diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-21 19:53:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-21 19:53:32 +0100 |
| commit | 82e8bf91ddb5bf38974d4372fb0ec4849b964ec8 (patch) | |
| tree | 8ae35cfb52d31a1d1d4acfb496f7807a68d8bb64 /src/lib/ndpi_main.c | |
| parent | 5620e10742986fd25d6fb0be1ac16502d8d10055 (diff) | |
Improve handling of custom rules (#2276)
Avoid collisions between user-ids and internal-ids protocols in the
`example/protos.txt` file.
Add a new value for the classification confidence:
`NDPI_CONFIDENCE_CUSTOM_RULE`
With `./example/ndpiReader -p example/protos.txt -H` we now see also the
custom protocols and their internal/external ids:
```
nDPI supported protocols:
Id Userd-id Protocol Layer_4 Nw_Proto Breed Category
0 0 Unknown TCP X Unrated Unspecified
...
387 387 Mumble UDP X Fun VoIP
388 388 iSCSI TCP Acceptable Unspecified
389 389 Kibana TCP Acceptable Unspecified
390 390 TestProto TCP Acceptable Unspecified
391 391 HomeRouter TCP Acceptable Unspecified
392 392 CustomProtocol TCP Acceptable Unspecified
393 393 AmazonPrime TCP Acceptable Unspecified
394 394 CustomProtocolA TCP Acceptable Unspecified
395 395 CustomProtocolB TCP Acceptable Unspecified
396 800 CustomProtocolC TCP Acceptable Unspecified
397 1024 CustomProtocolD TCP Acceptable Unspecified
398 2048 CustomProtocolE TCP Acceptable Unspecified
399 2049 CustomProtocolF TCP Acceptable Unspecified
400 2050 CustomProtocolG TCP Acceptable Unspecified
401 65535 CustomProtocolH TCP Acceptable Unspecified
```
We likely need to take a better look in general at the iteration between
internal and external protocols ids...
This PR fixes the issue observed in
https://github.com/ntop/nDPI/pull/2274#discussion_r1460674874 and in
https://github.com/ntop/nDPI/pull/2275.
Diffstat (limited to 'src/lib/ndpi_main.c')
| -rw-r--r-- | src/lib/ndpi_main.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ef7da397c..ecbc6cd18 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7939,7 +7939,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n /* This is a custom protocol and it has priority over everything else */ ret->master_protocol = NDPI_PROTOCOL_UNKNOWN, ret->app_protocol = flow->guessed_protocol_id; - flow->confidence = NDPI_CONFIDENCE_MATCH_BY_PORT; /* TODO */ + flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE; ndpi_fill_protocol_category(ndpi_str, flow, ret); return(-1); } @@ -7951,6 +7951,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n *ret = ndpi_detection_giveup(ndpi_str, flow, &protocol_was_guessed); } + flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE; ndpi_fill_protocol_category(ndpi_str, flow, ret); return(-1); } @@ -7964,6 +7965,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n flow->num_dissector_calls += ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); + flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE; ndpi_fill_protocol_category(ndpi_str, flow, ret); return(-1); } @@ -8288,8 +8290,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct packetlen, current_time_ms, input_info); - p.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.master_protocol), - p.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.app_protocol); + p.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.master_protocol); + p.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.app_protocol); + p.protocol_by_ip = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.protocol_by_ip); return(p); } @@ -9173,6 +9176,9 @@ const char *ndpi_confidence_get_name(ndpi_confidence_t confidence) case NDPI_CONFIDENCE_DPI_AGGRESSIVE: return "DPI (aggressive)"; + case NDPI_CONFIDENCE_CUSTOM_RULE: + return "Match by custom rule"; + default: return NULL; } @@ -9353,8 +9359,9 @@ void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str, FILE *du if(!ndpi_str || !dump_out) return; for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++) - fprintf(dump_out, "%3d %-22s %-10s %-8s %-12s %s\n", - i, ndpi_str->proto_defaults[i].protoName, + fprintf(dump_out, "%3d %8d %-22s %-10s %-8s %-12s %s\n", + i, ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, i), + ndpi_str->proto_defaults[i].protoName, ndpi_get_l4_proto_name(ndpi_get_l4_proto_info(ndpi_str, i)), ndpi_str->proto_defaults[i].isAppProtocol ? "" : "X", ndpi_get_proto_breed_name(ndpi_str, ndpi_str->proto_defaults[i].protoBreed), |