diff options
| author | Luca <deri@ntop.org> | 2024-05-22 18:04:33 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2024-05-22 18:04:33 +0200 |
| commit | 44a290286b298a461b3a88a0bfdc4e0361a247f3 (patch) | |
| tree | 8fb52896c1c62153b5953f20e86cde65ae6b0187 /src/include | |
| parent | 74d3843ebe0d181072acc6700e6c41595ce75f0d (diff) | |
More NDPI_PROBING_ATTEMPT changes
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 98897d462..ffc98ecd1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -163,11 +163,12 @@ typedef enum { NDPI_HTTP_OBSOLETE_SERVER, NDPI_PERIODIC_FLOW, /* Set in case a flow repeats at a specific pace [used by apps on top of nDPI] */ NDPI_MINOR_ISSUES, /* Generic packet issues (e.g. DNS with 0 TTL) */ - NDPI_TCP_ISSUES, /* 50 */ /* TCP issues such as connection failed, probing or scan */ + NDPI_TCP_ISSUES, /* 50 */ /* TCP issues such as connection failed or scan */ NDPI_FULLY_ENCRYPTED, /* This (unknown) session is fully encrypted */ NDPI_TLS_ALPN_SNI_MISMATCH, /* Invalid ALPN/SNI combination */ NDPI_MALWARE_HOST_CONTACTED, /* Flow client contacted a malware host */ NDPI_BINARY_DATA_TRANSFER, /* Attempt to transfer something in binary format */ + NDPI_PROBING_ATTEMPT, /* Probing attempt (e.g. TCP connection with no data exchanged or unidirection traffic for bidirectional flows such as SSH) */ /* Leave this as last member */ NDPI_MAX_RISK /* must be <= 63 due to (**) */ @@ -1451,6 +1452,7 @@ struct ndpi_flow_struct { /* Only packets with L5 data (ie no TCP SYN, pure ACKs, ...) */ u_int16_t packet_counter; // can be 0 - 65000 u_int16_t packet_direction_counter[2]; + u_int8_t packet_direction_with_payload_observed[2]; /* 0 = no packet with payload observed, 1 = at least one packet with payload observed */ /* All packets even those without payload */ u_int16_t all_packets_counter; |