diff options
-rw-r--r-- | src/include/ndpi_api.h | 23 | ||||
-rw-r--r-- | src/include/ndpi_define.h.in | 4 | ||||
-rw-r--r-- | src/include/ndpi_private.h | 11 | ||||
-rw-r--r-- | src/include/ndpi_typedefs.h | 17 | ||||
-rw-r--r-- | src/lib/ndpi_main.c | 88 | ||||
-rw-r--r-- | windows/src/ndpi_define.h | 4 |
6 files changed, 79 insertions, 68 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 60d0ea3e3..c06319aef 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -273,29 +273,6 @@ extern "C" { void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct); /** - * Sets a single protocol bitmask - * This function does not increment the index of the callback_buffer - * - * @par label = string for the protocol name - * @par ndpi_struct = the detection module - * @par idx = the index of the callback_buffer - * @par func = function pointer of the protocol search - * @par ndpi_selection_bitmask = the protocol selected bitmask - * @par b_save_bitmask_unknow = if set as "true" save the detection bitmask as unknow - * @par b_add_detection_bitmask = if set as "true" add the protocol bitmask to the detection bitmask - * - */ - void ndpi_set_bitmask_protocol_detection(char *label, - struct ndpi_detection_module_struct *ndpi_struct, - const u_int32_t idx, - u_int16_t ndpi_protocol_id, - void (*func) (struct ndpi_detection_module_struct *, - struct ndpi_flow_struct *flow), - const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, - u_int8_t b_save_bitmask_unknow, - u_int8_t b_add_detection_bitmask); - - /** * Sets the protocol bitmask2 * * @par ndpi_struct = the detection module diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 66ef9a5d4..be439cbc3 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -139,6 +139,10 @@ #define NDPI_ISSET_BIT(num, n) (num & (1ULL << ( n ))) #define NDPI_ZERO_BIT(num) num = 0 +#define NDPI_DISSECTOR_BITMASK ndpi_dissector_bitmask_struct_t +#define NDPI_DISSECTOR_BITMASK_IS_SET(p, n) NDPI_ISSET(&(p), (n)) +#define NDPI_DISSECTOR_BITMASK_SET(p, n) NDPI_SET(&(p), (n) & NDPI_NUM_BITS_MASK) + /* this is a very very tricky macro *g*, * the compiler will remove all shifts here if the protocol is static... */ diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index a1d8179d1..df14bd8e9 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -58,7 +58,6 @@ struct call_function_struct { void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask; u_int16_t ndpi_protocol_id; - u_int8_t detection_feature; }; struct subprotocol_conf_struct { @@ -608,6 +607,16 @@ struct ndpi_detection_module_struct { /* Generic */ +void ndpi_set_bitmask_protocol_detection(char *label, + struct ndpi_detection_module_struct *ndpi_struct, + const u_int32_t idx, + u_int16_t ndpi_protocol_id, + void (*func) (struct ndpi_detection_module_struct *, + struct ndpi_flow_struct *flow), + const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, + u_int8_t b_save_bitmask_unknow, + u_int8_t b_add_detection_bitmask); + char *strptime(const char *s, const char *format, struct tm *tm); u_int8_t iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3d40a15a9..6abe3b713 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -272,6 +272,18 @@ typedef struct ndpi_protocol_bitmask_struct { ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; } ndpi_protocol_bitmask_struct_t; + +#define NDPI_MAX_NUM_DISSECTORS 288 /* Multiple of 32, i.e. 8 * sizeof(ndpi_ndpi_mask) */ +#ifdef NDPI_CFFI_PREPROCESSING +#undef NDPI_NUM_FDS_BITS +#define NDPI_NUM_FDS_BITS_DISSECTORS 9 +#else +#define NDPI_NUM_FDS_BITS_DISSECTORS NDPI_MAX_NUM_DISSECTORS / (8 * sizeof(ndpi_ndpi_mask)) +#endif +typedef struct ndpi_dissector_bitmask_struct { + ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS_DISSECTORS]; +} ndpi_dissector_bitmask_struct_t; + struct ndpi_detection_module_struct; /* NDPI_DEBUG_FUNCTION_PTR (cast) */ @@ -1191,7 +1203,7 @@ typedef struct ndpi_proto_defaults { u_int8_t isClearTextProto:1, isAppProtocol:1, _notused:6; u_int16_t *subprotocols; u_int32_t subprotocol_count; - u_int16_t protoId, protoIdx; + u_int16_t protoId, dissector_idx; u_int16_t tcp_default_ports[MAX_DEFAULT_PORTS], udp_default_ports[MAX_DEFAULT_PORTS]; ndpi_protocol_breed_t protoBreed; ndpi_protocol_qoe_category_t qoeCategory; @@ -1630,8 +1642,7 @@ struct ndpi_flow_struct { /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */ struct ndpi_metadata_monitoring *monit; - /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */ - NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; + NDPI_DISSECTOR_BITMASK excluded_dissectors_bitmask; /* NDPI_PROTOCOL_BITTORRENT */ u_int8_t bittorrent_stage; // can be 0 - 255 diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6f1cc2909..84083b243 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -526,7 +526,7 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_str, struct (void)_func; (void)_line; #endif - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); + NDPI_DISSECTOR_BITMASK_SET(flow->excluded_dissectors_bitmask, ndpi_str->proto_defaults[protocol_id].dissector_idx); } } @@ -5733,7 +5733,6 @@ int load_protocols_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE * /* ******************************************************************** */ -/* ntop */ void ndpi_set_bitmask_protocol_detection(char *label, struct ndpi_detection_module_struct *ndpi_str, const u_int32_t idx, u_int16_t ndpi_protocol_id, @@ -5742,9 +5741,20 @@ void ndpi_set_bitmask_protocol_detection(char *label, struct ndpi_detection_modu const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, u_int8_t b_save_bitmask_unknow, u_int8_t b_add_detection_bitmask) { (void)label; - /* - Compare specify protocol bitmask with main detection bitmask - */ + + + if(idx >= NDPI_MAX_NUM_DISSECTORS) { + /* + * You need to increase NDPI_MAX_NUM_DISSECTORS define and recompile everything! + * Please note that custom protocols are independent from NDPI_MAX_NUM_DISSECTORS, so + * if you hit this error is because you are already changing the code + * (adding a new dissector)... + */ + NDPI_LOG_ERR(ndpi_str, "[NDPI] Internal Error. Too many dissectors!!\n"); + /* Not sure what to do here...*/ + return; + } + if(is_proto_enabled(ndpi_str, ndpi_protocol_id)) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES NDPI_LOG_DBG2(ndpi_str, @@ -5753,7 +5763,7 @@ void ndpi_set_bitmask_protocol_detection(char *label, struct ndpi_detection_modu label, idx, ndpi_protocol_id); #endif - if(ndpi_str->proto_defaults[ndpi_protocol_id].protoIdx != 0) { + if(ndpi_str->proto_defaults[ndpi_protocol_id].dissector_idx != 0) { NDPI_LOG_DBG2(ndpi_str, "[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id); #ifdef NDPI_ENABLE_DEBUG_MESSAGES @@ -5766,7 +5776,7 @@ void ndpi_set_bitmask_protocol_detection(char *label, struct ndpi_detection_modu Set function and index protocol within proto_default structure for port protocol detection and callback_buffer function for DPI protocol detection */ - ndpi_str->proto_defaults[ndpi_protocol_id].protoIdx = idx; + ndpi_str->proto_defaults[ndpi_protocol_id].dissector_idx = idx; ndpi_str->proto_defaults[ndpi_protocol_id].func = ndpi_str->callback_buffer[idx].func = func; ndpi_str->callback_buffer[idx].ndpi_protocol_id = ndpi_protocol_id; @@ -6588,8 +6598,12 