diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 12 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/kerberos.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_pop.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/snmp_proto.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/softether.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/ssh.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/telnet.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 6 |
12 files changed, 8 insertions, 31 deletions
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index b5ea1d1e6..e2ad3d2b4 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -113,9 +113,6 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc confidence); if(flow->protos.bittorrent.hash[0] == '\0') { - /* This is necessary to inform the core to call this dissector again */ - flow->check_extra_packets = 1; - /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */ flow->max_extra_packets_to_check = 3; flow->extra_packets_func = search_bittorrent_again; diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 4589af3a0..ecf283a77 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -553,12 +553,12 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st /* In this case we say that the protocol has been detected just to let apps carry on with their activities */ ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol, NDPI_CONFIDENCE_DPI); - /* This is necessary to inform the core to call this dissector again */ - flow->check_extra_packets = 1; - - /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */ - flow->max_extra_packets_to_check = 5; - flow->extra_packets_func = search_dns_again; + /* We have never triggered extra-dissection for LLMNR. Keep the old behaviour */ + if(ret.master_protocol != NDPI_PROTOCOL_LLMNR) { + /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */ + flow->max_extra_packets_to_check = 5; + flow->extra_packets_func = search_dns_again; + } return; /* The response will set the verdict */ } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index a403118f2..cf3e364be 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -369,8 +369,6 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd master_protocol, NDPI_CONFIDENCE_DPI); - /* This is necessary to inform the core to call this dissector again */ - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 8; flow->extra_packets_func = ndpi_search_http_tcp_again; flow->http_detected = 1; diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 92ee7defe..e7063d010 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -568,7 +568,6 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, #ifdef KERBEROS_DEBUG printf("[Kerberos] Setting extra func from AS-REQ\n"); #endif - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 5; /* Reply may be split into multiple segments */ flow->extra_packets_func = ndpi_search_kerberos_extra; } else if(msg_type == 0x0e) /* AS-REQ */ { @@ -624,7 +623,6 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, printf("[Kerberos] Setting extra func from TGS-REQ\n"); #endif if(!packet->udp) { - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 5; /* Reply may be split into multiple segments */ flow->extra_packets_func = ndpi_search_kerberos_extra; } diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index e061e2cc8..f0a1731b3 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -244,7 +244,6 @@ static void popInitExtraPacketProcessing(struct ndpi_flow_struct *flow) { printf("**** %s()\n", __FUNCTION__); #endif - flow->check_extra_packets = 1; /* At most 7 packets should almost always be enough */ flow->max_extra_packets_to_check = 7; flow->extra_packets_func = ndpi_extra_search_mail_pop_tcp; diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 1bb6068a4..31f07c1c0 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -396,7 +396,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, return; } - if((!flow->check_extra_packets) || (flow->packet_counter > 12)) + if((!flow->extra_packets_func) || (flow->packet_counter > 12)) NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -461,7 +461,6 @@ static void smtpInitExtraPacketProcessing(struct ndpi_flow_struct *flow) { printf("**** %s(%u)\n", __FUNCTION__, ++num); #endif - flow->check_extra_packets = 1; /* At most 12 packets should almost always be enough */ flow->max_extra_packets_to_check = 12; flow->extra_packets_func = ndpi_extra_search_mail_smtp_tcp; diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index aafeb3397..530ba27b2 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1696,7 +1696,6 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, * 7) We need to process other packets than (the first) ClientHello/CHLO? */ if(eval_extra_processing(ndpi_struct, flow, version)) { - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 24; /* TODO */ flow->extra_packets_func = ndpi_search_quic_extra; } else if(!crypto_data) { diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index 21ae03fba..010d79521 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -90,8 +90,6 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, (offset + 2 < packet->payload_packet_len)) { if(flow->extra_packets_func == NULL) { - /* This is necessary to inform the core to call this dissector again */ - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 8; flow->extra_packets_func = ndpi_search_snmp_again; } diff --git a/src/lib/protocols/softether.c b/src/lib/protocols/softether.c index 10db4be2a..4f62f1c4a 100644 --- a/src/lib/protocols/softether.c +++ b/src/lib/protocols/softether.c @@ -59,7 +59,6 @@ static void ndpi_int_softether_add_connection(struct ndpi_detection_module_struc struct ndpi_flow_struct * const flow) { NDPI_LOG_INFO(ndpi_struct, "found softether\n"); - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 15; flow->extra_packets_func = ndpi_search_softether_again; @@ -330,8 +329,6 @@ static int ndpi_search_softether_again(struct ndpi_detection_module_struct *ndpi && (flow->protos.softether.port[0] != '\0') && (flow->protos.softether.hostname[0] != '\0') && (flow->protos.softether.fqdn[0] != '\0')) { - flow->check_extra_packets = 0; - flow->max_extra_packets_to_check = 0; flow->extra_packets_func = NULL; return 0; diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 16b9ffe58..36e950ce1 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -211,8 +211,6 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; - /* This is necessary to inform the core to call this dissector again */ - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 12; flow->extra_packets_func = search_ssh_again; diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index d3ec02958..ed0808596 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -132,8 +132,6 @@ static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_TELNET; - /* This is necessary to inform the core to call this dissector again */ - flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 64; flow->extra_packets_func = search_telnet_again; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 6821064f3..53245a21e 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1094,7 +1094,6 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS_BLOCKS printf("*** [TLS Block] No more blocks\n"); #endif - flow->check_extra_packets = 0; flow->extra_packets_func = NULL; return(0); /* That's all */ } else @@ -1205,7 +1204,6 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, if(no_dtls || change_cipher_found || flow->l4.tcp.tls.certificate_processed) { NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_DTLS); - flow->check_extra_packets = 0; flow->extra_packets_func = NULL; return(0); /* That's all */ } else { @@ -1219,8 +1217,6 @@ static void tlsInitExtraPacketProcessing(struct ndpi_detection_module_struct *nd struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; - flow->check_extra_packets = 1; - /* At most 12 packets should almost always be enough to find the server certificate if it's there */ flow->max_extra_packets_to_check = 12 + (ndpi_struct->num_tls_blocks_to_follow*4); flow->extra_packets_func = (packet->udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp; @@ -1277,7 +1273,7 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp if((flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) || (flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN)) { - if(!flow->check_extra_packets) + if(!flow->extra_packets_func) tlsInitExtraPacketProcessing(ndpi_struct, flow); return; } |