diff options
| author | Luca Deri <deri@ntop.org> | 2024-08-24 16:30:58 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-08-24 16:30:58 +0200 |
| commit | 53a6bae365618f9b301cf51e5f3f9d5450b0e280 (patch) | |
| tree | 922e0791f71403d03d90fa2958e102fa2a727bfd /src/lib | |
| parent | 8894ebc76f4e3d928dd3c2e32a0470149ce90550 (diff) | |
Introduced ndpi_master_app_protocol typedef
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 207 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 30 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 26 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 6 |
6 files changed, 140 insertions, 135 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b496888cb..ae1d546e4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -281,6 +281,7 @@ char *ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_str, u_int /* *********************************************************************************** */ +/* NOTE: name can be HTTP or YouTube but not TLS.YouTube */ u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_str, const char *name) { u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_str); char *p; @@ -7491,7 +7492,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s flow->risk_shadow = flow->risk; } - switch(ret->app_protocol) { + switch(ret->proto.app_protocol) { case NDPI_PROTOCOL_MICROSOFT_AZURE: ndpi_reconcile_msteams_udp(ndpi_str, flow, flow->detected_protocol_stack[1]); break; @@ -7537,7 +7538,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s it switches to TLS.TCP. Let's try to catch it */ if((flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_MICROSOFT_AZURE) - && (ret->master_protocol == NDPI_PROTOCOL_UNKNOWN) + && (ret->proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) && ndpi_str->msteams_cache ) { u_int16_t dummy; @@ -7565,7 +7566,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s if(ndpi_lru_find_cache(ndpi_str->msteams_cache, make_msteams_key(flow, 1 /* client */), &dummy, 0 /* Don't remove it as it can be used for other connections */, ndpi_get_current_time(flow))) { - ret->app_protocol = NDPI_PROTOCOL_MSTEAMS; + ret->proto.app_protocol = NDPI_PROTOCOL_MSTEAMS; /* Refresh cache */ ndpi_lru_add_to_cache(ndpi_str->msteams_cache, @@ -7617,7 +7618,8 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s break; } /* switch */ - ret->master_protocol = flow->detected_protocol_stack[1], ret->app_protocol = flow->detected_protocol_stack[0]; + ret->proto.master_protocol = flow->detected_protocol_stack[1], + ret->proto.app_protocol = flow->detected_protocol_stack[0]; for(i=0; i<2; i++) { switch(ndpi_get_proto_breed(ndpi_str, flow->detected_protocol_stack[i])) { @@ -7761,48 +7763,49 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st } /* Init defaults */ - ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.master_protocol = flow->detected_protocol_stack[1], + ret.proto.app_protocol = flow->detected_protocol_stack[0]; ret.protocol_by_ip = flow->guessed_protocol_id_by_ip; ret.category = flow->category; /* Ensure that we don't change our mind if detection is already complete */ - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) + if(ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) return(ret); /* Check some caches */ /* Does it looks like BitTorrent? */ - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && search_into_bittorrent_cache(ndpi_str, flow)) { ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE); - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.app_protocol = flow->detected_protocol_stack[0]; } /* Does it looks like some Mining protocols? */ - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && ndpi_str->mining_cache && ndpi_lru_find_cache(ndpi_str->mining_cache, mining_make_lru_cache_key(flow), &cached_proto, 0 /* Don't remove it as it can be used for other connections */, ndpi_get_current_time(flow))) { ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE); - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.app_protocol = flow->detected_protocol_stack[0]; } /* Does it looks like Ookla? */ - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && ntohs(flow->s_port) == 8080 && ookla_search_into_cache(ndpi_str, flow)) { ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE); - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.app_protocol = flow->detected_protocol_stack[0]; } /* TODO: not sure about the best "order" among fully encrypted logic, classification by-port and classification by-ip...