diff options
| -rw-r--r-- | example/ndpiReader.c | 3 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 7 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 94 |
4 files changed, 52 insertions, 54 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 76c0c30bf..037b194d2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -653,6 +653,9 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept u_int16_t thread_id = *((u_int16_t *) user_data); if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ + if((!flow->detection_completed) && flow->ndpi_flow) + flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].ndpi_struct, flow->ndpi_flow); + if(enable_protocol_guess) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { node_guess_undetected_protocol(thread_id, flow); diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 5815f118c..fd1f5bb83 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -116,7 +116,14 @@ extern "C" { void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct, const NDPI_PROTOCOL_BITMASK * detection_bitmask); + /** + * This function has to be called before we give up with detection for a given flow + */ + ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + + /** * This function will processes one packet and returns the ID of the detected protocol. * This is the main packet processing function. * diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8cf9a4353..620c9685d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -861,7 +861,7 @@ struct ndpi_flow_struct { u_int16_t protocol_stack_info; /* init parameter, internal used to set up timestamp,... */ - u_int16_t guessed_protocol_id, guessed_host_proto_id; + u_int16_t guessed_protocol_id, guessed_host_protocol_id; u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 20b90d4cf..cffdc65bf 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -578,33 +578,33 @@ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct /* ******************************************************************** */ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_match *match) { + ndpi_protocol_match *match) { u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - + ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match, match->protocol_id, match->protocol_breed); - + if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; } - + ndpi_set_proto_defaults(ndpi_mod, ndpi_mod->proto_defaults[match->protocol_id].protoBreed, ndpi_mod->proto_defaults[match->protocol_id].protoId, no_master, no_master, ndpi_mod->proto_defaults[match->protocol_id].protoName, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); } /* ******************************************************************** */ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; - + for(i=0; host_match[i].string_to_match != NULL; i++) ndpi_init_protocol_match(ndpi_mod, &host_match[i]); @@ -1626,7 +1626,7 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp struct in_addr pin; int bits = 32; char *ptr = strrchr(value, '/'); - + if (ptr) { ptr[0] = '\0'; @@ -1634,12 +1634,12 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp if (atoi(ptr)>=0 && atoi(ptr)<=32) bits = atoi(ptr); } - + inet_pton(AF_INET, value, &pin); - + if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, bits)) != NULL) node->value.user_value = protocol_id; - + return 0; } @@ -1856,7 +1856,7 @@ char * strsep(char **sp, char *sep) int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, u_int8_t do_add) { - + char *at, *proto, *elem; ndpi_proto_defaults_t *def; int subprotocol_id, i; @@ -1971,7 +1971,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, */ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path) { - + FILE *fd = fopen(path, "r"); int i; @@ -3114,7 +3114,7 @@ void check_ndpi_flow_func(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, + struct ndpi_ipv6hdr *iph6, struct ndpi_tcphdr *tcp, struct ndpi_udphdr *udp, u_int8_t src_to_dst_direction, @@ -3132,7 +3132,7 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru flow->packet.tcp = tcp, flow->packet.udp = udp; flow->packet.payload = payload, flow->packet.payload_packet_len = payload_len; - + if(src_to_dst_direction) flow->src = src, flow->dst = dst; else @@ -3156,11 +3156,6 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru if(flow->packet.payload_packet_len != 0) { ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD; - - if(!flow->protocol_id_already_guessed) { - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport); - flow->protocol_id_already_guessed = 1; - } } if(flow->packet.tcp_retransmission == 0) @@ -3173,40 +3168,46 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru a = flow->packet.detected_protocol_stack[0]; if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, a) == 0) a = NDPI_PROTOCOL_UNKNOWN; - + if(a != NDPI_PROTOCOL_UNKNOWN) { int i; for(i=0; (i<sizeof(flow->host_server_name)) && (flow->host_server_name[i] != '\0'); i++) flow->host_server_name[i] = tolower(flow->host_server_name[i]); - + flow->host_server_name[i] ='\0'; } ret_protocols: if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; - + if(ret.protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; } else ret.protocol = flow->detected_protocol_stack[0]; - if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) - && flow->packet.iph - && (!flow->host_already_guessed)) { - - if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, - (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) { - flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + return(ret); +} + +/* ********************************************************************************* */ + +ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + if(flow->http_detected) + ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_UNKNOWN); + else { + flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; + + if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0]) + flow->detected_protocol_stack[1] = NDPI_PROTOCOL_UNKNOWN; } - - flow->host_already_guessed = 1; } - if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) - ret.protocol = flow->guessed_host_proto_id; - + ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; return(ret); } @@ -3288,6 +3289,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int8_t protocol; u_int32_t saddr, daddr; + flow->protocol_id_already_guessed = 1; + #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(flow->packet.iphv6 != NULL) { protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, saddr = 0, daddr = 0; @@ -3304,11 +3307,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else sport = dport = 0; flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport); - flow->protocol_id_already_guessed = 1; - if((protocol != IPPROTO_TCP) && (protocol != IPPROTO_UDP)) { - flow->detected_protocol_stack[0] = flow->guessed_protocol_id; - goto ret_protocols; + if(flow->packet.iph) { + if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); } } @@ -3336,20 +3338,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } else ret.protocol = flow->detected_protocol_stack[0]; - if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) - && flow->packet.iph - && (!flow->host_already_guessed)) { - - if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) { - flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); - } - - flow->host_already_guessed = 1; - } - - if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) - ret.protocol = flow->guessed_host_proto_id; - return(ret); } @@ -4347,7 +4335,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str strncpy(m, string_to_match, len); m[len] = '\0'; - printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", + printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); } #endif |