Remove some useless checks (#1993)

In the main dissector callbacks the flow protocols are (almost) always unknown. Only two exceptions: * extra dissection data path * HTTP sub-protocols
ntop · May 28, 2023 · 7ce14da · 7ce14da
1 parent 6da3474
commit 7ce14da
Show file tree

Hide file tree

Showing 18 changed files with 150 additions and 214 deletions.
diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c
@@ -60,9 +60,7 @@ static void ndpi_search_amazon_video(struct ndpi_detection_module_struct *ndpi_s
 			      struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search amazon_video\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_AMAZON_VIDEO)
-    ndpi_check_amazon_video(ndpi_struct, flow);
+  ndpi_check_amazon_video(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c
@@ -89,9 +89,7 @@ static void ndpi_search_apple_push(struct ndpi_detection_module_struct *ndpi_str
 {
   NDPI_LOG_DBG(ndpi_struct, "search apple_push\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_APPLE_PUSH)
-    ndpi_check_apple_push(ndpi_struct, flow);
+  ndpi_check_apple_push(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c
@@ -17,17 +17,15 @@ static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, st
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
 
-  if(packet->udp != NULL) {
-    if(payload_len > 4) {
-      if((memcmp((const char *)packet->payload, "BJNP", 4) == 0)
-	 || (memcmp((const char *)packet->payload, "BNJB", 4) == 0)
-	 || (memcmp((const char *)packet->payload, "BJNB", 4) == 0)
-	 || (memcmp((const char *)packet->payload, "MFNP", 4) == 0)
-	 ) {
-	    NDPI_LOG_INFO(ndpi_struct, "found bjnp\n");
-	    ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0);
-	    return;
-	  }
+  if(payload_len > 4) {
+    if((memcmp((const char *)packet->payload, "BJNP", 4) == 0)
+       || (memcmp((const char *)packet->payload, "BNJB", 4) == 0)
+       || (memcmp((const char *)packet->payload, "BJNB", 4) == 0)
+       || (memcmp((const char *)packet->payload, "MFNP", 4) == 0)
+      ) {
+      NDPI_LOG_INFO(ndpi_struct, "found bjnp\n");
+      ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0);
+      return;
     }
   }
 
@@ -38,10 +36,7 @@ static void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   NDPI_LOG_DBG(ndpi_struct, "search bjnp\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_BJNP) {
-    ndpi_check_bjnp(ndpi_struct, flow);
-  }
+  ndpi_check_bjnp(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c
@@ -61,9 +61,7 @@ static void ndpi_search_citrix(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search citrix\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_CITRIX)
-    ndpi_check_citrix(ndpi_struct, flow);
+  ndpi_check_citrix(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c
@@ -40,28 +40,24 @@ static void ndpi_int_dropbox_add_connection(struct ndpi_detection_module_struct
 static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-  // const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
+  u_int16_t dropbox_port = htons(DB_LSP_PORT);
 
-  if(packet->udp != NULL) {
-    u_int16_t dropbox_port = htons(DB_LSP_PORT);
-
-    if(packet->udp->dest == dropbox_port) {    
-      if(packet->udp->source == dropbox_port) {	
-	if(payload_len > 10) {
-	  if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) {	    
-	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
-	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
-	    return;
-	  }
+  if(packet->udp->dest == dropbox_port) {    
+    if(packet->udp->source == dropbox_port) {	
+      if(payload_len > 10) {
+        if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) {	    
+          NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+          ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+          return;
 	}
-      } else {
-	if(payload_len > 10) {
-	  if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) {	    
-	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
-	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
-	    return;
-	  }
+      }
+    } else {
+      if(payload_len > 10) {
+        if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) {	    
+          NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+          ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+          return;
 	}
       }
     }
@@ -74,10 +70,7 @@ static void ndpi_search_dropbox(struct ndpi_detection_module_struct *ndpi_struct
 {
   NDPI_LOG_DBG(ndpi_struct, "search dropbox\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_DROPBOX) {
-    ndpi_check_dropbox(ndpi_struct, flow);
-  }
+  ndpi_check_dropbox(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c
@@ -201,10 +201,7 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct,
 static void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search EDONKEY\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) {
-    ndpi_check_edonkey(ndpi_struct, flow);
-  }
+  ndpi_check_edonkey(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
@@ -589,80 +589,76 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str
 				   struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
-
-  /* Check connection over TCP */
-  if(packet->tcp) {
-    u_int16_t twentyfive = htons(25);
+  u_int16_t twentyfive = htons(25);
 
-    /* Exclude SMTP, which uses similar commands. */
-    if(packet->tcp->dest == twentyfive || packet->tcp->source == twentyfive) {
-      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-      return;
-    }
-
-    /* Break after 8 packets. */
-    if(flow->packet_counter > 8) {
-      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-      return;
-    }
+  /* Exclude SMTP, which uses similar commands. */
+  if(packet->tcp->dest == twentyfive || packet->tcp->source == twentyfive) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
 
-    /* Check if we so far detected the protocol in the request or not. */
-    if(flow->ftp_control_stage == 0) {
-      NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n");
+  /* Break after 8 packets. */
+  if(flow->packet_counter > 8) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
 
-      if((payload_len > 0) && ndpi_ftp_control_check_request(ndpi_struct,
-							     flow, packet->payload, payload_len)) {
-	NDPI_LOG_DBG2(ndpi_struct,
-		      "Possible FTP_CONTROL request detected, we will look further for the response..\n");
+  /* Check if we so far detected the protocol in the request or not. */
+  if(flow->ftp_control_stage == 0) {
+    NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n");
 
-	/* 
-	   Encode the direction of the packet in the stage, so we will know when we need
-	   to look for the response packet. 
-	*/
-	flow->ftp_control_stage = packet->packet_direction + 1;
-      }
-    } else {
-      NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage);
+    if((payload_len > 0) && ndpi_ftp_control_check_request(ndpi_struct,
+							   flow, packet->payload, payload_len)) {
+      NDPI_LOG_DBG2(ndpi_struct,
+		    "Possible FTP_CONTROL request detected, we will look further for the response..\n");
 
-      /*
-	At first check, if this is for sure a response packet (in another direction.
-	If not, do nothing now and return. 
+      /* 
+	Encode the direction of the packet in the stage, so we will know when we need
+	to look for the response packet. 
       */
-      if((flow->ftp_control_stage - packet->packet_direction) == 1) {
-	return;
-      }
+      flow->ftp_control_stage = packet->packet_direction + 1;
+    }
+  } else {
+    NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage);
+
+    /*
+      At first check, if this is for sure a response packet (in another direction.
+      If not, do nothing now and return. 
+    */
+    if((flow->ftp_control_stage - packet->packet_direction) == 1) {
+      return;
+    }
 
-      /* This is a packet in another direction. Check if we find the proper response. */
-      if((payload_len > 0) && ndpi_ftp_control_check_response(flow, packet->payload, payload_len)) {
-	NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n");
+    /* This is a packet in another direction. Check if we find the proper response. */
+    if((payload_len > 0) && ndpi_ftp_control_check_response(flow, packet->payload, payload_len)) {
+      NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n");
 
 #ifdef FTP_DEBUG
-	printf("%s() [user: %s][pwd: %s]\n", __FUNCTION__,
-	       flow->l4.tcp.ftp_imap_pop_smtp.username, flow->l4.tcp.ftp_imap_pop_smtp.password);
+      printf("%s() [user: %s][pwd: %s]\n", __FUNCTION__,
+             flow->l4.tcp.ftp_imap_pop_smtp.username, flow->l4.tcp.ftp_imap_pop_smtp.password);
 #endif
 