*/ - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && flow->first_pkt_fully_encrypted == 1) { ndpi_set_risk(flow, NDPI_FULLY_ENCRYPTED, NULL); } /* Classification by-port */ if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_PORT) && - ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) { /* Ignore guessed protocol if they have been discarded */ if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN && @@ -7813,22 +7816,23 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { ndpi_set_detected_protocol(ndpi_str, flow, flow->guessed_protocol_id, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_MATCH_BY_PORT); - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.app_protocol = flow->detected_protocol_stack[0]; } } /* Classification by-ip, as last effort */ if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_IP) && - ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { ndpi_set_detected_protocol(ndpi_str, flow, - flow->guessed_protocol_id_by_ip, ret.master_protocol, + flow->guessed_protocol_id_by_ip, + ret.proto.master_protocol, NDPI_CONFIDENCE_MATCH_BY_IP); - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.app_protocol = flow->detected_protocol_stack[0]; } - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) { + if(ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) { *protocol_was_guessed = 1; ndpi_fill_protocol_category(ndpi_str, flow, &ret); } @@ -8169,7 +8173,8 @@ int ndpi_fill_ipv6_protocol_category(struct ndpi_detection_module_struct *ndpi_s void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { - if((ret->master_protocol == NDPI_PROTOCOL_UNKNOWN) && (ret->app_protocol == NDPI_PROTOCOL_UNKNOWN)) + if((ret->proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) + && (ret->proto.app_protocol == NDPI_PROTOCOL_UNKNOWN)) return; if(ndpi_str->custom_categories.categories_loaded) { @@ -8213,7 +8218,7 @@ static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) { /* ********************************************************************************* */ static int ndpi_is_ntop_protocol(ndpi_protocol *ret) { - if((ret->master_protocol == NDPI_PROTOCOL_HTTP) && (ret->app_protocol == NDPI_PROTOCOL_NTOP)) + if((ret->proto.master_protocol == NDPI_PROTOCOL_HTTP) && (ret->proto.app_protocol == NDPI_PROTOCOL_NTOP)) return(1); else return(0); @@ -8302,7 +8307,7 @@ static int ndpi_check_protocol_port_mismatch_exceptions(default_ports_tree_node_ if(ndpi_is_ntop_protocol(returned_proto)) return(1); - if(returned_proto->master_protocol == NDPI_PROTOCOL_TLS) { + if(returned_proto->proto.master_protocol == NDPI_PROTOCOL_TLS) { switch(expected_proto->proto->protoId) { case NDPI_PROTOCOL_MAIL_IMAPS: case NDPI_PROTOCOL_MAIL_POPS: @@ -8320,7 +8325,7 @@ static int ndpi_check_protocol_port_mismatch_exceptions(default_ports_tree_node_ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { struct ndpi_packet_struct *packet = &ndpi_str->packet; - ret->master_protocol = ret->app_protocol = NDPI_PROTOCOL_UNKNOWN, ret->category = 0; + ret->proto.master_protocol = ret->proto.app_protocol = NDPI_PROTOCOL_UNKNOWN, ret->category = 0; if(packet->iphv6 || packet->iph) { u_int8_t user_defined_proto; @@ -8345,8 +8350,8 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n if(flow->guessed_protocol_id >= NDPI_MAX_SUPPORTED_PROTOCOLS) { /* This is a custom protocol and it has priority over everything else */ - ret->master_protocol = NDPI_PROTOCOL_UNKNOWN, - ret->app_protocol = flow->guessed_protocol_id; + ret->proto.master_protocol = NDPI_PROTOCOL_UNKNOWN, + ret->proto.app_protocol = flow->guessed_protocol_id; flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE; ndpi_fill_protocol_category(ndpi_str, flow, ret); return(-1); @@ -8369,7 +8374,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet = {0}; /* This is a custom protocol and it has priority over everything else */ - ret->master_protocol = flow->guessed_protocol_id, ret->app_protocol = flow->guessed_protocol_id_by_ip; + ret->proto.master_protocol = flow->guessed_protocol_id, ret->proto.app_protocol = flow->guessed_protocol_id_by_ip; flow->num_dissector_calls += ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); @@ -8389,12 +8394,12 @@ static void fpc_update(struct ndpi_detection_module_struct *ndpi_str, ndpi_fpc_confidence_t fpc_confidence) { NDPI_LOG_DBG(ndpi_str, "FPC %d.