp3_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search DNP3\n"); diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index fdc5cb5b0..a326b8b68 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -178,9 +178,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, struct ndpi_dns_packet_header *dns_header, int payload_offset, u_int8_t *is_query) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int x = payload_offset; - memcpy(dns_header, (struct ndpi_dns_packet_header*)&flow->packet.payload[x], + memcpy(dns_header, (struct ndpi_dns_packet_header*)&packet->payload[x], sizeof(struct ndpi_dns_packet_header)); dns_header->tr_id = ntohs(dns_header->tr_id); @@ -211,10 +212,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, || ((dns_header->flags & 0xFCF0) == 0x00) /* Standard Query */ || ((dns_header->num_answers == 0) && (dns_header->authority_rrs == 0)))) { /* This is a good query */ - while(x+2 < flow->packet.payload_packet_len) { - if(flow->packet.payload[x] == '\0') { + while(x+2 < packet->payload_packet_len) { + if(packet->payload[x] == '\0') { x++; - flow->protos.dns.query_type = get16(&x, flow->packet.payload); + flow->protos.dns.query_type = get16(&x, packet->payload); #ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type); printf("[DNS] [request] query_type=%d\n", flow->protos.dns.query_type); @@ -241,9 +242,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, /* Leave the statement below commented necessary in case of call to ndpi_get_partial_detection() */ x++; - if(x < flow->packet.payload_packet_len && flow->packet.payload[x] != '\0') { - while((x < flow->packet.payload_packet_len) - && (flow->packet.payload[x] != '\0')) { + if(x < packet->payload_packet_len && packet->payload[x] != '\0') { + while((x < packet->payload_packet_len) + && (packet->payload[x] != '\0')) { x++; } @@ -259,21 +260,21 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, for(num = 0; num < dns_header->num_answers; num++) { u_int16_t data_len; - if((x+6) >= flow->packet.payload_packet_len) { + if((x+6) >= packet->payload_packet_len) { break; } - if((data_len = getNameLength(x, flow->packet.payload, - flow->packet.payload_packet_len)) == 0) { + if((data_len = getNameLength(x, packet->payload, + packet->payload_packet_len)) == 0) { break; } else x += data_len; - if((x+2) >= flow->packet.payload_packet_len) { + if((x+2) >= packet->payload_packet_len) { break; } - rsp_type = get16(&x, flow->packet.payload); + rsp_type = get16(&x, packet->payload); #ifdef DNS_DEBUG printf("[DNS] [response] response_type=%d\n", rsp_type); @@ -284,11 +285,11 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, flow->protos.dns.rsp_type = rsp_type; /* here x points to the response "class" field */ - if((x+12) <= flow->packet.payload_packet_len) { + if((x+12) <= packet->payload_packet_len) { x += 6; - data_len = get16(&x, flow->packet.payload); + data_len = get16(&x, packet->payload); - if((x + data_len) <= flow->packet.payload_packet_len) { + if((x + data_len) <= packet->payload_packet_len) { // printf("[rsp_type: %u][data_len: %u]\n", rsp_type, data_len); if(rsp_type == 0x05 /* CNAME */) { @@ -299,7 +300,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, if((((rsp_type == 0x1) && (data_len == 4)) /* A */ || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */ )) { - memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len); + memcpy(&flow->protos.dns.rsp_addr, packet->payload + x, data_len); } } } @@ -314,7 +315,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, // flow->extra_packets_func = NULL; /* Removed so the caller can keep dissecting DNS flows */ } else { /* We missed the request */ - u_int16_t s_port = flow->packet.udp ? ntohs(flow->packet.udp->source) : ntohs(flow->packet.tcp->source); + u_int16_t s_port = packet->udp ? ntohs(packet->udp->source) : ntohs(packet->tcp->source); ndpi_set_detected_protocol(ndpi_struct, flow, checkPort(s_port), NDPI_PROTOCOL_UNKNOWN); } @@ -338,19 +339,20 @@ static int search_dns_again(struct ndpi_detection_module_struct *ndpi_struct, st /* *********************************************** */ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int payload_offset; u_int8_t is_query; u_int16_t s_port = 0, d_port = 0; NDPI_LOG_DBG(ndpi_struct, "search DNS\n"); - if(flow->packet.udp != NULL) { - s_port = ntohs(flow->packet.udp->source); - d_port = ntohs(flow->packet.udp->dest); + if(packet->udp != NULL) { + s_port = ntohs(packet->udp->source); + d_port = ntohs(packet->udp->dest); payload_offset = 0; - } else if(flow->packet.tcp != NULL) /* pkt size > 512 bytes */ { - s_port = ntohs(flow->packet.tcp->source); - d_port = ntohs(flow->packet.tcp->dest); + } else if(packet->tcp != NULL) /* pkt size > 512 bytes */ { + s_port = ntohs(packet->tcp->source); + d_port = ntohs(packet->tcp->dest); payload_offset = 2; } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); @@ -360,7 +362,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(((s_port == DNS_PORT) || (d_port == DNS_PORT) || (s_port == MDNS_PORT) || (d_port == MDNS_PORT) || (d_port == LLMNR_PORT)) - && (flow->packet.payload_packet_len > sizeof(struct ndpi_dns_packet_header)+payload_offset)) { + && (packet->payload_packet_len > sizeof(struct ndpi_dns_packet_header)+payload_offset)) { struct ndpi_dns_packet_header dns_header; int j = 0, max_len, off; int invalid = search_valid_dns(ndpi_struct, flow, &dns_header, payload_offset, &is_query); @@ -380,11 +382,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st off = sizeof(struct ndpi_dns_packet_header) + payload_offset; /* Before continuing let's dissect the following queries to see if they are valid */ - for(idx=off, num_queries=0; (num_queries < dns_header.num_queries) && (idx < flow->packet.payload_packet_len);) { + for(idx=off, num_queries=0; (num_queries < dns_header.num_queries) && (idx < packet->payload_packet_len);) { u_int16_t i, tot_len = 0; - for(i=idx; i<flow->packet.payload_packet_len;) { - u_int8_t is_ptr = 0, name_len = flow->packet.payload[i]; /* Lenght of the individual name blocks aaa.bbb.com */ + for(i=idx; i<packet->payload_packet_len;) { + u_int8_t is_ptr = 0, name_len = packet->payload[i]; /* Lenght of the individual name blocks aaa.bbb.com */ if(name_len == 0) { tot_len++; /* \0 */ @@ -401,8 +403,8 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st int idx; for(idx=0; idx<name_len; idx++) - printf("%c", flow->packet.payload[i+1+idx]); - + printf("%c", packet->payload[i+1+idx]); + printf("]\n"); } } @@ -416,13 +418,13 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st printf("[DNS] [tot_len: %u]\n\n", tot_len+4 /* type + class */); #endif - if(((i+4 /* Skip query type and class */) > flow->packet.payload_packet_len) - || ((flow->packet.payload[i+1] == 0x0) && (flow->packet.payload[i+2] == 0x0)) /* Query type cannot be 0 */ + if(((i+4 /* Skip query type and class */) > packet->payload_packet_len) + || ((packet->payload[i+1] == 0x0) && (packet->payload[i+2] == 0x0)) /* Query type cannot be 0 */ || (tot_len > 253) ) { /* Invalid */ #ifdef DNS_DEBUG - printf("[DNS] Invalid query len [%u >= %u]\n", i+4, flow->packet.payload_packet_len); + printf("[DNS] Invalid query len [%u >= %u]\n", i+4, packet->payload_packet_len); #endif ndpi_set_risk(ndpi_struct, flow, NDPI_MALFORMED_PACKET); break; @@ -431,11 +433,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st } } /* for */ - while((j < max_len) && (off < flow->packet.payload_packet_len) && (flow->packet.payload[off] != '\0')) { - uint8_t c, cl = flow->packet.payload[off++]; + while((j < max_len) && (off < packet->payload_packet_len) && (packet->payload[off] != '\0')) { + uint8_t c, cl = packet->payload[off++]; if(((cl & 0xc0) != 0) || // we not support compressed names in query - (off + cl >= flow->packet.payload_packet_len)) { + (off + cl >= packet->payload_packet_len)) { j = 0; break; } @@ -445,7 +447,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st while((j < max_len) && (cl != 0)) { u_int32_t shift; - c = flow->packet.payload[off++]; + c = packet->payload[off++]; shift = ((u_int32_t) 1) << (c & 0x1f); flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_'); cl--; @@ -522,21 +524,21 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS) || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS)) { /* TODO: add support to RFC6891 to avoid some false positives */ - if(flow->packet.udp != NULL && flow->packet.payload_packet_len > PKT_LEN_ALERT) + if(packet->udp != NULL && packet->payload_packet_len > PKT_LEN_ALERT) ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_LARGE_PACKET); - if(flow->packet.iph != NULL) { + if(packet->iph != NULL) { /* IPv4 */ - u_int8_t flags = ((u_int8_t*)flow->packet.iph)[6]; + u_int8_t flags = ((u_int8_t*)packet->iph)[6]; /* 0: fragmented; 1: not fragmented */ if((flags & 0x20) - || (ndpi_iph_is_valid_and_not_fragmented(flow->packet.iph, flow->packet.l3_packet_len) == 0)) { + || (ndpi_iph_is_valid_and_not_fragmented(packet->iph, packet->l3_packet_len) == 0)) { ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED); } - } else if(flow->packet.iphv6 != NULL) { + } else if(packet->iphv6 != NULL) { /* IPv6 */ - const struct ndpi_ip6_hdrctl *ip6_hdr = &flow->packet.iphv6->ip6_hdr; + const struct ndpi_ip6_hdrctl *ip6_hdr = &packet->iphv6->ip6_hdr; if(ip6_hdr->ip6_un1_nxt == 0x2C /* Next Header: Fragment Header for IPv6 (44) */) { ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED); diff --git a/src/lib/protocols/dnscrypt.c b/src/lib/protocols/dnscrypt.c index a5bbd0c0e..a51ed60f7 100644 --- a/src/lib/protocols/dnscrypt.c +++ b/src/lib/protocols/dnscrypt.c @@ -33,7 +33,7 @@ static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; static char const * const dnscrypt_initial = "2\rdnscrypt"; NDPI_LOG_DBG(ndpi_struct, "search dnscrypt\n"); diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index 91c958bed..ceb3b9b74 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -36,7 +36,7 @@ static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search dofus\n"); diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 19671cf56..06d9a9855 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -36,7 +36,7 @@ struct ndpi_drda_hdr { void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; u_int16_t payload_len = packet->payload_packet_len; u_int count = 0; // prevent integer overflow diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index 3683ab131..d515bbd2b 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -39,7 +39,7 @@ static void ndpi_int_dropbox_add_connection(struct ndpi_detection_module_struct static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index a6ffc34dc..d088a9d2e 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -45,7 +45,7 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd return; } - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (!packet) { return; } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 39c29b475..24f14e603 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -156,7 +156,7 @@ static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) { } static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index bb4f40a50..299b8525d 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -37,7 +37,7 @@ static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struc void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n"); diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index 584986cca..92819c4ee 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -36,7 +36,7 @@ static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct * void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search fiesta\n"); diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index 5d27e1c98..eba60a372 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -30,7 +30,7 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search FIX\n"); if(packet->tcp && packet->payload_packet_len > 5) { diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index 9e3977422..14f1091c8 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -36,7 +36,7 @@ static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *n void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search florensia\n"); diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 53a283a99..7b6544bb4 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -581,7 +581,7 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow, static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check connection over TCP */ diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index affc58d7c..b8b526446 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -34,7 +34,7 @@ static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct } static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Check connection over TCP */ if(packet->tcp) { @@ -46,7 +46,7 @@ static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_st } static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(payload_len > 10) { @@ -70,7 +70,7 @@ static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *nd } static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* A FTP packet is pretty long so 256 is a bit conservative but it should be OK */ @@ -226,7 +226,7 @@ static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Make sure we see the beginning of the connection as otherwise we might have diff --git a/src/lib/protocols/genshin_impact.c b/src/lib/protocols/genshin_impact.c index 4144cecef..7ed0e7fa3 100644 --- a/src/lib/protocols/genshin_impact.c +++ b/src/lib/protocols/genshin_impact.c @@ -35,7 +35,7 @@ static void ndpi_int_genshin_impact_add_connection( static void ndpi_search_genshin_impact(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search genshin-impact\n"); diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index 05f22ff18..0c115e4bb 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -30,7 +30,7 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Git\n"); diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 66db0096e..67ec1b0d6 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -33,7 +33,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -64,7 +64,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 2c8316ac6..956ebe355 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -64,7 +64,7 @@ struct gtp_header_generic { static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) { diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 133009449..54391aed5 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -36,7 +36,7 @@ static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struc void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search guildwars\n"); diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 015a6a134..70d34d7ee 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -33,7 +33,7 @@ struct tpkt { void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, "search H323\n"); diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 11d2db813..79e7d0b1b 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -37,7 +37,7 @@ static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struc void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search halflife2\n"); diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 6edb6b178..0db373a04 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" /* stun.c */ -extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); +extern u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev); /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 @@ -63,7 +63,7 @@ static u_int8_t google_ptree_match(struct ndpi_detection_module_struct *ndpi_str static u_int8_t is_google_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->iph) { struct in_addr saddr, daddr; @@ -83,7 +83,7 @@ static u_int8_t is_google_flow(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Hangout\n"); @@ -101,9 +101,9 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); - if(ndpi_struct->stun_cache && flow->packet.iph && flow->packet.udp) { - u_int32_t key = get_stun_lru_key(flow, !matched_src); - + if(ndpi_struct->stun_cache && packet->iph && packet->udp) { + u_int32_t key = get_stun_lru_key(packet, !matched_src); + #ifdef DEBUG_LRU printf("[LRU] ADDING %u / %u.