diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-01-30 19:15:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-30 19:15:42 +0100 |
| commit | f4554218708e390299e0804c4d5d5fda70809b99 (patch) | |
| tree | 38260d4cb3673b70e5772eccf1421cd9a8069359 /src/lib | |
| parent | 513e386959e0d52c4b37cb704f6b0b7a128cc0e4 (diff) | |
Improve protocol stacks (#1425)
We should have two protocols in classification results only when the
"master" protocol allows some sub-protocols.
Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are
fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`,
`DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading.
For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure`
statistics; that seems to be wrong or, at least, very misleading.
This is quite important since we have lots of addresses from CDN
operators.
The only drawback of this solution is that right now ICMP traffic is
classified simply as `ICMP`; if we are really interested in ICMP stuff
we can restore the old behaviour later.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 34cd6daeb..628fa33e3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5746,12 +5746,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret = ndpi_detection_giveup(ndpi_str, flow, 0, &protocol_was_guessed); } - if((ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) && - (flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ret.master_protocol = ret.app_protocol; - ret.app_protocol = flow->guessed_host_protocol_id; - } - if((!flow->risk_checked) && ((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)) ) { |