Improved ntop detection over HTTP

Added cap on number of attempts for CiscoVPN
author: Luca Deri <deri@ntop.org> 2020-08-30 19:42:09 +0200
committer: Luca Deri <deri@ntop.org> 2020-08-30 19:42:09 +0200
commit: 647c7d59bbf98e0feff5253a9c8bb8b6d84d3758 (patch)
tree: 8c88ab968e8e9c95306a4c092ee17bab919138e9 /src/lib/protocols/http.c
parent: f597086386e15265ce8fe13100f606b022f5e352 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 4ae455ee1..0e3e0d413 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -197,7 +197,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd
   if((flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) || (http_protocol != NDPI_PROTOCOL_HTTP))
     flow->guessed_host_protocol_id = http_protocol;
 
-  ndpi_int_reset_protocol(flow);
+  // ndpi_int_reset_protocol(flow);
   ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_HTTP);
 
   /* This is necessary to inform the core to call this dissector again */
@@ -339,6 +339,11 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
       flow->http.method = ndpi_http_str2method((const char*)flow->packet.http_method.ptr, flow->packet.http_method.len);
     }
 
+  if(packet->server_line.ptr != NULL && (packet->server_line.len > 7)) {
+    if(strncmp((const char *)packet->server_line.ptr, "ntopng ", 7) == 0)
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_HTTP);
+  }
+  
   if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) {
     /**
        Format examples:
author	Luca Deri <deri@ntop.org>	2020-08-30 19:42:09 +0200
committer	Luca Deri <deri@ntop.org>	2020-08-30 19:42:09 +0200
commit	647c7d59bbf98e0feff5253a9c8bb8b6d84d3758 (patch)
tree	8c88ab968e8e9c95306a4c092ee17bab919138e9 /src/lib/protocols/http.c
parent	f597086386e15265ce8fe13100f606b022f5e352 (diff)