static packet *TcpCaDisFlowEnd(tca_flow *ifw) { /* ndpi free */ if (ifw->l7flow != NULL) { xfree(ifw->l7flow); xfree(ifw->l7src); xfree(ifw->l7dst); } if (ifw->l7prot_type == NULL) { if (ifw->priv.ipv6) ifw->l7prot_id = ndpi_guess_undetected_protocol(ndpi, IPPROTO_TCP, 0, 0, ifw->priv.port_s, ifw->priv.port_d); else ifw->l7prot_id = ndpi_guess_undetected_protocol(ndpi, IPPROTO_TCP, ifw->priv.ip_s.uint32, ifw->priv.ip_d.uint32, ifw->priv.port_s, ifw->priv.port_d); if (ifw->l7prot_id.protocol != NDPI_PROTOCOL_UNKNOWN) { ifw->l7prot_type = ndpi_protocol2name(ndpi, ifw->l7prot_id, ifw->buff, TCP_CA_LINE_MAX_SIZE); } else { ifw->l7prot_type = "Unknown"; } } /* tcp reset */ if (!(ifw->first_lost && (ifw->count < 5 || ifw->flow_size == 0))) { /* insert data */ CaPei(ifw->ppei, ifw->l7prot_type, &ifw->priv, &ifw->cap_sec, &ifw->end_cap); /* insert pei */ PeiIns(ifw->ppei); } /* end */ LogPrintf(LV_DEBUG, "TCP->%s analysis... bye bye fid:%d count:%i", ifw->l7prot_type, ifw->flow_id, ifw->count); if (grpdis) { FlowDelete(ifw->flow_id); xfree(ifw); } return NULL; }
int FlowDettach(int flow_id) { int nxt_flw, ret; bool sync; sync = FALSE; FlowTblLock(); /* count the packet from protocol node to protocol dissector */ #ifdef XPL_PEDANTIC_STATISTICS if (flow_tbl[flow_id].proto_id != -1 && flow_tbl[flow_id].proto_id != flow_tbl[flow_id].pfid) { ProtPktFromNode(flow_tbl[flow_id].proto_id, flow_tbl[flow_id].pkt_tot); flow_tbl[flow_id].pkt_tot = 0; } #endif /* thread */ if (flow_tbl[flow_id].elab == TRUE) { if (flow_tbl[flow_id].grp_id == -1) { ProtRunFlowDec(flow_tbl[flow_id].proto_id); FthreadChFlow(flow_tbl[flow_id].fthd_id, -1); } else { if (FthreadFlow(flow_tbl[flow_id].fthd_id) == flow_id) { GrpLock(flow_tbl[flow_id].grp_id); do { nxt_flw = GrpNext(flow_tbl[flow_id].grp_id); } while (nxt_flw != -1 && nxt_flw == flow_id); GrpUnlock(flow_tbl[flow_id].grp_id); #ifndef PROT_GRP_COUNT if (nxt_flw == -1) { ProtRunFlowDec(flow_tbl[flow_id].proto_id); } #else ProtRunFlowDec(flow_tbl[flow_id].proto_id); #endif FthreadChFlow(flow_tbl[flow_id].fthd_id, nxt_flw); } else { #ifdef PROT_GRP_COUNT ProtRunFlowDec(flow_tbl[flow_id].proto_id); #endif } } flow_tbl[flow_id].elab = FALSE; flow_tbl[flow_id].fthd_id = -1; sync = flow_tbl[flow_id].sync; /* there is the possibility thar flow parent is blocket in FlowPutPkt */ } /* dettach from group */ if (flow_tbl[flow_id].grp_id != -1) { ret = GrpRm(flow_tbl[flow_id].grp_id, flow_id); #ifdef XPL_CHECK_CODE if (ret == -1) { LogPrintf(LV_OOPS, "bug in Grp Add/Rm use"); } #endif } /* erase name */ flow_tbl[flow_id].name[0] = '\0'; /* reset to original the proto_id (NOT pfid!!) */ flow_tbl[flow_id].proto_id = ProtFrameProtocol(flow_tbl[flow_id].stack); #ifdef XPL_CHECK_CODE if (flow_tbl[flow_id].pfid != -1) { LogPrintf(LV_OOPS, "bug in Dettach (%s:%i) {%i}", __FILE__, __LINE__, flow_tbl[flow_id].pfid); } #endif /* if closed the flow haven't a parent */ if (flow_tbl[flow_id].close == TRUE) { /* if this flow isn't in elaboration we search an heuristic dissector */ #warning "only heuristic?!" if (flow_tbl[flow_id].pkt_num != 0) ret = ProtSearchHeuDissec(flow_tbl[flow_id].proto_id, flow_id); /* if this flow isn't in elaboration delete it */ if (flow_tbl[flow_id].elab == FALSE) { if (flow_tbl[flow_id].pkt_num != 0) LogPrintf(LV_DEBUG, "FlowDettach: flow %i no elab... delete it", flow_id); sync = FALSE; FlowDelete(flow_id); } } FlowTblUnlock(); if (sync == TRUE) { pthread_mutex_lock(flow_tbl[flow_id].mux); pthread_cond_signal(flow_tbl[flow_id].gcond); pthread_mutex_unlock(flow_tbl[flow_id].mux); } return 0; }
int FlowClose(int flow_id) { #if XP_NEW_CLOSE int pid; #endif FlowTblLock(); /* set close */ if (flow_tbl[flow_id].close == TRUE) { FlowTblUnlock(); return 0; } #if XP_NEW_CLOSE pid = flow_tbl[flow_id].stack->pid; FlowTblUnlock(); #endif /* flush data */ /* disable sync to avoid dead lock, and also because the flow is terminated */ FlowSyncr(flow_id, FALSE); #if XP_NEW_CLOSE ProtFlushFlow(pid, flow_id); #else ProtFlushFlow(flow_tbl[flow_id].stack->pid, flow_id); #endif #if XP_NEW_CLOSE FlowTblLock(); #endif flow_tbl[flow_id].close = TRUE; /* if this flow isn't in elaboration we search an heuristic dissector */ if (flow_tbl[flow_id].elab == FALSE && flow_tbl[flow_id].pkt_num != 0) { ProtSearchHeuDissec(flow_tbl[flow_id].proto_id, flow_id); } pthread_mutex_lock(flow_tbl[flow_id].mux); #ifndef XPL_CHECK_CODE if (flow_tbl[flow_id].pkt_num != 0 && flow_tbl[flow_id].fpkt == NULL) { LogPrintf(LV_OOPS, "bug in function %s line: %d", __FILE__, __LINE__); while (1) { sleep(1); } } #endif /* wakeup flow in wait */ if (flow_tbl[flow_id].grp_fuse == TRUE && flow_tbl[flow_id].grp_id != -1) { GrpFlowClosed(flow_tbl[flow_id].grp_id); } pthread_cond_signal(flow_tbl[flow_id].cond); pthread_mutex_unlock(flow_tbl[flow_id].mux); /* if this flow isn't in elaboration delete it */ if (flow_tbl[flow_id].elab == FALSE) { #if XP_NEW_CLOSE FlowTblUnlock(); #endif if (flow_tbl[flow_id].pkt_num != 0) LogPrintf(LV_DEBUG, "FlowClose: flow %i no elab... delete it", flow_id); FlowDelete(flow_id); #if XP_NEW_CLOSE FlowTblLock(); #endif } FlowTblUnlock(); return 0; }