%u\n", key, NDPI_PROTOCOL_STUN, NDPI_PROTOCOL_HANGOUT_DUO); #endif diff --git a/src/lib/protocols/hpvirtgrp.c b/src/lib/protocols/hpvirtgrp.c index a2b977a48..8ba9d9b8d 100644 --- a/src/lib/protocols/hpvirtgrp.c +++ b/src/lib/protocols/hpvirtgrp.c @@ -35,7 +35,7 @@ static void ndpi_int_hpvirtgrp_add_connection( static void ndpi_search_hpvirtgrp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search hpvirtgrp\n"); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index d7d670a86..055726af0 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -139,7 +139,7 @@ static void ndpi_http_check_human_redeable_content(struct ndpi_detection_module_ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *double_ret = (const u_int8_t *)ndpi_strnstr((const char *)packet->payload, "\r\n\r\n", packet->payload_packet_len); NDPI_LOG_DBG(ndpi_struct, "==>>> [len: %u] ", packet->payload_packet_len); @@ -174,7 +174,7 @@ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi /* https://www.freeformatter.com/mime-types-list.html */ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->content_line.len > 0) { u_int app_len = sizeof("application"); @@ -314,7 +314,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if((packet->accept_line.len >= 28) && (memcmp(packet->accept_line.ptr, "application/x-rtsp-tunnelled", 28) == 0)) { @@ -499,7 +499,7 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct */ static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int ret; if(flow->http_detected && (flow->http.response_status_code != 0)) @@ -524,8 +524,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[packet->host_line.len]); } - flow->http.method = ndpi_http_str2method((const char*)flow->packet.http_method.ptr, - (u_int16_t)flow->packet.http_method.len); + flow->http.method = ndpi_http_str2method((const char*)packet->http_method.ptr, + (u_int16_t)packet->http_method.len); } if(packet->server_line.ptr != NULL && (packet->server_line.len > 7)) { @@ -723,7 +723,7 @@ static const char *http_fs = "CDGHOPR"; static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; unsigned int i; NDPI_LOG_DBG2(ndpi_struct, "====>>>> HTTP: %c%c%c%c [len: %u]\n", @@ -794,7 +794,7 @@ static int is_a_suspicious_header(const char* suspicious_headers[], struct ndpi_ static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { u_int32_t i; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; for(i=0; (i < packet->parsed_lines) && (packet->line[i].ptr != NULL) @@ -862,7 +862,7 @@ static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_str static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/ packet->packet_lines_parsed_complete = 0; diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index de5796d3c..a3087e572 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -39,7 +39,7 @@ static void ndpi_int_iax_add_connection(struct ndpi_detection_module_struct *ndp static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t i; u_int16_t packet_len; @@ -87,7 +87,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 9171b09d9..d8b4ffb25 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -35,7 +35,7 @@ static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i; NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); diff --git a/src/lib/protocols/iec60870-5-104.c b/src/lib/protocols/iec60870-5-104.c index b2da8c34c..97c367d92 100644 --- a/src/lib/protocols/iec60870-5-104.c +++ b/src/lib/protocols/iec60870-5-104.c @@ -30,7 +30,7 @@ void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Check connection over TCP */ NDPI_LOG_DBG(ndpi_struct, "search IEC60870\n"); diff --git a/src/lib/protocols/imo.c b/src/lib/protocols/imo.c index 90f2c6086..2784e7143 100644 --- a/src/lib/protocols/imo.c +++ b/src/lib/protocols/imo.c @@ -33,7 +33,7 @@ static void ndpi_int_imo_add_connection(struct ndpi_detection_module_struct } void ndpi_search_imo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search IMO\n"); diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index 7d2c0b6fb..0a91cc46a 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -37,7 +37,7 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t i; NDPI_LOG_DBG(ndpi_struct, "search ipp\n"); diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index a6ed0466b..bb1b65929 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -64,7 +64,7 @@ u_int8_t ndpi_is_duplicate(struct ndpi_id_struct *id_t, u_int16_t port) static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // u_int16_t i; u_int8_t number_of_lines_to_be_searched_for = 0; @@ -88,7 +88,7 @@ static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_st static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i, packetl = packet->payload_packet_len; if (packetl < 4) { @@ -110,7 +110,7 @@ static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndp static u_int8_t ndpi_check_for_cmd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i; if (packet->payload_packet_len < 4) { @@ -150,7 +150,7 @@ static u_int8_t ndpi_check_for_IRC_traces(const u_int8_t * ptr, u_int16_t len) u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "start fast detect\n"); @@ -367,7 +367,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 1dbf5122e..46516a3ee 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -49,7 +49,7 @@ static void ndpi_int_jabber_add_connection(struct ndpi_detection_module_struct * static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t x) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int i, left = packet->payload_packet_len-x; if(left <= 0) return; @@ -64,7 +64,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; u_int16_t x; diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 987a40f62..2368ab3ab 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -32,7 +32,7 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search kakaotalk_voice\n"); diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 2f8c550ca..fe1aba684 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -42,7 +42,7 @@ static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t sport = packet->tcp ? ntohs(packet->tcp->source) : ntohs(packet->udp->source); u_int16_t dport = packet->tcp ? ntohs(packet->tcp->dest) : ntohs(packet->udp->dest); const u_int8_t *original_packet_payload = NULL; diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 8f23402cd..69bca3d7b 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -39,7 +39,7 @@ static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Kontiki\n"); diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index 00e1bf9d8..9f6c0fec0 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -37,7 +37,7 @@ static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search ldap\n"); diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index b56f43b20..df9f0ef60 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -38,7 +38,7 @@ static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->udp != NULL) { diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 73cae8fe0..a0d69ffa6 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -29,7 +29,7 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 5810ec219..7646b9e82 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -37,7 +37,7 @@ static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struc void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t i = 0; u_int16_t space_pos = 0; u_int16_t command_start = 0; diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index e522fc187..c51192b44 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -58,7 +58,7 @@ static void popInitExtraPacketProcessing(struct ndpi_flow_struct *flow); static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->payload_packet_len > 4) { if((packet->payload[0] == 'A' || packet->payload[0] == 'a') @@ -147,7 +147,7 @@ static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_mod void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t a = 0; u_int8_t bit_count = 0; diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 256026c25..7ee1cdd8d 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -67,7 +67,7 @@ static void smtpInitExtraPacketProcessing(struct ndpi_flow_struct *flow); void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n"); diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index ea13205ae..9268ff0e2 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -36,7 +36,7 @@ static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_stru void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search maplestory\n"); diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index 2cfae0199..b729bfed1 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -28,7 +28,7 @@ void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search for MEGACO\n"); diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c index 0722c5fc5..3aef1fd55 100644 --- a/src/lib/protocols/memcached.c +++ b/src/lib/protocols/memcached.c @@ -103,7 +103,7 @@ void ndpi_search_memcached( struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *offset = packet->payload; u_int16_t length = packet->payload_packet_len; u_int8_t *matches; diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index bc643ba9d..a00a2fdab 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -37,7 +37,7 @@ static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t pos = 5; diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c index e336bc8de..f20ff7167 100644 --- a/src/lib/protocols/mining.c +++ b/src/lib/protocols/mining.c @@ -38,7 +38,7 @@ static void cacheMiningHostTwins(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t source = ntohs(packet->udp->source); u_int16_t dest = ntohs(packet->udp->dest); @@ -62,7 +62,7 @@ void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } } @@ -80,7 +80,7 @@ static u_int8_t isEthPort(u_int16_t dport) { void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search MINING TCP\n"); @@ -98,7 +98,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } } @@ -111,7 +111,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } else flow->guessed_protocol_id = NDPI_PROTOCOL_MINING; @@ -132,7 +132,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len) && (ndpi_strnstr((const char *)packet->payload, "\"method\":", packet->payload_packet_len) @@ -156,7 +156,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); if(packet->iph) /* TODO: ipv6 */ - cacheMiningHostTwins(ndpi_struct, flow->packet.iph->saddr + flow->packet.iph->daddr); + cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; } } diff --git a/src/lib/protocols/modbus.c b/src/lib/protocols/modbus.c index c98c71298..cd6d55dec 100644 --- a/src/lib/protocols/modbus.c +++ b/src/lib/protocols/modbus.c @@ -29,7 +29,7 @@ void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search Modbus\n"); u_int16_t modbus_port = htons(502); // port used by modbus diff --git a/src/lib/protocols/mongodb.c b/src/lib/protocols/mongodb.c index 7d079273c..70d841709 100644 --- a/src/lib/protocols/mongodb.c +++ b/src/lib/protocols/mongodb.c @@ -66,7 +66,7 @@ static void set_mongodb_detected(struct ndpi_detection_module_struct *ndpi_struc static void ndpi_check_mongodb(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct mongo_message_header mongodb_hdr; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len <= sizeof(mongodb_hdr)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 2209294bd..a0feed111 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -27,7 +27,7 @@ void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search MPEGTS\n"); diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index fc2d5c5fd..58bb2fb1c 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -68,7 +68,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t rl,pt,flags; NDPI_LOG_DBG(ndpi_struct, "search Mqtt\n"); - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 03b4640ec..f168d418d 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -46,7 +46,7 @@ static void ndpi_int_mssql_tds_add_connection(struct ndpi_detection_module_struc void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; NDPI_LOG_DBG(ndpi_struct, "search mssql_tds\n"); diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index 948a5cb77..0a4c07c36 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -30,7 +30,7 @@ #include "ndpi_api.h" void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search MySQL\n"); diff --git a/src/lib/protocols/nats.c b/src/lib/protocols/nats.c index 0254a02c4..a036303e8 100644 --- a/src/lib/protocols/nats.c +++ b/src/lib/protocols/nats.c @@ -40,7 +40,7 @@ static const char* commands[] = void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Check connection over TCP */ NDPI_LOG_DBG(ndpi_struct, "search NATS\n"); @@ -49,14 +49,14 @@ void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct, int i; for(i=0; commands[i] != NULL; i++) { - char *match = ndpi_strnstr((const char *)flow->packet.payload, + char *match = ndpi_strnstr((const char *)packet->payload, commands[i], - flow->packet.payload_packet_len); + packet->payload_packet_len); if(!match) continue; if(ndpi_strnstr((const char *)match, "\r\n", - flow->packet.payload_packet_len - ((size_t)match - (size_t)flow->packet.payload)) != NULL) { + packet->payload_packet_len - ((size_t)match - (size_t)packet->payload)) != NULL) { NDPI_LOG_INFO(ndpi_struct, "found NATS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NATS, NDPI_PROTOCOL_UNKNOWN); diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c index 70eb515b7..739e4ebe0 100644 --- a/src/lib/protocols/nest_log_sink.c +++ b/src/lib/protocols/nest_log_sink.c @@ -37,7 +37,7 @@ void ndpi_search_nest_log_sink( struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search nest_log_sink\n"); diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index fa77c9f6f..ccf910489 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -94,12 +94,14 @@ int ndpi_netbios_name_interpret(u_char *in, u_int in_len, u_char *out, u_int out static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t sub_protocol) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + unsigned char name[64]; - u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14; + u_int off = packet->payload[12] == 0x20 ? 12 : 14; - if((off < flow->packet.payload_packet_len) - && ndpi_netbios_name_interpret((unsigned char*)&flow->packet.payload[off], - (u_int)(flow->packet.payload_packet_len - off), name, sizeof(name)-1) > 0) { + if((off < packet->payload_packet_len) + && ndpi_netbios_name_interpret((unsigned char*)&packet->payload[off], + (u_int)(packet->payload_packet_len - off), name, sizeof(name)-1) > 0) { snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1); @@ -115,7 +117,7 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport; NDPI_LOG_DBG(ndpi_struct, "search netbios\n"); diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index d91993854..0cb9cd163 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -99,7 +99,7 @@ struct flow_ver7_rec { void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; time_t now; diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index 2eb930ca2..0e7bd0895 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -38,7 +38,7 @@ static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search NFS\n"); diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index bbc87a495..963087909 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -35,7 +35,7 @@ static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(packet->udp != NULL) { diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 61eec9468..4728510fd 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -39,7 +39,7 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search NOE\n"); diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index 46ff4e67b..b860ca784 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -40,7 +40,7 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->iph == NULL) { if (packet->iphv6 == NULL) diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 211ac446f..db9416121 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -36,7 +36,7 @@ static void ndpi_int_ntp_add_connection(struct ndpi_detection_module_struct void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search NTP\n"); diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c index 216ad7833..9d9cc981c 100644 --- a/src/lib/protocols/ookla.c +++ b/src/lib/protocols/ookla.c @@ -28,7 +28,7 @@ const u_int16_t ookla_port = 8080; /* ************************************************************* */ void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; u_int32_t addr = 0; u_int16_t sport, dport; diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index 035b3724e..96e0735ca 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -37,7 +37,7 @@ static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct void ndpi_search_openft_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) { NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index e218b44d1..5c08ed6c5 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -81,7 +81,7 @@ int8_t check_pkid_and_detect_hmac_size(const u_int8_t * payload) { void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; const u_int8_t * ovpn_payload = packet->payload; const u_int8_t * session_remote; u_int8_t opcode; diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index a24837a68..bd04922bc 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -33,7 +33,7 @@ static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, "search ORACLE\n"); diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index 68e5d02f1..19cdec4c7 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -39,7 +39,7 @@ static void ndpi_int_postgres_add_connection(struct ndpi_detection_module_struct void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t size; if (flow->l4.tcp.postgres_stage == 0) { diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 5f119b984..44eb812dc 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -41,7 +41,7 @@ static void ndpi_int_ppstream_add_connection(struct ndpi_detection_module_struct void ndpi_search_ppstream(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search PPStream\n"); /** diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index e87106f88..d3ff2bd15 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -37,7 +37,7 @@ static void ndpi_int_pptp_add_connection(struct ndpi_detection_module_struct void ndpi_search_pptp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search pptp\n"); diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 51f6d2859..76f34a241 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -39,7 +39,7 @@ static void ndpi_int_qq_add_connection(struct ndpi_detection_module_struct *ndpi void ndpi_search_qq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search QQ\n"); diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 1a79de2b9..dbdb9e6f1 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -929,7 +929,7 @@ static uint8_t *decrypt_initial_packet(struct ndpi_detection_module_struct *ndpi uint32_t *clear_payload_len) { uint64_t token_length, payload_length, packet_number; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; uint8_t first_byte; uint32_t pkn32, pn_offset, pkn_len, offset; quic_ciphers ciphers; /* Client initial ciphers */ @@ -1235,7 +1235,7 @@ static uint8_t *get_clear_payload(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_flow_struct *flow, uint32_t version, uint32_t *clear_payload_len) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t *clear_payload; u_int8_t dest_conn_id_len; #ifdef HAVE_LIBGCRYPT @@ -1286,7 +1286,7 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t *crypto_data, uint32_t crypto_data_len, uint32_t version) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* Overwriting packet payload */ u_int16_t p_len; @@ -1409,7 +1409,7 @@ static int may_be_initial_pkt(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t *version) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t first_byte; u_int8_t pub_bit1, pub_bit2, pub_bit3, pub_bit4, pub_bit5, pub_bit7, pub_bit8; u_int8_t dest_conn_id_len, source_conn_id_len; @@ -1529,7 +1529,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* We are elaborating a packet following the initial CHLO/ClientHello. Two cases: diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index ed0c888ce..ffc7ffc13 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -33,7 +33,7 @@ struct radius_header { static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index e783d7d4e..6b3564e79 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -36,7 +36,7 @@ static void ndpi_int_rdp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search RDP\n"); diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 200183d66..72b247130 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -31,7 +31,7 @@ static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *n static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if(payload_len == 0) return; /* Shouldn't happen */ diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 8cc3dd16d..978cc42e0 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -33,7 +33,7 @@ static void ndpi_int_rsync_add_connection(struct ndpi_detection_module_struct void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search RSYNC\n"); diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index 0e03ea8a8..253402955 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -20,7 +20,7 @@ static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, "search RTCP\n"); diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index 2f49b9faa..80d92f151 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -37,7 +37,7 @@ static void ndpi_int_rtmp_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 111c57737..24f92afe2 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -77,7 +77,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_len) { u_int8_t payloadType, payload_type; - u_int16_t d_port = ntohs(flow->packet.udp->dest); + u_int16_t d_port = ntohs(ndpi_struct->packet.udp->dest); NDPI_LOG_DBG(ndpi_struct, "search RTP\n"); @@ -122,7 +122,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t source = ntohs(packet->udp->source); u_int16_t dest = ntohs(packet->udp->dest); diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 4a365650e..2a882fe54 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -40,7 +40,7 @@ static void ndpi_int_rtsp_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index bd24b979d..a20594c05 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -78,7 +78,7 @@ struct ndpi_rx_header { void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; NDPI_LOG_DBG2(ndpi_struct, "RX: pck: %d, dir[0]: %d, dir[1]: %d\n", diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c index ac1584225..4aef6fa6f 100644 --- a/src/lib/protocols/s7comm.c +++ b/src/lib/protocols/s7comm.c @@ -26,7 +26,7 @@ void ndpi_search_s7comm_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &ndpi_struct->packet;
NDPI_LOG_DBG(ndpi_struct, "search S7\n");
u_int16_t s7comm_port = htons(102);
if(packet->tcp) {
diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index dadd3ec4f..01ab1e226 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -26,7 +26,7 @@ void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index bc1782508..3fdb060d1 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -37,7 +37,7 @@ static void ndpi_int_shoutcast_add_connection(struct ndpi_detection_module_struc void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search shoutcast\n"); diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 2a0357789..6c159afdd 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -44,7 +44,7 @@ __forceinline static void ndpi_search_sip_handshake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index 5ec54dbdf..23a3b32c3 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -32,7 +32,7 @@ static void ndpi_int_skinny_add_connection(struct ndpi_detection_module_struct void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t dport = 0, sport = 0; const char pattern_9_bytes[9] = { 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; const char pattern_8_bytes[8] = { 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 7508283ce..4bbc46bb8 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -28,7 +28,7 @@ static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { } static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; int i; const uint8_t id_flags_iv_crc_len = 11; @@ -67,7 +67,7 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ } static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 23a61164c..c8e4333da 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -27,7 +27,7 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search SMB\n"); diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 7ddb4b4d2..aaf129743 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -41,9 +41,10 @@ static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_l void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &ndpi_struct->packet; + NDPI_LOG_DBG(ndpi_struct, "search SMPP\n"); if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SMPP){ - struct ndpi_packet_struct* packet = &flow->packet; // min SMPP packet length = 16 bytes if (packet->payload_packet_len < 16) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index a3054d76c..786b18d5d 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -32,7 +32,7 @@ static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t snmp_port = htons(161), trap_port = htons(162); if((packet->payload_packet_len <= 32) diff --git a/src/lib/protocols/soap.c b/src/lib/protocols/soap.c index dfbaf6c1e..6ae0bdae3 100644 --- a/src/lib/protocols/soap.c +++ b/src/lib/protocols/soap.c @@ -33,7 +33,7 @@ static void ndpi_int_soap_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_soap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search soap\n"); diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index a39d8da47..4f57ff7ea 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -36,7 +36,7 @@ static void ndpi_int_socks_add_connection(struct ndpi_detection_module_struct *n static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ @@ -77,7 +77,7 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Break after 20 packets. */ diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 5c617fa86..12174a505 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -101,7 +101,7 @@ static u_int32_t someip_data_cover_32(const u_int8_t *data) void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - const struct ndpi_packet_struct *packet = &flow->packet; + const struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len < 16) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index e723b9017..8cacee346 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -101,7 +101,7 @@ static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (flow->packet_counter == 1 && packet->payload_packet_len == 54 && get_u_int16_t(packet->payload, 0) == ntohs(0x0036)) { if (ndpi_int_is_sopcast_tcp(packet->payload, packet->payload_packet_len)) { @@ -118,7 +118,7 @@ static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search sopcast. \n"); @@ -202,7 +202,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct void ndpi_search_sopcast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->udp != NULL) ndpi_search_sopcast_udp(ndpi_struct, flow); diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index c20c8e6dc..50dd98719 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -37,7 +37,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index b0a077251..6e5efb36e 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -38,7 +38,7 @@ static void ndpi_int_spotify_add_connection(struct ndpi_detection_module_struct static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index 0b8f45d0d..d3752d4d1 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -38,7 +38,7 @@ static void ndpi_int_ssdp_add_connection(struct ndpi_detection_module_struct /* this detection also works asymmetrically */ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search ssdp\n"); if (packet->udp != NULL) { diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 6d62c3724..fdf0b55b0 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -401,7 +401,7 @@ static void ndpi_ssh_zap_cr(char *str, int len) { /* ************************************************************************ */ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; #ifdef SSH_DEBUG printf("[SSH] %s()\n", __FUNCTION__); diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 9419b7a5b..c26b76a0a 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -49,10 +49,12 @@ u_int8_t sc2_match_logon_ip(struct ndpi_packet_struct* packet) */ u_int8_t ndpi_check_starcraft_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - if (sc2_match_logon_ip(&flow->packet) - && flow->packet.tcp->dest == htons(1119) //bnetgame port - && (ndpi_match_strprefix(flow->packet.payload, flow->packet.payload_packet_len, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66") - || ndpi_match_strprefix(flow->packet.payload, flow->packet.payload_packet_len, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66"))) + struct ndpi_packet_struct* packet = &ndpi_struct->packet; + + if (sc2_match_logon_ip(packet) + && packet->tcp->dest == htons(1119) //bnetgame port + && (ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66") + || ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66"))) return 1; else return -1; @@ -66,7 +68,7 @@ u_int8_t ndpi_check_starcraft_tcp(struct ndpi_detection_module_struct* ndpi_stru */ u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - struct ndpi_packet_struct* packet = &flow->packet; + struct ndpi_packet_struct* packet = &ndpi_struct->packet; /* First off, filter out any traffic not using port 1119, removing the chance of any false positive if we assume that non allowed protocols don't use the port */ if (packet->udp->source != htons(1119) && packet->udp->dest != htons(1119)) @@ -114,9 +116,10 @@ u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_stru void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &ndpi_struct->packet; + NDPI_LOG_DBG(ndpi_struct, "search Starcraft\n"); if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_STARCRAFT) { - struct ndpi_packet_struct* packet = &flow->packet; int8_t result = 0; if (packet->udp != NULL) { diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 972033016..4eb505a41 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -38,7 +38,7 @@ static void ndpi_int_stealthnet_add_connection(struct ndpi_detection_module_stru void ndpi_search_stealthnet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search stealthnet\n"); diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 5a72d9f8d..930152b17 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -35,7 +35,7 @@ static void ndpi_int_steam_add_connection(struct ndpi_detection_module_struct *n } static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); if (packet->user_agent_line.ptr != NULL @@ -47,7 +47,7 @@ static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if (flow->steam_stage == 0) { @@ -104,7 +104,7 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc } static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; if (ndpi_match_strprefix(packet->payload, payload_len, "VS01")) { @@ -185,7 +185,7 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ @@ -220,7 +220,7 @@ static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_stru } static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ @@ -255,8 +255,9 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru } void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; - if(flow->packet.udp != NULL) { + if(packet->udp != NULL) { if(flow->packet_counter > 5) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 2f14639c9..19129165b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -40,11 +40,11 @@ struct stun_packet_header { /* ************************************************************ */ -u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { +u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev) { if(rev) - return(flow->packet.iph->daddr + flow->packet.udp->dest); + return(packet->iph->daddr + packet->udp->dest); else - return(flow->packet.iph->saddr + flow->packet.udp->source); + return(packet->iph->saddr + packet->udp->source); } /* ************************************************************ */ @@ -52,15 +52,17 @@ u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int proto, u_int app_proto) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); if(ndpi_struct->stun_cache - && flow->packet.iph - && flow->packet.udp + && packet->iph + && packet->udp && (app_proto != NDPI_PROTOCOL_UNKNOWN) ) /* Cache flow sender info */ { - u_int32_t key = get_stun_lru_key(flow, 0); + u_int32_t key = get_stun_lru_key(packet, 0); u_int16_t cached_proto; if(ndpi_lru_find_cache(ndpi_struct->stun_cache, key, @@ -70,7 +72,7 @@ void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_stru #endif app_proto = cached_proto, proto = NDPI_PROTOCOL_STUN; } else { - u_int32_t key_rev = get_stun_lru_key(flow, 1); + u_int32_t key_rev = get_stun_lru_key(packet, 1); if(ndpi_lru_find_cache(ndpi_struct->stun_cache, key_rev, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { @@ -146,12 +148,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_length) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t msg_type, msg_len; int rc; - if(flow->packet.iph && - ((flow->packet.iph->daddr == 0xFFFFFFFF /* 255.255.255.255 */) || - ((ntohl(flow->packet.iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */))) { + if(packet->iph && + ((packet->iph->daddr == 0xFFFFFFFF /* 255.255.255.255 */) || + ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */))) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return(NDPI_IS_NOT_STUN); } @@ -193,7 +196,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * */ if(payload[0] == 0x16) { /* Let's check if this is DTLS used by some socials */ - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t total_len, version = htons(*((u_int16_t*) &packet->payload[1])); switch (version) { @@ -220,7 +223,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(ndpi_struct->stun_cache) { u_int16_t proto; - u_int32_t key = get_stun_lru_key(flow, 0); + u_int32_t key = get_stun_lru_key(packet, 0); int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -229,7 +232,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #endif if(!rc) { - key = get_stun_lru_key(flow, 1); + key = get_stun_lru_key(packet, 1); rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -468,8 +471,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * udp_stun_found: flow->protos.tls_quic_stun.stun.num_processed_pkts++; - struct ndpi_packet_struct *packet = &flow->packet; - #ifdef DEBUG_STUN printf("==>> NDPI_PROTOCOL_WHATSAPP_CALL\n"); #endif @@ -486,7 +487,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search stun\n"); diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index f0e7ae7df..45b005030 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -37,7 +37,7 @@ static void ndpi_int_syslog_add_connection(struct ndpi_detection_module_struct void ndpi_search_syslog(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t i; NDPI_LOG_DBG(ndpi_struct, "search syslog\n"); diff --git a/src/lib/protocols/targus_getdata.c b/src/lib/protocols/targus_getdata.c index bbc524bd9..acaa4f6a2 100644 --- a/src/lib/protocols/targus_getdata.c +++ b/src/lib/protocols/targus_getdata.c @@ -29,7 +29,7 @@ static void ndpi_check_targus_getdata(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(packet->iph) { u_int16_t targus_getdata_port = ntohs(5201); diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index b167b08e4..df3a8bf68 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -55,7 +55,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st { u_int16_t sport, dport; u_int proto; - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(flow->host_server_name[0] != '\0') return; @@ -72,8 +72,8 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, flow, - flow->packet.iph ? flow->packet.iph->protocol : - flow->packet.iphv6->ip6_hdr.ip6_un1_nxt, + packet->iph ? packet->iph->protocol : + packet->iphv6->ip6_hdr.ip6_un1_nxt, ntohl(packet->iph->saddr), ntohl(packet->iph->daddr), sport, dport); diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index a2a1002ff..8f6cdc7ba 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -32,7 +32,7 @@ static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struc void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search teamspeak\n"); diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index d279b1a8a..54408b2d1 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -39,7 +39,7 @@ static void ndpi_int_teamview_add_connection(struct ndpi_detection_module_struct void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search teamwiewer\n"); /* @@ -48,9 +48,9 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru http://myip.ms/view/ip_owners/144885/Teamviewer_Gmbh.html */ - if(flow->packet.iph) { - u_int32_t src = ntohl(flow->packet.iph->saddr); - u_int32_t dst = ntohl(flow->packet.iph->daddr); + if(packet->iph) { + u_int32_t src = ntohl(packet->iph->saddr); + u_int32_t dst = ntohl(packet->iph->daddr); /* 95.211.37.195 - 95.211.37.203 */ if(((src >= 1607673283) && (src <= 1607673291)) diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index cb21092ae..f035d914e 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -45,7 +45,7 @@ static u_int8_t is_telegram_port_range(u_int16_t port) { void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search telegram\n"); diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index b08022b05..bdf695687 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -35,7 +35,7 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int i; #ifdef TELNET_DEBUG @@ -130,7 +130,7 @@ __forceinline static #endif u_int8_t search_iac(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t a; diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 87b6804dd..3a81b1b4b 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -27,7 +27,7 @@ /* https://en.wikipedia.org/wiki/Teredo_tunneling */ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index f783353d0..fed53506e 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -39,7 +39,7 @@ static void ndpi_int_tftp_add_connection(struct ndpi_detection_module_struct void ndpi_search_tftp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search TFTP\n"); diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 42fc8c83e..31fa720d4 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -32,7 +32,7 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -58,7 +58,7 @@ __forceinline static void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { @@ -89,7 +89,7 @@ __forceinline static void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { @@ -145,7 +145,7 @@ __forceinline static void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -195,7 +195,7 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct void ndpi_search_thunder(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // //struct ndpi_id_struct *src = flow->src; //struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index 0adfbebd5..04974cd8e 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -28,7 +28,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 2270b05ab..aac8798b3 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -105,7 +105,7 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int32_t protocol) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; // protocol = NDPI_PROTOCOL_TLS; @@ -138,7 +138,7 @@ static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_st void ndpi_search_tls_tcp_memory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int avail_bytes; /* TCP */ @@ -284,11 +284,13 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet, static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) { /* Subprotocol not yet set */ - if(ndpi_struct->tls_cert_cache && flow->packet.iph && flow->packet.tcp) { - u_int32_t key = flow->packet.iph->daddr + flow->packet.tcp->dest; + if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) { + u_int32_t key = packet->iph->daddr + packet->tcp->dest; u_int16_t cached_proto; if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key, @@ -311,7 +313,7 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct static void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t p_offset, u_int16_t certificate_len) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t num_found = 0, i; char buffer[64] = { '\0' }, rdnSeqBuf[2048]; u_int rdn_len = 0; @@ -431,7 +433,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi offset += 2; if((offset+len) < packet->payload_packet_len) { - u_int32_t time_sec = flow->packet.current_time_ms / 1000; + u_int32_t time_sec = packet->current_time_ms / 1000; #ifdef DEBUG_TLS u_int j; @@ -601,8 +603,8 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi if(ndpi_struct->tls_cert_cache == NULL) ndpi_struct->tls_cert_cache = ndpi_lru_cache_init(1024); - if(ndpi_struct->tls_cert_cache && flow->packet.iph) { - u_int32_t key = flow->packet.iph->daddr + flow->packet.tcp->dest; + if(ndpi_struct->tls_cert_cache && packet->iph) { + u_int32_t key = packet->iph->daddr + packet->tcp->dest; ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id); } @@ -624,7 +626,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi /* See https://blog.catchpoint.com/2017/05/12/dissecting-tls-using-wireshark/ */ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int is_dtls = packet->udp ? 1 : 0; u_int32_t certificates_length, length = (packet->payload[1] << 16) + (packet->payload[2] << 8) + packet->payload[3]; u_int32_t certificates_offset = 7 + (is_dtls ? 8 : 0); @@ -749,7 +751,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; int ret; #ifdef DEBUG_TL @@ -812,7 +814,7 @@ static void ndpi_looks_like_tls(struct ndpi_detection_module_struct *ndpi_struct static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t something_went_wrong = 0; #ifdef DEBUG_TLS_MEMORY @@ -971,7 +973,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t handshake_len; u_int16_t p_len, processed; const u_int8_t *p; @@ -1069,11 +1071,13 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, static void tlsInitExtraPacketProcessing(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + flow->check_extra_packets = 1; /* At most 12 packets should almost always be enough to find the server certificate if it's there */ flow->max_extra_packets_to_check = 12 + (ndpi_struct->num_tls_blocks_to_follow*4); - flow->extra_packets_func = (flow->packet.udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp; + flow->extra_packets_func = (packet->udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp; } /* **************************************** */ @@ -1108,11 +1112,13 @@ static void tlsCheckUncommonALPN(struct ndpi_detection_module_struct *ndpi_struc static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int32_t