From ad6bfbad4d0b8ae6c0c6b2d58c68eee542110e8a Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Sun, 18 Dec 2022 09:10:57 +0100 Subject: Add protocol disabling feature (#1808) The application may enable only some protocols. Disabling a protocol means: *) don't register/use the protocol dissector code (if any) *) disable classification by-port for such a protocol *) disable string matchings for domains/certificates involving this protocol *) disable subprotocol registration (if any) This feature can be tested with `ndpiReader -B list_of_protocols_to_disable`. Custom protocols are always enabled. Technically speaking, this commit doesn't introduce any API/ABI incompatibility. However, calling `ndpi_set_protocol_detection_bitmask2()` is now mandatory, just after having called `ndpi_init_detection_module()`. Most of the diffs (and all the diffs in `/src/lib/protocols/`) are due to the removing of some function parameters. Fix the low level macro `NDPI_LOG`. This issue hasn't been detected sooner simply because almost all the code uses only the helpers `NDPI_LOG_*` --- src/lib/protocols/non_tcp_udp.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'src/lib/protocols/non_tcp_udp.c') diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index f219ccb3e..44ae5ac01 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -100,13 +100,13 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct } -void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id) { /* always add non tcp/udp if one protocol is compiled in */ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_PROTOCOL_UNKNOWN); - ndpi_set_bitmask_protocol_detection("IPSec", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IPSec", ndpi_struct, *id, NDPI_PROTOCOL_IPSEC, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -114,7 +114,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, *id, NDPI_PROTOCOL_IP_GRE, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -122,7 +122,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, *id, NDPI_PROTOCOL_IP_ICMP, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -130,7 +130,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, *id, NDPI_PROTOCOL_IP_IGMP, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -138,7 +138,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, *id, NDPI_PROTOCOL_IP_EGP, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -146,7 +146,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, *id, NDPI_PROTOCOL_IP_SCTP, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -154,7 +154,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_PGM", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_PGM", ndpi_struct, *id, NDPI_PROTOCOL_IP_PGM, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -162,7 +162,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, *id, NDPI_PROTOCOL_IP_OSPF, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -170,7 +170,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, *id, NDPI_PROTOCOL_IP_IP_IN_IP, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -178,7 +178,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, *id, NDPI_PROTOCOL_IP_ICMPV6, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, @@ -186,7 +186,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; - ndpi_set_bitmask_protocol_detection("IP_PIM", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection("IP_PIM", ndpi_struct, *id, NDPI_PROTOCOL_IP_PIM, ndpi_search_in_non_tcp_udp, NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6, -- cgit v1.2.3