Implementation of flow risk eception (work in progress)

2 files changed, 17 insertions, 2 deletions

diff --git a/example/protos.txt b/example/protos.txt
index d82860631..de3a8f1de 100644
--- a/example/protos.txt
+++ b/example/protos.txt
@@ -39,3 +39,15 @@ ip:213.75.170.11/32:443@CustomProtocol
 ip:8.248.73.247:443@AmazonPrime
 ip:54.80.47.130@AmazonPrime
 
+#
+# Risk Exceptions
+#
+# ip_risk_mask:   used to mask flow risks for IP addresses
+# host_risk_mask: used to mask exceptions for domain names and hosts
+#
+# Syntax: <name>=<64 bit mask to be put in AND with the risk
+#
+# For IPs, the flow risk is put in AND (source IP mask OR destination IP mask)
+# For Flows with a hostname (e.g. TLS) the risk is also put in AND with the host_risk_mask
+ip_risk_mask:192.168.1.6=0
+host_risk_mask:"api-global.netflix.com"=0
diff --git a/example/reader_util.c b/example/reader_util.c
index 89a3fcfff..e53cb3f3b 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1297,6 +1297,7 @@ void update_tcp_flags_count(struct ndpi_flow_info* flow, struct ndpi_tcphdr* tcp
 }
 
 /* ****************************************************** */
+
 /**
    Function to process the packet:
    determine the flow of a packet and try to decode it
@@ -1567,11 +1568,13 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
 #endif
   
   *flow_risk = flow->risk;
+  
   return(flow->detected_protocol);
 }
 
-int ndpi_is_datalink_supported(int datalink_type)
-{
+/* ****************************************************** */
+
+int ndpi_is_datalink_supported(int datalink_type) {
   /* Keep in sync with the similar switch in ndpi_workflow_process_packet */
   switch(datalink_type) {
   case DLT_NULL: