From e6b332aa4a1399e33df68998cf8351bccaee3fc4 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sun, 24 Jul 2022 17:46:24 +0200
Subject: Add support for flow client/server information (#1671)

In a lot of places in ndPI we use *packet* source/dest info
(address/port/direction) when we are interested in *flow* client/server
info, instead.

Add basic logic to autodetect this kind of information.

nDPI doesn't perform any "flow management" itself but this task is
delegated to the external application. It is then likely that the
application might provide more reliable hints about flow
client/server direction and about the TCP handshake presence: in that case,
these information might be (optionally) passed to the library, disabling
the internal "autodetect" logic.

These new fields have been used in some LRU caches and in the "guessing"
algorithm.
It is quite likely that some other code needs to be updated.
---
 python/ndpi/ndpi.py       | 5 +++--
 python/ndpi/ndpi_build.py | 3 ++-
 python/ndpi_example.py    | 6 +++---
 python/tests.py           | 4 ++--
 4 files changed, 10 insertions(+), 8 deletions(-)

(limited to 'python')

diff --git a/python/ndpi/ndpi.py b/python/ndpi/ndpi.py
index 4a7cf5f56..2d73470ad 100644
--- a/python/ndpi/ndpi.py
+++ b/python/ndpi/ndpi.py
@@ -45,12 +45,13 @@ class NDPI(object):
     def revision(self):
         return ffi.string(lib.ndpi_revision()).decode('utf-8', errors='ignore')
 
-    def process_packet(self, flow, packet, packet_time_ms):
+    def process_packet(self, flow, packet, packet_time_ms, input_info):
         p = lib.ndpi_detection_process_packet(self._detection_module,
                                               flow.C,
                                               packet,
                                               len(packet),
-                                              int(packet_time_ms))
+                                              int(packet_time_ms),
+                                              input_info)
         return ndpi_protocol(C=p,
                              master_protocol=p.master_protocol,
                              app_protocol=p.app_protocol,
diff --git a/python/ndpi/ndpi_build.py b/python/ndpi/ndpi_build.py
index 8bc412126..ba1d68a63 100644
--- a/python/ndpi/ndpi_build.py
+++ b/python/ndpi/ndpi_build.py
@@ -56,7 +56,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
                                             struct ndpi_flow_struct *flow,
                                             const unsigned char *packet,
                                             const unsigned short packetlen,
-                                            const u_int64_t packet_time_ms);
+                                            const u_int64_t packet_time_ms,
+                                            const struct ndpi_flow_input_info *input_info);
 ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct,
                                     struct ndpi_flow_struct *flow,
                                     u_int8_t enable_guess,
diff --git a/python/ndpi_example.py b/python/ndpi_example.py
index 8606ae84b..f3f07a879 100644
--- a/python/ndpi_example.py
+++ b/python/ndpi_example.py
@@ -14,7 +14,7 @@ If not, see <http://www.gnu.org/licenses/>.
 """
 
 from collections import namedtuple
-from ndpi import NDPI, NDPIFlow
+from ndpi import NDPI, NDPIFlow, ffi
 import argparse
 import socket
 import dpkt
@@ -131,7 +131,7 @@ if __name__ == "__main__":
                 key = ppkt_to_flow_key(ppkt)
                 try:  # Try a Flow update
                     flow = flow_cache[key]
-                    flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms)
+                    flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms, ffi.NULL)
                     flow.pkts += 1
                     flow.bytes += len(packet)
                 except KeyError:  # New Flow
@@ -139,7 +139,7 @@ if __name__ == "__main__":
                     flow.index = flow_count
                     flow_count += 1
                     flow.ndpi_flow = NDPIFlow()  # We create an nDPIFlow object per Flow
-                    flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms)
+                    flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms, ffi.NULL)
                     flow.pkts += 1
                     flow.bytes += len(packet)
                     flow_cache[key] = flow
diff --git a/python/tests.py b/python/tests.py
index ebb4abbb9..34e1675ad 100644
--- a/python/tests.py
+++ b/python/tests.py
@@ -13,7 +13,7 @@ If not, see <http://www.gnu.org/licenses/>.
 ------------------------------------------------------------------------------------------------------------------------
 """
 
-from ndpi import NDPI, NDPIFlow
+from ndpi import NDPI, NDPIFlow, ffi
 import time
 
 
@@ -21,7 +21,7 @@ if __name__ == '__main__':
     try:
         nDPI = NDPI()
         ndpi_flow = NDPIFlow()
-        nDPI.process_packet(ndpi_flow, b'', time.time())
+        nDPI.process_packet(ndpi_flow, b'', time.time(), ffi.NULL)
         nDPI.giveup(ndpi_flow)
         print("nDPI Python bindings: OK")
     except Exception:
-- 
cgit v1.2.3