From 91bb77a8806ee2987e856f66674cf3aa8b1d60db Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Wed, 22 Dec 2021 19:54:06 +0100 Subject: A final(?) effort to reduce memory usage per flow (#1389) Remove some unused fields and re-organize other ones. In particular: * Update the parameters of `ndpi_ssl_version2str()` function * Zattoo, Thunder: these timestamps aren't really used. * Ftp/mail: these protocols are dissected only over TCP. * Attention must be paid to TLS.Bittorrent flows to avoid invalid read/write to `flow->protos.bittorrent.hash` field. This is the last(?) commit of a long series (see 22241a1d, 227e586e, 730c2360, a8ffcd8b) aiming to reduce library memory consumption. Before, at nDPI 4.0 (more precisly, at a6b10cf7, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 231.71 KB Flow Memory (per flow): 1008 B <--------- ``` i.e. memory usage per flow has been reduced by 66%, dropping below the psychological threshold of 1 KB. To further reduce this value, we probably need to look into #1279: let's fight this battle another day. --- example/ndpiReader.c | 5 +++-- example/ndpiSimpleIntegration.c | 6 ++++-- example/reader_util.c | 11 ++++++----- 3 files changed, 13 insertions(+), 9 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 641575c12..abe12b5ec 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1221,6 +1221,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa FILE *out = results_file ? results_file : stdout; u_int8_t known_tls; char buf[32], buf1[64]; + char buf_ver[16]; u_int i; double dos_ge_score; @@ -1315,7 +1316,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa (flow->ssh_tls.server_info[0] != '\0') ? flow->ssh_tls.server_info : ""); fprintf(csv_fp, "%s,%s,%s,%s,%s,", - (flow->ssh_tls.ssl_version != 0) ? ndpi_ssl_version2str(flow->ndpi_flow, flow->ssh_tls.ssl_version, &known_tls) : "0", + (flow->ssh_tls.ssl_version != 0) ? ndpi_ssl_version2str(buf_ver, sizeof(buf_ver), flow->ssh_tls.ssl_version, &known_tls) : "0", (flow->ssh_tls.ja3_client[0] != '\0') ? flow->ssh_tls.ja3_client : "", (flow->ssh_tls.ja3_client[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.client_unsafe_cipher) : "0", (flow->ssh_tls.ja3_server[0] != '\0') ? flow->ssh_tls.ja3_server : "", @@ -1481,7 +1482,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "[Risk Score: %u]", ndpi_risk2score(flow->risk, &cli_score, &srv_score)); } - if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ndpi_flow, flow->ssh_tls.ssl_version, &known_tls)); + if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(buf_ver, sizeof(buf_ver), flow->ssh_tls.ssl_version, &known_tls)); if(flow->ssh_tls.client_hassh[0] != '\0') fprintf(out, "[HASSH-C: %s]", flow->ssh_tls.client_hassh); diff --git a/example/ndpiSimpleIntegration.c b/example/ndpiSimpleIntegration.c index 3a63f7ba4..e007e9775 100644 --- a/example/ndpiSimpleIntegration.c +++ b/example/ndpiSimpleIntegration.c @@ -917,11 +917,12 @@ static void ndpi_process_packet(uint8_t * const args, flow_to_process->ndpi_flow->protos.tls_quic.hello_processed != 0) { uint8_t unknown_tls_version = 0; + char buf_ver[16]; printf("[%8llu, %d, %4d][TLS-CLIENT-HELLO] version: %s | sni: %s | alpn: %s\n", workflow->packets_captured, reader_thread->array_index, flow_to_process->flow_id, - ndpi_ssl_version2str(flow_to_process->ndpi_flow, + ndpi_ssl_version2str(buf_ver, sizeof(buf_ver), flow_to_process->ndpi_flow->protos.tls_quic.ssl_version, &unknown_tls_version), flow_to_process->ndpi_flow->host_server_name, @@ -933,12 +934,13 @@ static void ndpi_process_packet(uint8_t * const args, flow_to_process->ndpi_flow->l4.tcp.tls.certificate_processed != 0) { uint8_t unknown_tls_version = 0; + char buf_ver[16]; printf("[%8llu, %d, %4d][TLS-SERVER-HELLO] version: %s | common-name(s): %.*s | " "issuer: %s | subject: %s\n", workflow->packets_captured, reader_thread->array_index, flow_to_process->flow_id, - ndpi_ssl_version2str(flow_to_process->ndpi_flow, + ndpi_ssl_version2str(buf_ver, sizeof(buf_ver), flow_to_process->ndpi_flow->protos.tls_quic.ssl_version, &unknown_tls_version), (flow_to_process->ndpi_flow->protos.tls_quic.server_names_len == 0 ? diff --git a/example/reader_util.c b/example/reader_util.c index d5638d183..de8192845 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1078,7 +1078,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->dhcp_fingerprint = ndpi_strdup(flow->ndpi_flow->protos.dhcp.fingerprint); if(flow->ndpi_flow->protos.dhcp.class_ident[0] != '\0') flow->dhcp_class_ident = ndpi_strdup(flow->ndpi_flow->protos.dhcp.class_ident); - } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_BITTORRENT)) { + } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_BITTORRENT) && + !is_ndpi_proto(flow, NDPI_PROTOCOL_TLS)) { u_int j; if(flow->ndpi_flow->protos.bittorrent.hash[0] != '\0') { @@ -1116,11 +1117,11 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl || /* IMAP */ is_ndpi_proto(flow, NDPI_PROTOCOL_MAIL_IMAP) || /* POP */ is_ndpi_proto(flow, NDPI_PROTOCOL_MAIL_POP) || /* SMTP */ is_ndpi_proto(flow, NDPI_PROTOCOL_MAIL_SMTP)) { - if(flow->ndpi_flow->ftp_imap_pop_smtp.username[0] != '\0') + if(flow->ndpi_flow->l4.tcp.ftp_imap_pop_smtp.username[0] != '\0') snprintf(flow->info, sizeof(flow->info), "User: %s][Pwd: %s%s", - flow->ndpi_flow->ftp_imap_pop_smtp.username, - flow->ndpi_flow->ftp_imap_pop_smtp.password, - flow->ndpi_flow->ftp_imap_pop_smtp.auth_failed ? "][Auth Failed" : ""); + flow->ndpi_flow->l4.tcp.ftp_imap_pop_smtp.username, + flow->ndpi_flow->l4.tcp.ftp_imap_pop_smtp.password, + flow->ndpi_flow->l4.tcp.ftp_imap_pop_smtp.auth_failed ? "][Auth Failed" : ""); } /* KERBEROS */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_KERBEROS)) { -- cgit v1.2.3