From 4e186f6bfbd734bf44124e6e0f710a3a0372c92c Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 16 May 2023 16:01:55 +0200
Subject: HTTP: rework state machine (#1966)

The goal if to correlate the right request-response pair, exporting
metadata from only one transaction (for example, the right url & return
state pair)

As a nice side effect, the code should be much cleaner, but that is a
matter of taste.

Two differences respect to the previous code:
* as it happens in the CI, if in the flow there are only one response
(before) and one request (after), only the metadata of the response are
saved/exported
* for performance reasons, we don't call `ndpi_parse_packet_line_info()`
anymore for ALL packets triggering the HTTP dissector, but only for the
packets that we already know belong to an HTTP flow. This is the reason
for the changes in RTSP/SOAP/... code
---
 src/lib/protocols/gnutella.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/lib/protocols/gnutella.c')

diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c
index 13b8d99c7..09190b53b 100644
--- a/src/lib/protocols/gnutella.c
+++ b/src/lib/protocols/gnutella.c
@@ -59,6 +59,10 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc
     /* this case works asymmetrically */
     if (packet->payload_packet_len > 17 && memcmp(packet->payload, "GNUTELLA CONNECT/", 17) == 0) {
       ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI);
+      /* Extract some metadata HTTP-like */
+      ndpi_parse_packet_line_info(ndpi_struct, flow);
+      if(packet->user_agent_line.ptr != NULL)
+        ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len);
       return;
     }
 
@@ -73,6 +77,9 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc
 	    || (packet->line[c].len > 36 && memcmp(packet->line[c].ptr,
 						   "Content-Type: application/x-gnutella-", 37) == 0)) {
 	  ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI);
+	  /* Extract some metadata HTTP-like */
+	  if(packet->user_agent_line.ptr != NULL)
+	    ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len);
 	  return;
 	}
       }
@@ -84,6 +91,9 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc
 	  || (packet->accept_line.ptr != NULL && packet->accept_line.len > 24
 	      && memcmp(packet->accept_line.ptr, "application n/x-gnutella", 24) == 0)) {
 	ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI);
+	/* Extract some metadata HTTP-like */
+	if(packet->user_agent_line.ptr != NULL)
+	  ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len);
       }
 
     }
-- 
cgit v1.2.3