From 91bb77a8806ee2987e856f66674cf3aa8b1d60db Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Wed, 22 Dec 2021 19:54:06 +0100 Subject: A final(?) effort to reduce memory usage per flow (#1389) Remove some unused fields and re-organize other ones. In particular: * Update the parameters of `ndpi_ssl_version2str()` function * Zattoo, Thunder: these timestamps aren't really used. * Ftp/mail: these protocols are dissected only over TCP. * Attention must be paid to TLS.Bittorrent flows to avoid invalid read/write to `flow->protos.bittorrent.hash` field. This is the last(?) commit of a long series (see 22241a1d, 227e586e, 730c2360, a8ffcd8b) aiming to reduce library memory consumption. Before, at nDPI 4.0 (more precisly, at a6b10cf7, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 231.71 KB Flow Memory (per flow): 1008 B <--------- ``` i.e. memory usage per flow has been reduced by 66%, dropping below the psychological threshold of 1 KB. To further reduce this value, we probably need to look into #1279: let's fight this battle another day. --- src/lib/protocols/ftp_control.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'src/lib/protocols/ftp_control.c') diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 2b6f1396f..81e475041 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -50,23 +50,23 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n #endif if(ndpi_match_strprefix(payload, payload_len, "USER")) { - ndpi_user_pwd_payload_copy((u_int8_t*)flow->ftp_imap_pop_smtp.username, - sizeof(flow->ftp_imap_pop_smtp.username), 5, + ndpi_user_pwd_payload_copy((u_int8_t*)flow->l4.tcp.ftp_imap_pop_smtp.username, + sizeof(flow->l4.tcp.ftp_imap_pop_smtp.username), 5, payload, payload_len); ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS); return 1; } if(ndpi_match_strprefix(payload, payload_len, "PASS")) { - ndpi_user_pwd_payload_copy((u_int8_t*)flow->ftp_imap_pop_smtp.password, - sizeof(flow->ftp_imap_pop_smtp.password), 5, + ndpi_user_pwd_payload_copy((u_int8_t*)flow->l4.tcp.ftp_imap_pop_smtp.password, + sizeof(flow->l4.tcp.ftp_imap_pop_smtp.password), 5, payload, payload_len); return 1; } if(ndpi_match_strprefix(payload, payload_len, "AUTH") || ndpi_match_strprefix(payload, payload_len, "auth")) { - flow->ftp_imap_pop_smtp.auth_found = 1; + flow->l4.tcp.ftp_imap_pop_smtp.auth_found = 1; return 1; } /* ***************************************************** */ @@ -562,14 +562,14 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow, case '2': case '3': case '6': - if(flow->ftp_imap_pop_smtp.auth_found == 1) - flow->ftp_imap_pop_smtp.auth_tls = 1; + if(flow->l4.tcp.ftp_imap_pop_smtp.auth_found == 1) + flow->l4.tcp.ftp_imap_pop_smtp.auth_tls = 1; return(1); break; case '4': case '5': - flow->ftp_imap_pop_smtp.auth_failed = 1; + flow->l4.tcp.ftp_imap_pop_smtp.auth_failed = 1; return(1); break; } @@ -632,11 +632,11 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str #ifdef FTP_DEBUG printf("%s() [user: %s][pwd: %s]\n", __FUNCTION__, - flow->ftp_imap_pop_smtp.username, flow->ftp_imap_pop_smtp.password); + flow->l4.tcp.ftp_imap_pop_smtp.username, flow->l4.tcp.ftp_imap_pop_smtp.password); #endif - if(flow->ftp_imap_pop_smtp.password[0] == '\0' && - flow->ftp_imap_pop_smtp.auth_tls == 0) /* TODO: any values on dissecting TLS handshake? */ + if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' && + flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) /* TODO: any values on dissecting TLS handshake? */ flow->ftp_control_stage = 0; else ndpi_int_ftp_control_add_connection(ndpi_struct, flow); -- cgit v1.2.3