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { ndpi_enabled_callbacks_init(ndpi_str,detection_bitmask,0); - /* When the module ends, it is necessary to free the memory ndpi_str->callback_buffer and - ndpi_str->callback_buffer_tcp_payload */ + NDPI_LOG_DBG(ndpi_str, "Tot num dissectors: %d (TCP: %d, TCP_NO_PAYLOAD: %d, UDP: %d, NO_TCP_UDP: %d\n", + ndpi_str->callback_buffer_size, + ndpi_str->callback_buffer_size_tcp_payload, + ndpi_str->callback_buffer_size_tcp_no_payload, + ndpi_str->callback_buffer_size_udp, + ndpi_str->callback_buffer_size_non_tcp_udp); return 0; } @@ -7666,12 +7680,11 @@ static u_int32_t check_ndpi_subprotocols(struct ndpi_detection_module_struct * c continue; } - u_int16_t subproto_index = ndpi_str->proto_defaults[subproto_id].protoIdx; + u_int16_t subproto_index = ndpi_str->proto_defaults[subproto_id].dissector_idx; if((ndpi_str->callback_buffer[subproto_index].ndpi_selection_bitmask & ndpi_selection_packet) == ndpi_str->callback_buffer[subproto_index].ndpi_selection_bitmask && - NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_str->callback_buffer[subproto_index].excluded_protocol_bitmask) == 0 && + !NDPI_DISSECTOR_BITMASK_IS_SET(flow->excluded_dissectors_bitmask, subproto_index) && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[subproto_index].detection_bitmask, detection_bitmask) != 0) { ndpi_str->callback_buffer[subproto_index].func(ndpi_str, flow); @@ -7688,49 +7701,42 @@ static u_int32_t check_ndpi_detection_func(struct ndpi_detection_module_struct * struct ndpi_flow_struct * const flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE const ndpi_selection_packet, struct call_function_struct const * const callback_buffer, - uint32_t callback_buffer_size, - int is_tcp_without_payload) { + uint32_t callback_buffer_size) { void *func = NULL; u_int32_t num_calls = 0; /* First callback is associated to classification by-port, if we don't already have a partial classification */ u_int16_t fast_callback_protocol_id = flow->fast_callback_protocol_id ? flow->fast_callback_protocol_id : flow->guessed_protocol_id; - u_int16_t proto_index = ndpi_str->proto_defaults[fast_callback_protocol_id].protoIdx; - u_int16_t proto_id = ndpi_str->proto_defaults[fast_callback_protocol_id].protoId; + u_int16_t dissector_idx = ndpi_str->proto_defaults[fast_callback_protocol_id].dissector_idx; + u_int16_t proto_id; NDPI_PROTOCOL_BITMASK detection_bitmask; u_int32_t a; NDPI_SAVE_AS_BITMASK(detection_bitmask, flow->detected_protocol_stack[0]); - if((proto_id != NDPI_PROTOCOL_UNKNOWN) && - NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_str->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 && - NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[proto_index].detection_bitmask, detection_bitmask) != 0 && - (ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask & ndpi_selection_packet) == - ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask) - { - if((fast_callback_protocol_id != NDPI_PROTOCOL_UNKNOWN) && - (ndpi_str->proto_defaults[fast_callback_protocol_id].func != NULL) && - (is_tcp_without_payload == 0 || - ((ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask & - NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) == 0))) - { - ndpi_str->proto_defaults[fast_callback_protocol_id].func(ndpi_str, flow); - func = ndpi_str->proto_defaults[fast_callback_protocol_id].func; - num_calls++; - } - } + if(fast_callback_protocol_id != NDPI_PROTOCOL_UNKNOWN && + ndpi_str->proto_defaults[fast_callback_protocol_id].func && + !NDPI_DISSECTOR_BITMASK_IS_SET(flow->excluded_dissectors_bitmask, dissector_idx) && + (ndpi_str->callback_buffer[dissector_idx].ndpi_selection_bitmask & ndpi_selection_packet) == + ndpi_str->callback_buffer[dissector_idx].ndpi_selection_bitmask && + NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[dissector_idx].detection_bitmask, detection_bitmask) != 0) { + ndpi_str->proto_defaults[fast_callback_protocol_id].func(ndpi_str, flow); + func = ndpi_str->proto_defaults[fast_callback_protocol_id].func; + num_calls++; + } if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { /* TODO: optimize as today we're doing a linear scan */ for (a = 0; a < callback_buffer_size; a++) { + proto_id = callback_buffer[a].ndpi_protocol_id; + dissector_idx = ndpi_str->proto_defaults[proto_id].dissector_idx; + if((func != callback_buffer[a].func) && (callback_buffer[a].ndpi_selection_bitmask & ndpi_selection_packet) == callback_buffer[a].ndpi_selection_bitmask && - NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - callback_buffer[a].excluded_protocol_bitmask) == 0 && + !NDPI_DISSECTOR_BITMASK_IS_SET(flow->excluded_dissectors_bitmask, dissector_idx) && NDPI_BITMASK_COMPARE(callback_buffer[a].detection_bitmask, detection_bitmask) != 0) { @@ -7761,7 +7767,7 @@ u_int32_t check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_s { return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet, ndpi_str->callback_buffer_non_tcp_udp, - ndpi_str->callback_buffer_size_non_tcp_udp, 0); + ndpi_str->callback_buffer_size_non_tcp_udp); } /* ************************************************ */ @@ -7771,7 +7777,7 @@ static u_int32_t check_ndpi_udp_flow_func(struct ndpi_detection_module_struct *n NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet, ndpi_str->callback_buffer_udp, - ndpi_str->callback_buffer_size_udp, 0); + ndpi_str->callback_buffer_size_udp); } /* ************************************************ */ @@ -7783,12 +7789,12 @@ static u_int32_t check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *n if(ndpi_str->packet.payload_packet_len != 0) { return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet, ndpi_str->callback_buffer_tcp_payload, - ndpi_str->callback_buffer_size_tcp_payload, 0); + ndpi_str->callback_buffer_size_tcp_payload); } else { /* no payload */ return check_ndpi_detection_func(ndpi_str, flow, *ndpi_selection_packet, ndpi_str->callback_buffer_tcp_no_payload, - ndpi_str->callback_buffer_size_tcp_no_payload, 1); + ndpi_str->callback_buffer_size_tcp_no_payload); } } @@ -10930,7 +10936,7 @@ const char *ndpi_get_l4_proto_name(ndpi_l4_proto_info proto) { ndpi_l4_proto_info ndpi_get_l4_proto_info(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t ndpi_proto_id) { if(ndpi_struct && ndpi_proto_id < ndpi_struct->ndpi_num_supported_protocols) { - u_int16_t idx = ndpi_struct->proto_defaults[ndpi_proto_id].protoIdx; + u_int16_t idx = ndpi_struct->proto_defaults[ndpi_proto_id].dissector_idx; NDPI_SELECTION_BITMASK_PROTOCOL_SIZE bm = ndpi_struct->callback_buffer[idx].ndpi_selection_bitmask; if(bm & NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) diff --git a/windows/src/ndpi_define.h b/windows/src/ndpi_define.h index dc002a5a7..b965f6282 100644 --- a/windows/src/ndpi_define.h +++ b/windows/src/ndpi_define.h @@ -138,6 +138,10 @@ #define NDPI_ISSET_BIT(num, n) (num & (1ULL << ( n ))) #define NDPI_ZERO_BIT(num) num = 0 +#define NDPI_DISSECTOR_BITMASK ndpi_dissector_bitmask_struct_t +#define NDPI_DISSECTOR_BITMASK_IS_SET(p, n) NDPI_ISSET(&(p), (n)) +#define NDPI_DISSECTOR_BITMASK_SET(p, n) NDPI_SET(&(p), (n) & NDPI_NUM_BITS_MASK) + /* this is a very very tricky macro *g*, * the compiler will remove all shifts here if the protocol is static... */ |