Invalid code in ndpi_util.c

[Ravi-t]

In function named "packet_processing" line number 546, it will result in a crash

if(flow != NULL) {
workflow->stats.ip_packet_count++;
workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */,
workflow->stats.total_ip_bytes += rawsize;
ndpi_flow = flow->ndpi_flow;
flow->packets++, flow->bytes += rawsize;
flow->last_seen = time;
} else {
return(flow->detected_protocol); // This line will result in a crash as flow is NULL
}

[Ravi-t]

The function get_ndpi_flow_info always returns NULL value for fragmented packets because of following code at line 222 in ndpi_util.c

if((iph->ihl * 4) > ipsize || ipsize < ntohs(iph->tot_len)
|| (iph->frag_off & htons(0x1FFF)) != 0)
return NULL;

[kYroL01]

@Ravi-t I think you're right but i can fix later.
Please be patient, but thank you so much for this reporting.

[Ravi-t]

I think either ndpiReader should support fragments else in function "packet_processing" we should declare a new variable called nproto as
struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN };
and on line 546 return nproto instead of flow->detected_protocol to avoid the crash
so that it looks as

if(flow != NULL) {
workflow->stats.ip_packet_count++;
workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */,
workflow->stats.total_ip_bytes += rawsize;
ndpi_flow = flow->ndpi_flow;
flow->packets++, flow->bytes += rawsize;
flow->last_seen = time;
} else {
//return(flow->detected_protocol);
return nproto;
}

[kYroL01]

You can also send a pull request if you prefer.
I'm watching later. Thanks