protocol) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + #if DEBUG_TLS printf("[TLS] %s()\n", __FUNCTION__); #endif - if((flow->packet.udp != NULL) && (protocol == NDPI_PROTOCOL_TLS)) + if((packet->udp != NULL) && (protocol == NDPI_PROTOCOL_TLS)) protocol = NDPI_PROTOCOL_DTLS; if((flow->detected_protocol_stack[0] == protocol) @@ -1138,7 +1144,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct * const flow, int is_dtls, u_int16_t extension_id, u_int16_t extension_len, u_int16_t extension_payload_offset) { - struct ndpi_packet_struct const * const packet = &flow->packet; + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; if (extension_payload_offset + extension_len > packet->payload_packet_len) { @@ -1206,7 +1212,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct, int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t quic_version) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; union ja3_info ja3; u_int8_t invalid_ja3 = 0; u_int16_t tls_version, ja3_str_len; @@ -2266,7 +2272,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; #ifdef DEBUG_TLS printf("==>> %s() %u [len: %u][version: %u]\n", diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index a0ecad9de..be6ce943e 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -37,7 +37,7 @@ static void ndpi_int_tvuplayer_add_connection(struct ndpi_detection_module_struc void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search tvuplayer. \n"); diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index b2d3f5ab4..0f3aaa9bd 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -33,7 +33,7 @@ static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search ubntac2\n"); NDPI_LOG_DBG2(ndpi_struct, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 27efb488a..f63948cb1 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -40,7 +40,7 @@ static void ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search usenet\n"); diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index b91793b1b..36e9f3a37 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -38,7 +38,7 @@ static void ndpi_int_vhua_add_connection(struct ndpi_detection_module_struct *nd static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; u_char p0[] = { 0x05, 0x14, 0x3a, 0x05, 0x08, 0xf8, 0xa1, 0xb1, 0x03 }; diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 04f781e7b..4a09a07f6 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -27,7 +27,7 @@ void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search for VIBER\n"); diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index bdced12dd..4c161867e 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -26,7 +26,7 @@ void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search vmware\n"); /* Check whether this is an VMWARE flow */ diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index 4bcd0e35c..cac2fe46d 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -28,7 +28,7 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search vnc\n"); /* search over TCP */ diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index c33dfc184..f11d5fc6e 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -37,7 +37,7 @@ static void ndpi_int_warcraft3_add_connection(struct ndpi_detection_module_struc void ndpi_search_warcraft3(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t l; /* Leave it as u_int32_t because otherwise 'u_int16_t temp' diff --git a/src/lib/protocols/websocket.c b/src/lib/protocols/websocket.c index 853ce8094..84aaf12f0 100644 --- a/src/lib/protocols/websocket.c +++ b/src/lib/protocols/websocket.c @@ -61,7 +61,7 @@ static void set_websocket_detected(struct ndpi_detection_module_struct *ndpi_str static void ndpi_check_websocket(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; if (packet->payload_packet_len < sizeof(u_int16_t)) { diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index 608e6576e..bfb39273a 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -25,7 +25,7 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; static u_int8_t whatsapp_sequence[] = { 0x45, 0x44, 0x0, 0x01, 0x0, 0x0, 0x02, 0x08, 0x0, 0x57, 0x41, 0x02, 0x0, 0x0, 0x0 diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index ed30de9e2..7321626d2 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -27,7 +27,7 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search WHOIS/DAS\n"); if(packet->tcp != NULL) { diff --git a/src/lib/protocols/wireguard.c b/src/lib/protocols/wireguard.c index b2cc4287c..eb18d94a8 100644 --- a/src/lib/protocols/wireguard.c +++ b/src/lib/protocols/wireguard.c @@ -42,7 +42,7 @@ enum wg_message_type { void ndpi_search_wireguard(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; const u_int8_t *payload = packet->payload; u_int8_t message_type = payload[0]; diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 25f287e66..aabc4a520 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -35,7 +35,7 @@ static void ndpi_int_world_of_kung_fu_add_connection(struct ndpi_detection_modul void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search world_of_kung_fu\n"); diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index e53a4caf9..9a61497dc 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -54,7 +54,7 @@ u_int8_t ndpi_int_is_wow_port(const u_int16_t port) void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/wsd.c b/src/lib/protocols/wsd.c index c557c7c52..f428eaa35 100644 --- a/src/lib/protocols/wsd.c +++ b/src/lib/protocols/wsd.c @@ -30,7 +30,7 @@ void ndpi_search_wsd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search wsd\n"); diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index 282086cd9..88e7042ba 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -35,7 +35,7 @@ static void ndpi_int_xbox_add_connection(struct ndpi_detection_module_struct void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; /* * XBOX UDP DETCTION ONLY diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index a6cbd679b..3bfdc8275 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -38,7 +38,7 @@ static void ndpi_int_xdmcp_add_connection(struct ndpi_detection_module_struct void ndpi_search_xdmcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; NDPI_LOG_DBG(ndpi_struct, "search xdmcp\n"); diff --git a/src/lib/protocols/z3950.c b/src/lib/protocols/z3950.c index 0c95e5d85..fe168ea9b 100644 --- a/src/lib/protocols/z3950.c +++ b/src/lib/protocols/z3950.c @@ -87,7 +87,7 @@ static int z3950_parse_sequences(struct ndpi_packet_struct const * const packet, static void ndpi_search_z3950(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct * packet = &flow->packet; + struct ndpi_packet_struct * packet = &ndpi_struct->packet; int const minimum_expected_sequences = 6; NDPI_LOG_DBG(ndpi_struct, "search z39.50\n"); diff --git a/src/lib/protocols/zabbix.c b/src/lib/protocols/zabbix.c index 9e67a3159..bc2eb562b 100644 --- a/src/lib/protocols/zabbix.c +++ b/src/lib/protocols/zabbix.c @@ -36,7 +36,7 @@ static void ndpi_int_zabbix_add_connection(struct ndpi_detection_module_struct * void ndpi_search_zabbix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int8_t tomatch[] = { 'Z', 'B', 'X', 'D', 0x1 }; NDPI_LOG_DBG(ndpi_struct, "search Zabbix\n"); diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 961c15d65..6b3e9625c 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -35,8 +35,10 @@ __forceinline static #endif u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - if(flow->packet.user_agent_line.ptr != NULL && flow->packet.user_agent_line.len == 111) { - if(memcmp(flow->packet.user_agent_line.ptr + flow->packet.user_agent_line.len - 25, "Zattoo/4", sizeof("Zattoo/4") - 1) == 0) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + + if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len == 111) { + if(memcmp(packet->user_agent_line.ptr + packet->user_agent_line.len - 25, "Zattoo/4", sizeof("Zattoo/4") - 1) == 0) { NDPI_LOG_DBG(ndpi_struct, "found zattoo useragent\n"); return 1; } @@ -54,7 +56,7 @@ u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndp void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index c955beca5..244e0603e 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -31,7 +31,7 @@ static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndp static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t payload_len = packet->payload_packet_len; u_char p0[] = { 0x00, 0x00, 0x00, 0x05, 0x01, 0x66, 0x6c, 0x6f, 0x77 }; u_char p1[] = { 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x7f }; |