diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index 25f36ba056df..94ae872cea3f 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -12,6 +12,7 @@ TODO | NULL | "fully_encrypted_heuristic.enable" | 1 | NULL | NULL | Enable/disable an heuristic to detect fully encrypted sessions, i.e. flows where every bytes of the payload is encrypted in an attempt to “look like nothing”. This heuristic only analyzes the first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf | | NULL | "lru.$CACHE_NAME.size" | See description | 0 | 16777215 | Set the size (in number of elements) of the specified LRU cache (0 = the cache is disabled). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "32768" for the bittorrent cache, "512" for the zoom cache and "1024" for all the other caches | | NULL | "lru.$CACHE_NAME.ttl" | See description | 0 | 16777215 | Set the TTL (in seconds) for the elements of the specified LRU cache (0 = the elements never explicitly expire). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "120" for the ookla cache, "60" for the msteams and stun_zoom caches and "0" for all the other caches | +| NULL | "libgcrypt.init" | 1 | NULL | NULL | Enable/disable initialization of libgcrypt. When using the external libgcrypt (instead of the internal crypto code) the libgcrypt runtime must be initialized. If, for whatever reasons, the application alread does it, nDPI must be told to skip it | | NULL | "asn_lists.load" | 1 | NULL | NULL | Enable/disable loading of every IP addresses lists used for (sub)classification and based on BGP information | | NULL | "ip_lists.load" | 1 | NULL | NULL | Enable/disable loading of every IP addresses lists used for (sub)classification | | NULL | "flow_risk_lists.load" | 1 | NULL | NULL | Enable/disable loading of every IP addresses lists used to check any flow risks | diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 41c29884900d..ae81d495cb74 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -110,7 +110,6 @@ int nDPI_LogLevel = 0; char *_debug_protocols = NULL; char *_disabled_protocols = NULL; static u_int8_t stats_flag = 0; -ndpi_init_prefs init_prefs = ndpi_no_prefs; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 24 /* 8 is enough for most protocols, Signal and SnapchatCall require more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; static u_int32_t pcap_analysis_duration = (u_int32_t)-1; @@ -334,7 +333,7 @@ void ndpiCheckHostStringMatch(char *testChar) { if(!testChar) return; - ndpi_str = ndpi_init_detection_module(init_prefs); + ndpi_str = ndpi_init_detection_module(); ndpi_finalize_initialization(ndpi_str); testRes = ndpi_match_string_subprotocol(ndpi_str, @@ -377,7 +376,7 @@ static void ndpiCheckIPMatch(char *testChar) { if(!testChar) return; - ndpi_str = ndpi_init_detection_module(init_prefs); + ndpi_str = ndpi_init_detection_module(); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); @@ -602,7 +601,7 @@ static void help(u_int long_help) { max_num_reported_top_payloads, max_num_tcp_dissected_pkts, max_num_udp_dissected_pkts); NDPI_PROTOCOL_BITMASK all; - ndpi_info_mod = ndpi_init_detection_module(init_prefs); + ndpi_info_mod = ndpi_init_detection_module(); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_info_mod, &all); @@ -765,7 +764,7 @@ void extcap_config() { ndpi_proto_defaults_t *proto_defaults; #endif - ndpi_info_mod = ndpi_init_detection_module(init_prefs); + ndpi_info_mod = ndpi_init_detection_module(); #if 0 ndpi_num_supported_protocols = ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod); proto_defaults = ndpi_get_proto_defaults(ndpi_info_mod); @@ -4649,7 +4648,7 @@ static void dgaUnitTest() { }; int debug = 0, i; NDPI_PROTOCOL_BITMASK all; - struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(init_prefs); + struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(); assert(ndpi_str != NULL); @@ -5563,7 +5562,7 @@ int main(int argc, char **argv) { ac_automata_enable_debug(1); parseOptions(argc, argv); - ndpi_info_mod = ndpi_init_detection_module(init_prefs); + ndpi_info_mod = ndpi_init_detection_module(); if(ndpi_info_mod == NULL) return -1; diff --git a/example/reader_util.c b/example/reader_util.c index 47873cbe0da4..4bfac8337352 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -79,7 +79,6 @@ extern u_int8_t max_num_udp_dissected_pkts /* 24 */, max_num_tcp_dissected_pkts static u_int32_t flow_id = 0; u_int8_t enable_doh_dot_detection = 0; -extern ndpi_init_prefs init_prefs; extern int malloc_size_stats; extern struct ndpi_bin malloc_bins; @@ -410,7 +409,7 @@ int parse_proto_name_list(char *str, NDPI_PROTOCOL_BITMASK *bitmask, int inverte else op = 0; /* Default action: remove from the bitmask */ /* Use a temporary module with all protocols enabled */ - module = ndpi_init_detection_module(0); + module = ndpi_init_detection_module(); if(!module) return 1; NDPI_BITMASK_SET_ALL(all); @@ -466,7 +465,7 