static packet *TcpCaDisFlowEnd(tca_flow *ifw)
{
/* ndpi free */
if (ifw->l7flow != NULL) {
xfree(ifw->l7flow);
xfree(ifw->l7src);
xfree(ifw->l7dst);
}
if (ifw->l7prot_type == NULL) {
if (ifw->priv.ipv6)
ifw->l7prot_id = ndpi_guess_undetected_protocol(ndpi, IPPROTO_TCP, 0, 0, ifw->priv.port_s, ifw->priv.port_d);
else
ifw->l7prot_id = ndpi_guess_undetected_protocol(ndpi, IPPROTO_TCP, ifw->priv.ip_s.uint32, ifw->priv.ip_d.uint32, ifw->priv.port_s, ifw->priv.port_d);
if (ifw->l7prot_id.protocol != NDPI_PROTOCOL_UNKNOWN) {
ifw->l7prot_type = ndpi_protocol2name(ndpi, ifw->l7prot_id, ifw->buff, TCP_CA_LINE_MAX_SIZE);
}
else {
ifw->l7prot_type = "Unknown";
}
}
/* tcp reset */
if (!(ifw->first_lost && (ifw->count < 5 || ifw->flow_size == 0))) {
/* insert data */
CaPei(ifw->ppei, ifw->l7prot_type, &ifw->priv, &ifw->cap_sec, &ifw->end_cap);
/* insert pei */
PeiIns(ifw->ppei);
}
/* end */
LogPrintf(LV_DEBUG, "TCP->%s analysis... bye bye fid:%d count:%i", ifw->l7prot_type, ifw->flow_id, ifw->count);
if (grpdis) {
FlowDelete(ifw->flow_id);
xfree(ifw);
}
return NULL;
}
int FlowDettach(int flow_id)
{
int nxt_flw, ret;
bool sync;
sync = FALSE;
FlowTblLock();
/* count the packet from protocol node to protocol dissector */
#ifdef XPL_PEDANTIC_STATISTICS
if (flow_tbl[flow_id].proto_id != -1 && flow_tbl[flow_id].proto_id != flow_tbl[flow_id].pfid) {
ProtPktFromNode(flow_tbl[flow_id].proto_id, flow_tbl[flow_id].pkt_tot);
flow_tbl[flow_id].pkt_tot = 0;
}
#endif
/* thread */
if (flow_tbl[flow_id].elab == TRUE) {
if (flow_tbl[flow_id].grp_id == -1) {
ProtRunFlowDec(flow_tbl[flow_id].proto_id);
FthreadChFlow(flow_tbl[flow_id].fthd_id, -1);
}
else {
if (FthreadFlow(flow_tbl[flow_id].fthd_id) == flow_id) {
GrpLock(flow_tbl[flow_id].grp_id);
do {
nxt_flw = GrpNext(flow_tbl[flow_id].grp_id);
} while (nxt_flw != -1 && nxt_flw == flow_id);
GrpUnlock(flow_tbl[flow_id].grp_id);
#ifndef PROT_GRP_COUNT
if (nxt_flw == -1) {
ProtRunFlowDec(flow_tbl[flow_id].proto_id);
}
#else
ProtRunFlowDec(flow_tbl[flow_id].proto_id);
#endif
FthreadChFlow(flow_tbl[flow_id].fthd_id, nxt_flw);
}
else {
#ifdef PROT_GRP_COUNT
ProtRunFlowDec(flow_tbl[flow_id].proto_id);
#endif
}
}
flow_tbl[flow_id].elab = FALSE;
flow_tbl[flow_id].fthd_id = -1;
sync = flow_tbl[flow_id].sync; /* there is the possibility thar flow parent is blocket in FlowPutPkt */
}
/* dettach from group */
if (flow_tbl[flow_id].grp_id != -1) {
ret = GrpRm(flow_tbl[flow_id].grp_id, flow_id);
#ifdef XPL_CHECK_CODE
if (ret == -1) {
LogPrintf(LV_OOPS, "bug in Grp Add/Rm use");
}
#endif
}
/* erase name */
flow_tbl[flow_id].name[0] = '\0';
/* reset to original the proto_id (NOT pfid!!) */
flow_tbl[flow_id].proto_id = ProtFrameProtocol(flow_tbl[flow_id].stack);
#ifdef XPL_CHECK_CODE
if (flow_tbl[flow_id].pfid != -1) {
LogPrintf(LV_OOPS, "bug in Dettach (%s:%i) {%i}", __FILE__, __LINE__, flow_tbl[flow_id].pfid);
}
#endif
/* if closed the flow haven't a parent */
if (flow_tbl[flow_id].close == TRUE) {
/* if this flow isn't in elaboration we search an heuristic dissector */
#warning "only heuristic?!"
