nfqws: remove bIsHttp

nfq/desync.c

@@ -186,6 +186,7 @@ static struct desync_profile *dp_find(
 {
 	struct desync_profile_list *dpl;
 	DLOG("desync profile search for hostname='%s' ipv6=%u tcp_port=%u udp_port=%u\n", hostname ? hostname : "", ipv6, tcp_port, udp_port);
+	if (bCheckDone) *bCheckDone = false;
 	LIST_FOREACH(dpl, head, next)
 	{
 		if (dp_match(&dpl->dp,ipv6,tcp_port,udp_port,hostname,bCheckDone,bCheckResult,bExcluded))
@@ -804,7 +805,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 		size_t fake_size;
 		char host[256];
 		bool bHaveHost=false;
-		bool bIsHttp;
 		uint8_t *p, *phost;
 		const uint8_t *rdata_payload = data_payload;
 		size_t rlen_payload = len_payload;
@@ -823,7 +823,7 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 
 		process_retrans_fail(ctrack, IPPROTO_TCP);
 
-		if ((bIsHttp = IsHttp(rdata_payload,rlen_payload)))
+		if (IsHttp(rdata_payload,rlen_payload))
 		{
 			DLOG("packet contains HTTP request\n");
 			l7proto = HTTP;
@@ -920,9 +920,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 			}
 		}
 
-		reasm_orig_cancel(ctrack);
-		rdata_payload=NULL;
-
 		if (ctrack && ctrack->req_seq_finalized)
 		{
 			uint32_t dseq = ctrack->seq_last - ctrack->req_seq_end;
@@ -942,13 +939,18 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 					if (!ctrack_replay->hostname)
 					{
 						DLOG_ERR("hostname dup : out of memory");
+						reasm_orig_cancel(ctrack);
 						return verdict;
 					}
 					DLOG("we have hostname now. searching desync profile again.\n");
 					struct desync_profile *dp_prev = dp;
 					dp = ctrack_replay->dp = dp_find(&params.desync_profiles, !!ip6hdr, ntohs(bReverse ? tcphdr->th_sport : tcphdr->th_dport), 0, ctrack_replay->hostname, &ctrack_replay->bCheckDone, &ctrack_replay->bCheckResult, &ctrack_replay->bCheckExcluded);
 					ctrack_replay->dp_search_complete = true;
-					if (!dp) return verdict;
+					if (!dp)
+					{
+						reasm_orig_cancel(ctrack);
+						return verdict;
+					}
 					if (dp!=dp_prev)
 					{
 						DLOG("desync profile changed by revealed hostname !\n");
@@ -956,7 +958,11 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 						if (!replay)
 						{
 							maybe_cutoff(ctrack, IPPROTO_TCP);
-							if (!process_desync_interval(dp, ctrack)) return verdict;
+							if (!process_desync_interval(dp, ctrack))
+							{
+								reasm_orig_cancel(ctrack);
+								return verdict;
+							}
 						}
 					}
 				}
@@ -979,17 +985,12 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 							ctrack_stop_retrans_counter(ctrack_replay);
 					}
 					DLOG("not applying tampering to this request\n");
+					reasm_orig_cancel(ctrack);
 					return verdict;
 				}
 			}
 		}
 
-		if (l7proto==UNKNOWN)
-		{
-			if (!dp->desync_any_proto) return verdict;
-			DLOG("applying tampering to unknown protocol\n");
-		}
-
 		// desync profile may have changed after hostname was revealed
 		switch(l7proto)
 		{
@@ -1009,10 +1010,20 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 				split_pos=dp->desync_split_pos;
 				break;
 		}
+
+		// we do not need reasm buffer anymore
+		reasm_orig_cancel(ctrack);
+		rdata_payload=NULL;
+
+		if (l7proto==UNKNOWN)
+		{
+			if (!dp->desync_any_proto) return verdict;
+			DLOG("applying tampering to unknown protocol\n");
+		}
+
 		ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
 
-
+		if ((l7proto == HTTP) && (dp->hostcase || dp->hostnospace || dp->domcase) && (phost = (uint8_t*)memmem(data_payload, len_payload, "\r\nHost: ", 8)))
-		if (bIsHttp && (dp->hostcase || dp->hostnospace || dp->domcase) && (phost = (uint8_t*)memmem(data_payload, len_payload, "\r\nHost: ", 8)))
 		{
 			if (dp->hostcase)
 			{