From b56fa43ccdc8e7a41247cdd52c5144502bb8707c Mon Sep 17 00:00:00 2001 From: Shubham Shrivastava Date: Wed, 13 Jan 2021 16:19:53 +0530 Subject: [PATCH 1/3] DPI: remove zero data length check from dpi_ndpi_session_first_packet() For TCP sessions, L4 payload data length of first packet (SYN packet) is zero. So the first packet of TCP session will not be sent to nDPI due to data_len != 0 checking in dpi_ndpi_session_first_packet(). However, nDPI uses TCP SYN packets internally for connection tracking and other purposes. For example, in nDPI library function ndpi_detection_process_packet(): a) ndpi_connection_tracking() is called for connection tracking and updating TCP flag states b) app detection is given up for TCP sessions in some cases if the first packet of session sent to nDPI is not a SYN packet Hence, remove data_len != 0 check from the function dpi_ndpi_session_first_packet() and send the first packet of a session to nDPI irrespective of data length. Co-authored-by: Subhajit Chatterjee Signed-off-by: Shubham Shrivastava --- src/npf/dpi/ndpi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/npf/dpi/ndpi.c b/src/npf/dpi/ndpi.c index 6959f9b0..8f1bf263 100644 --- a/src/npf/dpi/ndpi.c +++ b/src/npf/dpi/ndpi.c @@ -289,7 +289,8 @@ dpi_ndpi_session_flow_destroy(struct dpi_engine_flow *dpi_flow) static int dpi_ndpi_session_first_packet(struct npf_session *se __unused, struct npf_cache *npc __unused, struct rte_mbuf *mbuf, - int dir, uint32_t data_len, struct dpi_engine_flow **dpi_flow) + int dir, uint32_t data_len __unused, + struct dpi_engine_flow **dpi_flow) { struct ndpi_flow *flow = zmalloc_aligned(sizeof(struct ndpi_flow)); if (!flow) @@ -315,8 +316,7 @@ dpi_ndpi_session_first_packet(struct npf_session *se __unused, if (!flow->dest_id) goto dest_id_error; - if (data_len != 0 && !dpi_ndpi_process_pkt( - (struct dpi_engine_flow *)flow, mbuf, dir)) + if (!dpi_ndpi_process_pkt((struct dpi_engine_flow *)flow, mbuf, dir)) return -EINVAL; *dpi_flow = (struct dpi_engine_flow *)flow; From 42d292f0c61fe8ce8333e34f88c48cca11d6dce3 Mon Sep 17 00:00:00 2001 From: Shubham Shrivastava Date: Wed, 13 Jan 2021 16:37:36 +0530 Subject: [PATCH 2/3] DPI: use USE_NDPI flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add USE_NDPI flag to initialise ‘engines’ and 'engines_len' before calling dpi_session_first_packet() function in order to avoid error due to missing dpi_engine_procs for nDPI engine when dataplane compilation is done without USE_NDPI flag. Co-authored-by: Subhajit Chatterjee Signed-off-by: Shubham Shrivastava --- src/npf/rproc/npf_ext_appfw.c | 9 +++++++-- src/npf/rproc/npf_ext_dpi.c | 8 +++++++- src/pipeline/nodes/l3_dpi.c | 11 +++++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/npf/rproc/npf_ext_appfw.c b/src/npf/rproc/npf_ext_appfw.c index f94c4af3..eccf73f2 100644 --- a/src/npf/rproc/npf_ext_appfw.c +++ b/src/npf/rproc/npf_ext_appfw.c @@ -389,10 +389,15 @@ appfw_action(npf_cache_t *npc, struct rte_mbuf **nbuf, void *arg, */ dpi_flow = npf_session_get_dpi(se); if (!dpi_flow) { +#ifdef USE_NDPI uint8_t engines[] = { IANA_USER, IANA_NDPI }; - + size_t engines_len = 2; +#else + uint8_t engines[] = { IANA_USER }; + size_t engines_len = 1; +#endif /* USER_NDPI */ rc = dpi_session_first_packet(se, npc, *nbuf, - ah->ah_initial_dir, 2, engines); + ah->ah_initial_dir, engines_len, engines); if (rc != 0) goto drop; dpi_flow = npf_session_get_dpi(se); diff --git a/src/npf/rproc/npf_ext_dpi.c b/src/npf/rproc/npf_ext_dpi.c index dbbae278..7795c776 100644 --- a/src/npf/rproc/npf_ext_dpi.c +++ b/src/npf/rproc/npf_ext_dpi.c @@ -178,9 +178,15 @@ dpi_match(npf_cache_t *npc, struct rte_mbuf *mbuf, const struct ifnet *ifp, /* Find or attach the DPI flow info. Do first packet inspection */ struct dpi_flow *dpi_flow = npf_session_get_dpi(se); if (!dpi_flow) { +#ifdef USE_NDPI uint8_t engines[] = {IANA_USER, IANA_NDPI}; + size_t engines_len = 2; +#else + uint8_t engines[] = {IANA_USER}; + size_t engines_len = 1; +#endif /* USER_NDPI */ int error = dpi_session_first_packet(se, npc, mbuf, - dir, 2, engines); + dir, engines_len, engines); if (error) goto drop; dpi_flow = npf_session_get_dpi(se); diff --git a/src/pipeline/nodes/l3_dpi.c b/src/pipeline/nodes/l3_dpi.c index 1de631ce..ad078401 100644 --- a/src/pipeline/nodes/l3_dpi.c +++ b/src/pipeline/nodes/l3_dpi.c @@ -75,8 +75,15 @@ ip_dpi_process_common(struct pl_packet *pkt, bool v4, int dir) } /* Attach the DPI flow info, do first packet inspection */ - uint8_t engines[] = {IANA_USER, IANA_NDPI}; - (void)dpi_session_first_packet(se, npc, m, dir, 2, engines); +#ifdef USE_NDPI + uint8_t engines[] = {IANA_USER, IANA_NDPI}; + size_t engines_len = 2; +#else + uint8_t engines[] = {IANA_USER}; + size_t engines_len = 1; +#endif /* USER_NDPI */ + + (void)dpi_session_first_packet(se, npc, m, dir, engines_len, engines); done: if (dir == PFIL_IN) From 54da76952f187cc0ba8b6471a03b6aa3aa36a6ee Mon Sep 17 00:00:00 2001 From: Shubham Shrivastava Date: Wed, 13 Jan 2021 16:44:38 +0530 Subject: [PATCH 3/3] DPI: use correct loop variable Use loop variable 'j' instead of 'i' during flow cleanup. Co-authored-by: Subhajit Chatterjee Signed-off-by: Shubham Shrivastava --- src/npf/dpi/dpi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/npf/dpi/dpi.c b/src/npf/dpi/dpi.c index cd97de9b..f1a61684 100644 --- a/src/npf/dpi/dpi.c +++ b/src/npf/dpi/dpi.c @@ -363,7 +363,7 @@ dpi_session_first_packet(struct npf_session *se, struct npf_cache *npc, free_flows: for (unsigned int j = 0; j < i; j++) { - struct flow_procs_tup *tup = &flow->flows[i]; + struct flow_procs_tup *tup = &flow->flows[j]; if (!tup) continue; if (!tup->procs)