if (flow_tbl[flow_id].pkt_num != 0)
ret = ProtSearchHeuDissec(flow_tbl[flow_id].proto_id, flow_id);
/* if this flow isn't in elaboration delete it */
if (flow_tbl[flow_id].elab == FALSE) {
if (flow_tbl[flow_id].pkt_num != 0)
LogPrintf(LV_DEBUG, "FlowDettach: flow %i no elab... delete it", flow_id);
sync = FALSE;
FlowDelete(flow_id);
}
}
FlowTblUnlock();
if (sync == TRUE) {
pthread_mutex_lock(flow_tbl[flow_id].mux);
pthread_cond_signal(flow_tbl[flow_id].gcond);
pthread_mutex_unlock(flow_tbl[flow_id].mux);
}
return 0;
}
int FlowClose(int flow_id)
{
#if XP_NEW_CLOSE
int pid;
#endif
FlowTblLock();
/* set close */
if (flow_tbl[flow_id].close == TRUE) {
FlowTblUnlock();
return 0;
}
#if XP_NEW_CLOSE
pid = flow_tbl[flow_id].stack->pid;
FlowTblUnlock();
#endif
/* flush data */
/* disable sync to avoid dead lock, and also because the flow is terminated */
FlowSyncr(flow_id, FALSE);
#if XP_NEW_CLOSE
ProtFlushFlow(pid, flow_id);
#else
ProtFlushFlow(flow_tbl[flow_id].stack->pid, flow_id);
#endif
#if XP_NEW_CLOSE
FlowTblLock();
#endif
flow_tbl[flow_id].close = TRUE;
/* if this flow isn't in elaboration we search an heuristic dissector */
if (flow_tbl[flow_id].elab == FALSE && flow_tbl[flow_id].pkt_num != 0) {
ProtSearchHeuDissec(flow_tbl[flow_id].proto_id, flow_id);
}
pthread_mutex_lock(flow_tbl[flow_id].mux);
#ifndef XPL_CHECK_CODE
if (flow_tbl[flow_id].pkt_num != 0 && flow_tbl[flow_id].fpkt == NULL) {
LogPrintf(LV_OOPS, "bug in function %s line: %d", __FILE__, __LINE__);
while (1) {
sleep(1);
}
}
#endif
/* wakeup flow in wait */
if (flow_tbl[flow_id].grp_fuse == TRUE && flow_tbl[flow_id].grp_id != -1) {
GrpFlowClosed(flow_tbl[flow_id].grp_id);
}
pthread_cond_signal(flow_tbl[flow_id].cond);
pthread_mutex_unlock(flow_tbl[flow_id].mux);
/* if this flow isn't in elaboration delete it */
if (flow_tbl[flow_id].elab == FALSE) {
#if XP_NEW_CLOSE
FlowTblUnlock();
#endif
if (flow_tbl[flow_id].pkt_num != 0)
LogPrintf(LV_DEBUG, "FlowClose: flow %i no elab... delete it", flow_id);
FlowDelete(flow_id);
#if XP_NEW_CLOSE
FlowTblLock();
#endif
}
FlowTblUnlock();
return 0;
}