-	if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' &&
-	   flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0 &&
-	   flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) {
-	  flow->ftp_control_stage = 0;
-	} else if (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 &&
-		   ndpi_struct->opportunistic_tls_ftp_enabled) {
-	  flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */
-	  /* Switch classification to FTPS */
-	  ndpi_set_detected_protocol(ndpi_struct, flow,
-				     NDPI_PROTOCOL_FTPS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	  NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
-		       flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
-	  /* We are done (in FTP dissector): delegating TLS... */
-	  switch_extra_dissection_to_tls(ndpi_struct, flow);
-	} else {
-	  ndpi_int_ftp_control_add_connection(ndpi_struct, flow);
-	}
-      } else {
-	NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, "
-		      "resetting the stage to 0\n");
+      if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' &&
+	 flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0 &&
+	 flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) {
 	flow->ftp_control_stage = 0;
+      } else if (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 &&
+		 ndpi_struct->opportunistic_tls_ftp_enabled) {
+	flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */
+	/* Switch classification to FTPS */
+	ndpi_set_detected_protocol(ndpi_struct, flow,
+				   NDPI_PROTOCOL_FTPS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+	NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
+		     flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
+	/* We are done (in FTP dissector): delegating TLS... */
+	switch_extra_dissection_to_tls(ndpi_struct, flow);
+      } else {
+	ndpi_int_ftp_control_add_connection(ndpi_struct, flow);
       }
+    } else {
+      NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, "
+		    "resetting the stage to 0\n");
+      flow->ftp_control_stage = 0;
     }
   }
 }
@@ -673,10 +669,7 @@ static void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_st
 				    struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search FTP_CONTROL\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_FTP_CONTROL) {
-    ndpi_check_ftp_control(ndpi_struct, flow);
-  }
+  ndpi_check_ftp_control(ndpi_struct, flow);
 }
 
 /* *************************************************************** */

diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c
@@ -67,7 +67,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
 
-  if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) {
+  if(payload_len > sizeof(struct gtp_header_generic)) {
     u_int32_t gtp_u  = ntohs(2152);
     u_int32_t gtp_c  = ntohs(2123);
     u_int32_t gtp_prime = ntohs(3386);
@@ -122,9 +122,7 @@ static void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, st
 {
   NDPI_LOG_DBG(ndpi_struct, "search gtp\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_GTP)
-    ndpi_check_gtp(ndpi_struct, flow);
+  ndpi_check_gtp(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c
@@ -76,12 +76,7 @@ static void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   NDPI_LOG_DBG(ndpi_struct, "search lisp\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) {
-
-      ndpi_check_lisp(ndpi_struct, flow);
-
-  }
+  ndpi_check_lisp(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c
@@ -41,8 +41,7 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct,
   // const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
 
-  if(packet->udp != NULL &&
-     (packet->udp->dest == htons(RADIUS_PORT) || packet->udp->source == htons(RADIUS_PORT) ||
+  if((packet->udp->dest == htons(RADIUS_PORT) || packet->udp->source == htons(RADIUS_PORT) ||
       packet->udp->dest == htons(RADIUS_PORT_ACC) || packet->udp->source == htons(RADIUS_PORT_ACC) ||
       packet->udp->dest == htons(RADIUS_PORT_ACC_ALTERNATIVE) || packet->udp->source == htons(RADIUS_PORT_ACC_ALTERNATIVE))) {
     struct radius_header *h = (struct radius_header*)packet->payload;
@@ -69,9 +68,7 @@ static void ndpi_search_radius(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search radius\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RADIUS)
-    ndpi_check_radius(ndpi_struct, flow);
+  ndpi_check_radius(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c
@@ -76,10 +76,7 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s
 static void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search Redis\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_REDIS) {
-    ndpi_check_redis(ndpi_struct, flow);
-  }
+  ndpi_check_redis(ndpi_struct, flow);
 }
 
 

diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c
@@ -83,10 +83,7 @@ static void ndpi_search_rtmp(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   NDPI_LOG_DBG(ndpi_struct, "search RTMP\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RTMP) {
-    ndpi_check_rtmp(ndpi_struct, flow);
-  }
+  ndpi_check_rtmp(ndpi_struct, flow);
 }