From c5be8fe0b66b1a7dd1291890c2979caf53e2770a Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Mon, 8 Jan 2024 12:11:24 +0100 Subject: [PATCH] config: init default protocols at `ndpi_init_detection_module()` --- fuzz/fuzz_filecfg_protocols.c | 3 - fuzz/fuzz_filecfg_risk_domains.c | 3 - src/include/ndpi_typedefs.h | 1 + src/lib/ndpi_main.c | 85 +++++++++++-------- src/lib/ndpi_private.h | 2 - .../disable_protocols/result/soap.pcap.out | 2 +- 6 files changed, 51 insertions(+), 45 deletions(-) diff --git a/fuzz/fuzz_filecfg_protocols.c b/fuzz/fuzz_filecfg_protocols.c index c03771a3e71..2b681041917 100644 --- a/fuzz/fuzz_filecfg_protocols.c +++ b/fuzz/fuzz_filecfg_protocols.c @@ -14,9 +14,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_struct, NULL, "log.level", "4"); ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); - if(ndpi_struct) - init_protocol_defaults(ndpi_struct); - fd = buffer_to_file(data, size); load_protocols_file_fd(ndpi_struct, fd); if(fd) diff --git a/fuzz/fuzz_filecfg_risk_domains.c b/fuzz/fuzz_filecfg_risk_domains.c index 5ff7062702f..29f983a6d5b 100644 --- a/fuzz/fuzz_filecfg_risk_domains.c +++ b/fuzz/fuzz_filecfg_risk_domains.c @@ -14,9 +14,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_struct, NULL, "log.level", "4"); ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); - if(ndpi_struct) - init_protocol_defaults(ndpi_struct); - fd = buffer_to_file(data, size); load_risk_domain_file_fd(ndpi_struct, fd); if(fd) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index bbec9f2fcc6..c65ee3cc381 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1083,6 +1083,7 @@ typedef struct ndpi_proto_defaults { u_int32_t subprotocol_count; u_int16_t protoId, protoIdx; u_int16_t tcp_default_ports[MAX_DEFAULT_PORTS], udp_default_ports[MAX_DEFAULT_PORTS]; + ndpi_port_range tcp_default_ports_ranges[MAX_DEFAULT_PORTS], udp_default_ports_ranges[MAX_DEFAULT_PORTS]; ndpi_protocol_breed_t protoBreed; void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); } ndpi_proto_defaults_t; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e643182ecd7..114025ee32f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -574,39 +574,15 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str, */ ndpi_str->proto_defaults[protoId].isAppProtocol = is_app_protocol; ndpi_str->proto_defaults[protoId].protoName = name; - if(ndpi_str->cfg.protocols_categories[protoId] != -1) { - NDPI_LOG_DBG(ndpi_str, "Overwriting category for proto %s [%d] %d->%d\n", - protoName, protoId, protoCategory, - ndpi_str->cfg.protocols_categories[protoId]); - ndpi_str->proto_defaults[protoId].protoCategory = ndpi_str->cfg.protocols_categories[protoId]; - } else { - ndpi_str->proto_defaults[protoId].protoCategory = protoCategory; - } + ndpi_str->proto_defaults[protoId].protoCategory = protoCategory; ndpi_str->proto_defaults[protoId].protoId = protoId; - if(ndpi_str->cfg.protocols_breeds[protoId] != -1) { - NDPI_LOG_DBG(ndpi_str, "Overwriting breed for proto %s [%d] %d->%d\n", - protoName, protoId, breed, - ndpi_str->cfg.protocols_breeds[protoId]); - ndpi_str->proto_defaults[protoId].protoBreed = ndpi_str->cfg.protocols_breeds[protoId]; - } else { - ndpi_str->proto_defaults[protoId].protoBreed = breed; - } + ndpi_str->proto_defaults[protoId].protoBreed = breed; ndpi_str->proto_defaults[protoId].subprotocols = NULL; ndpi_str->proto_defaults[protoId].subprotocol_count = 0; - if(!is_proto_enabled(ndpi_str, protoId)) { - NDPI_LOG_DBG(ndpi_str, "[NDPI] Skip default ports for %s/protoId=%d: disabled\n", protoName, protoId); - return; - } - for(j = 0; j < MAX_DEFAULT_PORTS; j++) { - if(udpDefPorts[j].port_low != 0) - addDefaultPort(ndpi_str, &udpDefPorts[j], &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->udpRoot, - __FUNCTION__, __LINE__); - - if(tcpDefPorts[j].port_low != 0) - addDefaultPort(ndpi_str, &tcpDefPorts[j], &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->tcpRoot, - __FUNCTION__, __LINE__); + ndpi_str->proto_defaults[protoId].tcp_default_ports_ranges[j] = tcpDefPorts[j]; + ndpi_str->proto_defaults[protoId].udp_default_ports_ranges[j] = udpDefPorts[j]; /* No port range, just the lower port */ ndpi_str->proto_defaults[protoId].tcp_default_ports[j] = tcpDefPorts[j].port_low; @@ -1625,7 +1601,7 @@ void init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str) { ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 10000, 8008, 8009, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 10000, 8008, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TEAMSPEAK, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_VOIP, @@ -2203,11 +2179,6 @@ void init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str) { #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" #endif - - /* calling function for host and content matched protocols */ - init_string_based_protocols(ndpi_str); - - ndpi_validate_protocol_initialization(ndpi_str); } /* ****************************************************** */ @@ -3227,6 +3198,8 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_snprintf(ndpi_str->custom_category_labels[i], CUSTOM_CATEGORY_LABEL_LEN, "User custom category %u", (unsigned int) (i + 1)); + init_protocol_defaults(ndpi_str); + return(ndpi_str); } @@ -3287,7 +3260,8 @@ static int is_ip_list_enabled(struct ndpi_detection_module_struct *ndpi_str, int } int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) { - u_int i; + u_int i, j; + u_int16_t protoId; int rc; FILE *fd; @@ -3310,7 +3284,10 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) NDPI_LOG_DBG(ndpi_str, "Libgcrypt initialization skipped\n"); } - init_protocol_defaults(ndpi_str); + /* calling function for host and content matched protocols */ + init_string_based_protocols(ndpi_str); + + ndpi_validate_protocol_initialization(ndpi_str); if(ndpi_callback_init(ndpi_str)) { NDPI_LOG_ERR(ndpi_str, "[NDPI] Error allocating callbacks\n"); @@ -3367,6 +3344,42 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) ndpi_enable_loaded_categories(ndpi_str); + /* After we have loaded custom protocols! */ + for (protoId = 0; protoId < (NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS); protoId++) { + + /* Overwrite category/breed protocol with values from user configuration */ + if(ndpi_str->cfg.protocols_categories[protoId] != -1) { + NDPI_LOG_DBG(ndpi_str, "Overwriting category for proto %s [%d] %d->%d\n", + ndpi_str->proto_defaults[protoId].protoName, protoId, + ndpi_str->proto_defaults[protoId].protoCategory, + ndpi_str->cfg.protocols_categories[protoId]); + ndpi_str->proto_defaults[protoId].protoCategory = ndpi_str->cfg.protocols_categories[protoId]; + } + if(ndpi_str->cfg.protocols_breeds[protoId] != -1) { + NDPI_LOG_DBG(ndpi_str, "Overwriting breed for proto %s [%d] %d->%d\n", + ndpi_str->proto_defaults[protoId].protoName, protoId, + ndpi_str->proto_defaults[protoId].protoBreed, + ndpi_str->cfg.protocols_breeds[protoId]); + ndpi_str->proto_defaults[protoId].protoBreed = ndpi_str->cfg.protocols_breeds[protoId]; + } + + /* Enable mapping for default ports */ + if(is_proto_enabled(ndpi_str, protoId)) { + for(j = 0; j < MAX_DEFAULT_PORTS; j++) { + if(ndpi_str->proto_defaults[protoId].udp_default_ports_ranges[j].port_low != 0) + addDefaultPort(ndpi_str, &ndpi_str->proto_defaults[protoId].udp_default_ports_ranges[j], + &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->udpRoot, + __FUNCTION__, __LINE__); + + if(ndpi_str->proto_defaults[protoId].tcp_default_ports_ranges[j].port_low != 0) + addDefaultPort(ndpi_str, &ndpi_str->proto_defaults[protoId].tcp_default_ports_ranges[j], + &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->tcpRoot, + __FUNCTION__, __LINE__); + } + } + + } + if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_AMAZON_AWS)) { ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_amazon_aws_protocol_list); ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols_ptree6, ndpi_protocol_amazon_aws_protocol_list_6); diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h index 190ab26c89d..35299a3793c 100644 --- a/src/lib/ndpi_private.h +++ b/src/lib/ndpi_private.h @@ -421,8 +421,6 @@ int load_malicious_sha1_file_fd(struct ndpi_detection_module_struct *ndpi_str, F int load_malicious_ja3_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); int load_risk_domain_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); -void init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str); - /* TLS */ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out index b5a75cf500b..7bab5ebe7d3 100644 --- a/tests/cfgs/disable_protocols/result/soap.pcap.out +++ b/tests/cfgs/disable_protocols/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 397 (132.33 diss/flow) +Num dissector calls: 398 (132.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found)