Have a clear distinction between public and private/internal API

fuzz/Makefile.am

@@ -65,7 +65,7 @@ fuzz_ndpi_reader_payload_analyzer_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTO
     $(fuzz_ndpi_reader_payload_analyzer_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_quic_get_crypto_data_SOURCES = fuzz_quic_get_crypto_data.c fuzz_common_code.c
-fuzz_quic_get_crypto_data_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_quic_get_crypto_data_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_quic_get_crypto_data_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_quic_get_crypto_data_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -387,7 +387,7 @@ fuzz_binaryfusefilter_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_binaryfusefilter_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_tls_certificate_SOURCES = fuzz_tls_certificate.c fuzz_common_code.c
-fuzz_tls_certificate_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_tls_certificate_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_tls_certificate_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_tls_certificate_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS

fuzz/fuzz_quic_get_crypto_data.c

@@ -1,4 +1,5 @@
 #include "ndpi_api.h"
+#include "ndpi_private.h"
 #include "fuzz_common_code.h"
 
 #include <stdint.h>
@@ -7,20 +8,6 @@
 struct ndpi_detection_module_struct *ndpi_info_mod = NULL;
 struct ndpi_flow_struct *flow = NULL;
 
-extern const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
-				      struct ndpi_flow_struct *flow,
-				      u_int8_t *clear_payload, uint32_t clear_payload_len,
-				      uint64_t *crypto_data_len);
-extern void process_tls(struct ndpi_detection_module_struct *ndpi_struct,
-			struct ndpi_flow_struct *flow,
-			const u_int8_t *crypto_data, uint32_t crypto_data_len,
-			uint32_t version);
-extern void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
-			 struct ndpi_flow_struct *flow,
-			 const u_int8_t *crypto_data, uint32_t crypto_data_len);
-extern int is_version_with_tls(uint32_t version);
-
-
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   const u_int8_t *crypto_data;
   uint64_t crypto_data_len;
@@ -56,7 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     if(!is_version_with_tls(version)) {
       process_chlo(ndpi_info_mod, flow, crypto_data, crypto_data_len);
     } else {
-      process_tls(ndpi_info_mod, flow, crypto_data, crypto_data_len, version);
+      process_tls(ndpi_info_mod, flow, crypto_data, crypto_data_len);
     }
   }
 

fuzz/fuzz_tls_certificate.c

@@ -1,14 +1,12 @@
 #define NDPI_LIB_COMPILATION
 
 #include "ndpi_api.h"
+#include "ndpi_private.h"
 #include "fuzz_common_code.h"
 
 #include <stdint.h>
 #include <stdio.h>
 
-extern void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct,
-				       struct ndpi_flow_struct *flow,
-				       u_int16_t p_offset, u_int16_t certificate_len);
 struct ndpi_tcphdr tcph;
 struct ndpi_iphdr iph;
 struct ndpi_ipv6hdr iphv6;

src/lib/Makefile.in

@@ -22,7 +22,7 @@ LDFLAGS    += @NDPI_LDFLAGS@
 LIBS       = @ADDITIONAL_LIBS@ @LIBS@ @GPROF_LIBS@
 
 OBJECTS   = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) $(patsubst third_party/src/hll/%.c, third_party/src/hll/%.o, $(wildcard third_party/src/hll/*.c)) $(patsubst ./%.c, ./%.o, $(wildcard ./*.c))
-HEADERS   = $(wildcard ../include/*.h) $(wildcard ../include/*.h)
+HEADERS   = $(wildcard ../include/*.h) $(wildcard *.h)
 NDPI_VERSION_MAJOR   = @NDPI_MAJOR@
 NDPI_LIB_STATIC      = libndpi.a
 NDPI_LIB_SHARED_BASE = libndpi.so

src/lib/ndpi_main.c

@@ -33,6 +33,7 @@
 
 #include "ndpi_config.h"
 #include "ndpi_api.h"
+#include "ndpi_private.h"
 #include "ahocorasick.h"
 #include "libcache.h"
 
@@ -208,17 +209,6 @@ _Static_assert(sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info) == NDPI_MAX_RIS
 
 /* ****************************************** */
 
-extern void ndpi_unset_risk(struct ndpi_detection_module_struct *ndpi_str,
-			    struct ndpi_flow_struct *flow, ndpi_risk_enum r);
-extern u_int32_t make_mining_key(struct ndpi_flow_struct *flow);
-extern u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset);
-extern u_int32_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow);
-extern int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-extern void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
-                               struct ndpi_flow_struct *flow);
-extern int ookla_search_into_cache(struct ndpi_detection_module_struct *ndpi_struct,
-                                   struct ndpi_flow_struct *flow);
-
 /* Forward */
 static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
 			  ndpi_port_range *range, ndpi_proto_defaults_t *def,

src/lib/ndpi_private.h

@@ -0,0 +1,65 @@
+#ifndef __NDPI_PRIVATE_H__
+#define __NDPI_PRIVATE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Generic */
+
+char *strptime(const char *s, const char *format, struct tm *tm);
+
+
+/* TLS */
+int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
+                             struct ndpi_flow_struct *flow, uint32_t quic_version);
+void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct,
+                                struct ndpi_flow_struct *flow,
+                                u_int16_t p_offset, u_int16_t certificate_len);
+
+/* HTTP */
+void http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
+                             struct ndpi_flow_struct *flow,
+                             const u_int8_t *ua_ptr, u_int16_t ua_ptr_len);
+
+/* OOKLA */
+int ookla_search_into_cache(struct ndpi_detection_module_struct* ndpi_struct,
+                            struct ndpi_flow_struct* flow);
+void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
+                        struct ndpi_flow_struct *flow);
+
+/* QUIC */
+int quic_len(const uint8_t *buf, uint64_t *value);
+int quic_len_buffer_still_required(uint8_t value);
+int is_version_with_var_int_transport_params(uint32_t version);
+int is_version_with_tls(uint32_t version);
+void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
+                  struct ndpi_flow_struct *flow,
+                  const u_int8_t *crypto_data, uint32_t crypto_data_len);
+void process_tls(struct ndpi_detection_module_struct *ndpi_struct,
+                 struct ndpi_flow_struct *flow,
+                 const u_int8_t *crypto_data, uint32_t crypto_data_len);
+const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
+                               struct ndpi_flow_struct *flow,
+                               u_int8_t *clear_payload, uint32_t clear_payload_len,
+                               uint64_t *crypto_data_len);
+
+/* RTP */
+int is_valid_rtp_payload_type(uint8_t type);
+
+/* Bittorrent */
+u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset);
+u_int32_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow);
+
+/* Mining */
+u_int32_t make_mining_key(struct ndpi_flow_struct *flow);
+
+/* Stun */
+int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

src/lib/protocols/http.c

@@ -28,6 +28,7 @@
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP
 
 #include "ndpi_api.h"
+#include "ndpi_private.h"
 
 static const char* binary_file_mimes_e[] = { "exe", NULL };
 static const char* binary_file_mimes_j[] = { "java-vm", NULL };
@@ -46,9 +47,6 @@ static const char* binary_file_ext[] = {
 					NULL
 };
 
-extern void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
-                               struct ndpi_flow_struct *flow);
-
 static void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 				 struct ndpi_flow_struct *flow);
 static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_struct,

src/lib/protocols/quic.c

@@ -25,6 +25,8 @@
 #include "ndpi_protocol_ids.h"
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC
 #include "ndpi_api.h"
+#include "ndpi_private.h"
+
 
 #ifdef USE_HOST_LIBGCRYPT
 #include <gcrypt.h>
@@ -43,13 +45,6 @@
    * https://www.rfc-editor.org/rfc/rfc9369.txt [v2]
    */
 
-extern int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
-                                    struct ndpi_flow_struct *flow, uint32_t quic_version);
-extern int http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
-                                   struct ndpi_flow_struct *flow,
-                                   const u_int8_t *ua_ptr, u_int16_t ua_ptr_len);
-extern int is_valid_rtp_payload_type(uint8_t type);
-
 /* Versions */
 #define V_2		0x6b3343cf
 #define V_1		0x00000001

src/lib/protocols/tls.c

@@ -26,21 +26,11 @@
 #include "ndpi_md5.h"
 #include "ndpi_sha1.h"
 #include "ndpi_encryption.h"
+#include "ndpi_private.h"
+
 
-extern char *strptime(const char *s, const char *format, struct tm *tm);
-extern int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
-				    struct ndpi_flow_struct *flow, uint32_t quic_version);
 static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_struct,
 				    struct ndpi_flow_struct *flow);
-extern int http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
-                                   struct ndpi_flow_struct *flow,
-                                   const u_int8_t *ua_ptr, u_int16_t ua_ptr_len);
-extern int ookla_search_into_cache(struct ndpi_detection_module_struct* ndpi_struct,
-                                   struct ndpi_flow_struct* flow);
-/* QUIC/GQUIC stuff */
-extern int quic_len(const uint8_t *buf, uint64_t *value);
-extern int quic_len_buffer_still_required(uint8_t value);
-extern int is_version_with_var_int_transport_params(uint32_t version);
 
 // #define DEBUG_TLS_MEMORY       1
 // #define DEBUG_TLS              1