Improved Kafka dissector.

[utoni]

• detect more Kafka request packet's
• requires less flow memory
• same detection behavior as before e.g. no asym detection implemented (can be done by dissecting responses, requires more effort)

Please sign (check) the below before submitting the Pull Request:

• [x] I have signed the ntop Contributor License Agreement at https://github.com/ntop/legal/blob/main/individual-contributor-licence-agreement.md
• [x] I have read the contributing guide lines at https://github.com/ntop/nDPI/blob/dev/CONTRIBUTING.md
• [x] I have updated the documentation (in doc/) to reflect the changes made (if applicable)

Describe changes:

Some Kafka packets were not detected on my side. The behavior is pretty much the same, but no additional flow memory needed anymore. Asymmetric detection is not implemented and was not before (dissector was relying on a previously seen request packet), but can be done in the future (see kafka.pcap asym responses captured).

[utoni]

Note: I removed current_pkt_from_client_to_server(), because it does not work reliable on my side (I do not provide struct ndpi_flow_input_info to ndpi_detection_process_packet()).

[IvanNardi]

Is it possible to merge the two kafka traces?

[utoni]

libpcap does not like having different interface types in one pcap file. Do you know how I can change that? :smile:

[0xA50C1A1]

libpcap does not like having different interface types in one pcap file. Do you know how I can change that? 😄

I only know one way, but it's pretty crude and dumb..... recreate the session with scappy.

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud