From 99d7066ea07d21bc282593c09fb6c306c67e09e3 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 9 May 2023 19:36:02 +0200
Subject: Remove special handling of some TCP flows without SYN (#1965)

This piece of code has multiple problems:
* nDPI is able to detect some TCP protocols even with mid-flows (i.e.
without the initial packets of the session); TLS is the most
significative example
* since e6b332aa4a1399e33df68998cf8351bccaee3fc4 it is perfectly valid
to not pass the TCP Handshake packets to nDPI
* in any case, we shouldn't call `ndpi_detection_giveup()`. That
function is usually called by the application and we end up calling it
twice in some cases.

The simple solution is to completely remove that code: process these
kinds of flows like everyone else.

Note that the application can always avoid to pass to nDPI any TCP flows
without the initial handshake; the flow managemnt is always up to the
application.

Looking at the CI results, some rare flows are now processed significantly
longer. As a follow-up we could look into that.
---
 src/lib/ndpi_main.c | 17 -----------------
 1 file changed, 17 deletions(-)

(limited to 'src/lib/ndpi_main.c')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index e3eb4a8c2..4f481a747 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6845,23 +6845,6 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
   else
     ret.category = flow->category;
 
-  if((flow->num_processed_pkts == 1) /* first packet of this flow to be analyzed */
-     && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN)
-     && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && packet->tcp && (packet->tcp->syn == 0)
-     && (flow->guessed_protocol_id == 0)) {
-    u_int8_t protocol_was_guessed;
-
-    /*
-      This is a TCP flow
-      - whose first packet is NOT a SYN
-      - no protocol has been detected
-
-      We don't see how future packets can match anything
-      hence we giveup here
-    */
-    ret = ndpi_detection_giveup(ndpi_str, flow, 0, &protocol_was_guessed);
-  }
-
   if((!flow->risk_checked)
      && ((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN))
      ) {
-- 
cgit v1.2.3