diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 6 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 19 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 27 |
3 files changed, 42 insertions, 10 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 434a0892a..bfbcaddc4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1370,9 +1370,13 @@ struct ndpi_flow_struct { /* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; + /* Only packets with L5 data (ie no TCP SYN, pure ACKs, ...) */ u_int16_t packet_counter; // can be 0 - 65000 u_int16_t packet_direction_counter[2]; - u_int16_t byte_counter[2]; + + /* Every packets */ + u_int16_t packet_direction_complete_counter[2]; // can be 0 - 65000 + /* NDPI_PROTOCOL_BITTORRENT */ u_int8_t bittorrent_stage; // can be 0 - 255 u_int8_t bt_check_performed : 1; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 47385de70..cde3e0b2a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -161,6 +161,9 @@ static ndpi_risk_info ndpi_known_risks[] = { /* ****************************************** */ +extern void ndpi_unset_risk(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, ndpi_risk_enum r); + /* Forward */ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -5099,28 +5102,26 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, if(flow->packet_counter < MAX_PACKET_COUNTER && packet->payload_packet_len) { flow->packet_counter++; } - if(flow->packet_direction_counter[packet->packet_direction] < MAX_PACKET_COUNTER && packet->payload_packet_len) { flow->packet_direction_counter[packet->packet_direction]++; } + if(flow->packet_direction_complete_counter[packet->packet_direction] < MAX_PACKET_COUNTER) { + flow->packet_direction_complete_counter[packet->packet_direction]++; + } + if(ndpi_is_multi_or_broadcast(packet)) ; /* multicast or broadcast */ else { - if(flow->packet_direction_counter[0] == 0) + if(flow->packet_direction_complete_counter[0] == 0) ndpi_set_risk(ndpi_str, flow, NDPI_UNIDIRECTIONAL_TRAFFIC, "No client to server traffic"); /* Should never happen */ - else if(flow->packet_direction_counter[1] == 0) + else if(flow->packet_direction_complete_counter[1] == 0) ndpi_set_risk(ndpi_str, flow, NDPI_UNIDIRECTIONAL_TRAFFIC, "No server to client traffic"); else { - flow->risk &= ~(1ULL << NDPI_UNIDIRECTIONAL_TRAFFIC); /* Clear bit */ + ndpi_unset_risk(ndpi_str, flow, NDPI_UNIDIRECTIONAL_TRAFFIC); /* Clear bit */ } } - - if(flow->byte_counter[packet->packet_direction] + packet->payload_packet_len > - flow->byte_counter[packet->packet_direction]) { - flow->byte_counter[packet->packet_direction] += packet->payload_packet_len; - } } } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index e1a088ee5..15b71caf1 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2303,6 +2303,33 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str, /* ******************************************************************** */ +void ndpi_unset_risk(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, ndpi_risk_enum r) { + if(ndpi_isset_risk(ndpi_str, flow, r)) { + u_int8_t i, j; + ndpi_risk v = 1ull << r; + + flow->risk &= ~v; + + for(i = 0; i < flow->num_risk_infos; i++) { + if(flow->risk_infos[i].id == r) { + flow->risk_infos[i].id = 0; + if(flow->risk_infos[i].info) { + ndpi_free(flow->risk_infos[i].info); + flow->risk_infos[i].info = NULL; + } + for(j = i + 1; j < flow->num_risk_infos; j++) { + flow->risk_infos[j - 1].id = flow->risk_infos[j].id; + flow->risk_infos[j - 1].info = flow->risk_infos[j].info; + } + flow->num_risk_infos--; + } + } + } +} + +/* ******************************************************************** */ + int ndpi_isset_risk(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_risk_enum r) { ndpi_risk v = 1ull << r; |