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref #endif /* TODO: just needed here to init ndpi ndpi_malloc wrapper */ - module = ndpi_init_detection_module(init_prefs); + module = ndpi_init_detection_module(); if(module == NULL) { LOG(NDPI_LOG_ERROR, "global structure initialization failed\n"); diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c index d13b519ce283..b4b0cc4fecb3 100644 --- a/fuzz/fuzz_common_code.c +++ b/fuzz/fuzz_common_code.c @@ -36,12 +36,11 @@ void fuzz_set_alloc_callbacks_and_seed(int seed) void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod) { - ndpi_init_prefs prefs = ndpi_no_prefs; NDPI_PROTOCOL_BITMASK all; NDPI_PROTOCOL_BITMASK debug_bitmask; if(*ndpi_info_mod == NULL) { - *ndpi_info_mod = ndpi_init_detection_module(prefs); + *ndpi_info_mod = ndpi_init_detection_module(); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(*ndpi_info_mod, &all); diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 0b58ce57ef9f..4f1119e1a992 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -30,8 +30,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { char log_ts[32]; - if(fuzzed_data.remaining_bytes() < 4 + /* ndpi_init_detection_module() */ - NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS + + if(fuzzed_data.remaining_bytes() < NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS + 6 + /* files */ 1 + 3 + 1 + 3 + /* Monitoring */ 2 + /* Pid */ @@ -45,7 +44,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_info_mod = ndpi_init_detection_module(fuzzed_data.ConsumeIntegral()); + ndpi_info_mod = ndpi_init_detection_module(); set_ndpi_debug_function(ndpi_info_mod, NULL); diff --git a/fuzz/fuzz_filecfg_categories.c b/fuzz/fuzz_filecfg_categories.c index afb9e9ffb6b5..e038dbc51a02 100644 --- a/fuzz/fuzz_filecfg_categories.c +++ b/fuzz/fuzz_filecfg_categories.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(0); + ndpi_struct = ndpi_init_detection_module(); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_protocols.c b/fuzz/fuzz_filecfg_protocols.c index 6817d9ef7f7c..daa8d140d30a 100644 --- a/fuzz/fuzz_filecfg_protocols.c +++ b/fuzz/fuzz_filecfg_protocols.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(0); + ndpi_struct = ndpi_init_detection_module(); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index a0c25293aceb..72183b02acaf 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -18,7 +18,6 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0; u_int8_t enable_flow_stats = 1; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; -ndpi_init_prefs init_prefs = ndpi_no_prefs; int enable_malloc_bins = 1; int malloc_size_stats = 0; int max_malloc_bins = 14; diff --git a/fuzz/fuzz_readerutils_parseprotolist.cpp b/fuzz/fuzz_readerutils_parseprotolist.cpp index 44e195b73c99..c80ae834026b 100644 --- a/fuzz/fuzz_readerutils_parseprotolist.cpp +++ b/fuzz/fuzz_readerutils_parseprotolist.cpp @@ -13,7 +13,6 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0; u_int8_t enable_flow_stats = 0; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; -ndpi_init_prefs init_prefs = ndpi_no_prefs; /* unused */ int enable_malloc_bins = 0; int malloc_size_stats = 0; int max_malloc_bins = 14; diff --git a/fuzz/fuzz_readerutils_workflow.cpp b/fuzz/fuzz_readerutils_workflow.cpp index dde2c66d8149..61042d151948 100644 --- a/fuzz/fuzz_readerutils_workflow.cpp +++ b/fuzz/fuzz_readerutils_workflow.cpp @@ -15,7 +15,6 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0; u_int8_t enable_flow_stats = 0; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; -ndpi_init_prefs init_prefs = ndpi_no_prefs; int enable_malloc_bins = 0; int malloc_size_stats = 0; int max_malloc_bins = 14; diff --git a/python/ndpi/ndpi.py b/python/ndpi/ndpi.py index 2d73470adaa9..743b7a805c69 100644 --- a/python/ndpi/ndpi.py +++ b/python/ndpi/ndpi.py @@ -32,7 +32,7 @@ class NDPI(object): "_detection_module") def __init__(self): - self._detection_module = lib.ndpi_init_detection_module(0) + self._detection_module = lib.ndpi_init_detection_module() if self._detection_module == ffi.NULL: raise MemoryError("Unable to instantiate NDPI object") lib.ndpi_py_setup_detection_module(self._detection_module) diff --git a/python/ndpi/ndpi_build.py b/python/ndpi/ndpi_build.py index 84c1e04e47a0..6c07731f4586 100644 --- a/python/ndpi/ndpi_build.py +++ b/python/ndpi/ndpi_build.py @@ -49,7 +49,7 @@ NDPI_APIS = """ u_int16_t ndpi_get_api_version(void); char* ndpi_revision(void); -struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs prefs); +struct ndpi_detection_module_struct *ndpi_init_detection_module(); void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct); void ndpi_flow_free(void *ptr); ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 39388bd33301..30c3d1eed725 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -211,11 +211,10 @@ extern "C" { * indipendent detection contexts) but all these calls