Fix classification when non tcp/udp protocols are disabled (#2824)

author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2025-05-19 11:04:29 +0200
committer: GitHub <noreply@github.com> 2025-05-19 11:04:29 +0200
commit: df7a18e6b32ac5f32611c2bd3c40f62d7344129c (patch)
tree: 79cc5f55277d285108b18ab445ea85fc151c44fe
parent: 38be52583a25cd4bf6e16e8a38e597abcaf11183 (diff)
10 files changed, 136 insertions, 15 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index fedf8b45d..d9b353b5c 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4584,32 +4584,58 @@ static u_int16_t guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str
   } else {
     /* No TCP/UDP */
 
+    /* All these calls to `is_proto_enabled()` are needed to avoid classification by-port
+       if the protocol is disabled */
     switch(proto) {
     case NDPI_IPSEC_PROTOCOL_ESP:
     case NDPI_IPSEC_PROTOCOL_AH:
-      return(NDPI_PROTOCOL_IPSEC);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IPSEC))
+        return(NDPI_PROTOCOL_IPSEC);
+      break;
     case NDPI_GRE_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_GRE);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IPSEC))
+        return(NDPI_PROTOCOL_IP_GRE);
+      break;
     case NDPI_PGM_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_PGM);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_PGM))
+        return(NDPI_PROTOCOL_IP_PGM);
+      break;
     case NDPI_PIM_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_PIM);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_PIM))
+        return(NDPI_PROTOCOL_IP_PIM);
+      break;
     case NDPI_ICMP_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_ICMP);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_ICMP))
+        return(NDPI_PROTOCOL_IP_ICMP);
+      break;
     case NDPI_IGMP_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_IGMP);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_IGMP))
+        return(NDPI_PROTOCOL_IP_IGMP);
+      break;
     case NDPI_EGP_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_EGP);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_EGP))
+        return(NDPI_PROTOCOL_IP_EGP);
+      break;
     case NDPI_SCTP_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_SCTP);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_SCTP))
+        return(NDPI_PROTOCOL_IP_SCTP);
+      break;
     case NDPI_OSPF_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_OSPF);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_OSPF))
+        return(NDPI_PROTOCOL_IP_OSPF);
+      break;
     case NDPI_IPIP_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_IP_IN_IP);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_IP_IN_IP))
+        return(NDPI_PROTOCOL_IP_IP_IN_IP);
+      break;
     case NDPI_ICMPV6_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_ICMPV6);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_ICMPV6))
+        return(NDPI_PROTOCOL_IP_ICMPV6);
+      break;
     case NDPI_VRRP_PROTOCOL_TYPE:
-      return(NDPI_PROTOCOL_IP_VRRP);
+      if(is_proto_enabled(ndpi_str, NDPI_PROTOCOL_IP_VRRP))
+        return(NDPI_PROTOCOL_IP_VRRP);
+      break;
     }
   }
 
diff --git a/tests/cfgs/disable_protocols/config.txt b/tests/cfgs/disable_protocols/config.txt
index a5fb695b9..d330d2657 100644
--- a/tests/cfgs/disable_protocols/config.txt
+++ b/tests/cfgs/disable_protocols/config.txt
@@ -1 +1 @@
--B soap,dns,pluralsight,quic
+-B soap,dns,pluralsight,quic,ipsec,ospf
diff --git a/tests/cfgs/disable_protocols/pcap/esp.pcapng b/tests/cfgs/disable_protocols/pcap/esp.pcapng
new file mode 120000
index 000000000..2a45e7736
--- /dev/null
+++ b/tests/cfgs/disable_protocols/pcap/esp.pcapng
@@ -0,0 +1 @@
+../../default/pcap/esp.pcapng
+\ No newline at end of file
diff --git a/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap b/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap
new file mode 120000
index 000000000..68845591a
--- /dev/null
+++ b/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap
@@ -0,0 +1 @@
+../../default/pcap/ospfv2_add_new_prefix.pcap
+\ No newline at end of file
diff --git a/tests/cfgs/disable_protocols/pcap/sctp.cap b/tests/cfgs/disable_protocols/pcap/sctp.cap
new file mode 120000
index 000000000..7015152e3
--- /dev/null
+++ b/tests/cfgs/disable_protocols/pcap/sctp.cap
@@ -0,0 +1 @@
+../../default/pcap/sctp.cap
+\ No newline at end of file
diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out
index af99debbe..3c6d02af1 100644
--- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out
+++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 155 (155.00 diss/flow)
+Num dissector calls: 154 (154.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
diff --git a/tests/cfgs/disable_protocols/result/esp.pcapng.out b/tests/cfgs/disable_protocols/result/esp.pcapng.out
new file mode 100644
index 000000000..108bdfcc9
--- /dev/null
+++ b/tests/cfgs/disable_protocols/result/esp.pcapng.out
@@ -0,0 +1,32 @@
+DPI Packets (UDP):	4	(4.00 pkts/flow)
+DPI Packets (other):	1	(1.00 pkts/flow)
+Confidence Unknown          : 2 (flows)
+Num dissector calls: 168 (84.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/6/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/2/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/2/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Unknown	6	1856	2
+
+Unrated                          6 1856          2            
+
+
+
+Undetected flows:
+	1	UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/786 bytes <-> 2 pkts/738 bytes][Goodput ratio: 89/88][0.02 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.387 (Executable?)][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	ESP 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 6.639 (Executable?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out b/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out
new file mode 100644
index 000000000..8348a04ed
--- /dev/null
+++ b/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out
@@ -0,0 +1,30 @@
+DPI Packets (other):	1	(1.00 pkts/flow)
+Confidence Unknown          : 1 (flows)
+Num dissector calls: 0 (0.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/1/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Unknown	2	200	1
+
+Unrated                          2 200           1            
+
+
+
+Undetected flows:
+	1	OSPF 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out
index 19d5e0b33..0c6090bdc 100644
--- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out
+++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	7	(7.00 pkts/flow)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 176 (176.00 diss/flow)
+Num dissector calls: 175 (175.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
diff --git a/tests/cfgs/disable_protocols/result/sctp.cap.out b/tests/cfgs/disable_protocols/result/sctp.cap.out
new file mode 100644
index 000000000..36c97518a
--- /dev/null
+++ b/tests/cfgs/disable_protocols/result/sctp.cap.out
@@ -0,0 +1,30 @@
+Guessed flow protos:	2
+
+DPI Packets (other):	2	(1.00 pkts/flow)
+Confidence Match by port    : 2 (flows)
+Num dissector calls: 0 (0.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/6/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/2/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/2/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SCTP	4	340	2
+
+Acceptable                       4 340           2            
+
+	1	SCTP 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.478 (Executable?)][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	SCTP 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2025-05-19 11:04:29 +0200
committer	GitHub <noreply@github.com>	2025-05-19 11:04:29 +0200
commit	df7a18e6b32ac5f32611c2bd3c40f62d7344129c (patch)
tree	79cc5f55277d285108b18ab445ea85fc151c44fe
parent	38be52583a25cd4bf6e16e8a38e597abcaf11183 (diff)