DPI: remove zero data length check from dpi_ndpi_session_first_packet()

For TCP sessions, L4 payload data length of first packet (SYN packet) is zero. So the first packet of TCP session will not be sent to nDPI due to data_len != 0 checking in dpi_ndpi_session_first_packet(). However, nDPI uses TCP SYN packets internally for connection tracking and other purposes. For example, in nDPI library function ndpi_detection_process_packet(): a) ndpi_connection_tracking() is called for connection tracking and updating TCP flag states b) app detection is given up for TCP sessions in some cases if the first packet of session sent to nDPI is not a SYN packet Hence, remove data_len != 0 check from the function dpi_ndpi_session_first_packet() and send the first packet of a session to nDPI irrespective of data length. Co-authored-by: Subhajit Chatterjee <[email protected]> Signed-off-by: Shubham Shrivastava <[email protected]>
danos · Jan 13, 2021 · b56fa43 · b56fa43
1 parent c6f2cf1
commit b56fa43
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/npf/dpi/ndpi.c b/src/npf/dpi/ndpi.c
@@ -289,7 +289,8 @@ dpi_ndpi_session_flow_destroy(struct dpi_engine_flow *dpi_flow)
 static int
 dpi_ndpi_session_first_packet(struct npf_session *se __unused,
 		struct npf_cache *npc __unused, struct rte_mbuf *mbuf,
-		int dir, uint32_t data_len, struct dpi_engine_flow **dpi_flow)
+		int dir, uint32_t data_len __unused,
+		struct dpi_engine_flow **dpi_flow)
 {
 	struct ndpi_flow *flow = zmalloc_aligned(sizeof(struct ndpi_flow));
 	if (!flow)
@@ -315,8 +316,7 @@ dpi_ndpi_session_first_packet(struct npf_session *se __unused,
 	if (!flow->dest_id)
 		goto dest_id_error;
 
-	if (data_len != 0 && !dpi_ndpi_process_pkt(
-				(struct dpi_engine_flow *)flow, mbuf, dir))
+	if (!dpi_ndpi_process_pkt((struct dpi_engine_flow *)flow, mbuf, dir))
 		return -EINVAL;
 
 	*dpi_flow = (struct dpi_engine_flow *)flow;