MUST NOT run * in parallel * - * @par prefs = load preferences * @return the initialized detection module * */ - struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs prefs); + struct ndpi_detection_module_struct *ndpi_init_detection_module(void); /** * Completes the initialization (2nd step) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c8f68eabc5a2..58157b9ec973 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1168,7 +1168,7 @@ struct ndpi_detection_module_config_struct { See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf */ int fully_encrypted_heuristic; int track_payload_enabled; - + int libgcrypt_init; /* LRU caches */ @@ -1584,13 +1584,6 @@ typedef struct { u_int16_t value; } ndpi_network6; -typedef u_int32_t ndpi_init_prefs; - -typedef enum { - ndpi_no_prefs = 0, - ndpi_dont_init_libgcrypt = (1 << 1), -} ndpi_prefs; - typedef struct { u_int32_t protocol_id; ndpi_protocol_category_t protocol_category; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 92e58617560d..5185335e7cc0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3009,7 +3009,7 @@ static void free_ptree_data(void *data) { /* ******************************************************************** */ -struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs prefs) { +struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { struct ndpi_detection_module_struct *ndpi_str = ndpi_malloc(sizeof(struct ndpi_detection_module_struct)); int i; @@ -3034,22 +3034,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs NDPI_BITMASK_RESET(ndpi_str->debug_bitmask); #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - if(!(prefs & ndpi_dont_init_libgcrypt)) { - if(!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) { - const char *gcrypt_ver = gcry_check_version(NULL); - if(!gcrypt_ver) { - NDPI_LOG_ERR(ndpi_str, "Error initializing libgcrypt\n"); - ndpi_free(ndpi_str); - return NULL; - } - NDPI_LOG_DBG(ndpi_str, "Libgcrypt %s\n", gcrypt_ver); - /* Tell Libgcrypt that initialization has completed. */ - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - } - } else { - NDPI_LOG_DBG(ndpi_str, "Libgcrypt initialization skipped\n"); - } - if((ndpi_str->protocols_ptree = ndpi_patricia_new(32 /* IPv4 */)) == NULL || (ndpi_str->protocols_ptree6 = ndpi_patricia_new(128 /* IPv6 */)) == NULL) { NDPI_LOG_ERR(ndpi_str, "[NDPI] Error allocating tree\n"); @@ -3249,6 +3233,20 @@ void ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) if(!ndpi_str) return; + if(ndpi_str->cfg.libgcrypt_init) { + if(!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) { + const char *gcrypt_ver = gcry_check_version(NULL); + if(!gcrypt_ver) { + NDPI_LOG_ERR(ndpi_str, "Error initializing libgcrypt\n"); + } + NDPI_LOG_DBG(ndpi_str, "Libgcrypt %s\n", gcrypt_ver); + /* Tell Libgcrypt that initialization has completed. */ + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + } + } else { + NDPI_LOG_DBG(ndpi_str, "Libgcrypt initialization skipped\n"); + } + if(ndpi_str->cfg.ip_lists_enabled) { if(ndpi_str->cfg.ip_list_amazonaws_enabled) { ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_amazon_aws_protocol_list); @@ -9068,7 +9066,7 @@ void ndpi_generate_options(u_int opt, FILE *options_out) { u_int i; if (!options_out) return; - ndpi_str = ndpi_init_detection_module(ndpi_no_prefs); + ndpi_str = ndpi_init_detection_module(); if (!ndpi_str) return; NDPI_BITMASK_SET_ALL(all); @@ -10407,6 +10405,7 @@ static const struct cfg_param { { NULL, "flow.track_payload.enable", "0", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(track_payload_enabled) }, { NULL, "tcp_ack_payload_heuristic.enable", "0", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tcp_ack_paylod_heuristic) }, { NULL, "fully_encrypted_heuristic.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic) }, + { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init) }, { NULL, "asn_lists.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(asn_lists_enabled) }, { NULL, "ip_lists.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ip_lists_enabled) }, diff --git a/tests/dga/dga_evaluate.c b/tests/dga/dga_evaluate.c index 6f4d187f8436..2c358e809dc5 100644 --- a/tests/dga/dga_evaluate.c +++ b/tests/dga/dga_evaluate.c @@ -91,7 +91,7 @@ int main(int argc, char **argv) { /* Initialize nDPI detection module*/ NDPI_PROTOCOL_BITMASK all; - struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(ndpi_no_prefs); + struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(); assert(ndpi_str != NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); diff --git a/tests/unit/unit.c b/tests/unit/unit.c index 37ed1315da8c..948fd2a9ed3e 100644 --- a/tests/unit/unit.c +++ b/tests/unit/unit.c @@ -373,7 +373,7 @@ int main(int argc, char **argv) { return -1; } - ndpi_info_mod = ndpi_init_detection_module(ndpi_no_prefs); + ndpi_info_mod = ndpi_init_detection_module(); if (ndpi_info_mod == NULL) return -1;