%d/%s -> %d.%d/%s\n", - flow->fpc.master_protocol, flow->fpc.app_protocol, + flow->fpc.proto.master_protocol, flow->fpc.proto.app_protocol, ndpi_fpc_confidence_get_name(flow->fpc.confidence), fpc_master, fpc_app, ndpi_fpc_confidence_get_name(fpc_confidence)); - flow->fpc.master_protocol = fpc_master; - flow->fpc.app_protocol = fpc_app; + flow->fpc.proto.master_protocol = fpc_master; + flow->fpc.proto.app_protocol = fpc_app; flow->fpc.confidence = fpc_confidence; } @@ -8461,8 +8466,8 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]); - ret.master_protocol = flow->detected_protocol_stack[1], - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.master_protocol = flow->detected_protocol_stack[1], + ret.proto.app_protocol = flow->detected_protocol_stack[0]; ret.protocol_by_ip = flow->guessed_protocol_id_by_ip; ret.category = flow->category; @@ -8484,8 +8489,8 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio if(flow->extra_packets_func) { ndpi_process_extra_packet(ndpi_str, flow, packet_data, packetlen, current_time_ms, input_info); /* Update in case of new match */ - ret.master_protocol = flow->detected_protocol_stack[1], - ret.app_protocol = flow->detected_protocol_stack[0], + ret.proto.master_protocol = flow->detected_protocol_stack[1], + ret.proto.app_protocol = flow->detected_protocol_stack[0], ret.category = flow->category; return(ret); @@ -8531,7 +8536,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio for(i=0; (i<MAX_NBPF_CUSTOM_PROTO) && (ndpi_str->nbpf_custom_proto[i].tree != NULL); i++) { if(nbpf_match(ndpi_str->nbpf_custom_proto[i].tree, &t)) { /* match found */ - ret.master_protocol = ret.app_protocol = ndpi_str->nbpf_custom_proto[i].l7_protocol; + ret.proto.master_protocol = ret.proto.app_protocol = ndpi_str->nbpf_custom_proto[i].l7_protocol; ndpi_fill_protocol_category(ndpi_str, flow, &ret); ndpi_reconcile_protocols(ndpi_str, flow, &ret); flow->confidence = NDPI_CONFIDENCE_NBPF; @@ -8578,21 +8583,21 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio ret_protocols: if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { - ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.master_protocol = flow->detected_protocol_stack[1], ret.proto.app_protocol = flow->detected_protocol_stack[0]; - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + if(ret.proto.app_protocol == ret.proto.master_protocol) + ret.proto.master_protocol = NDPI_PROTOCOL_UNKNOWN; } else - ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.app_protocol = flow->detected_protocol_stack[0]; /* Don't overwrite the category if already set */ - if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) && (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)) + if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) && (ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)) ndpi_fill_protocol_category(ndpi_str, flow, &ret); else ret.category = flow->category; if((!flow->risk_checked) - && ((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)) + && ((ret.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)) ) { default_ports_tree_node_t *found; u_int16_t *default_ports; @@ -8601,21 +8606,21 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_UDP, ntohs(flow->c_port), ntohs(flow->s_port)), - default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].udp_default_ports; + default_ports = ndpi_str->proto_defaults[ret.proto.master_protocol ? ret.proto.master_protocol : ret.proto.app_protocol].udp_default_ports; else if(packet->tcp) found = ndpi_get_guessed_protocol_id(ndpi_str, IPPROTO_TCP, ntohs(flow->c_port), ntohs(flow->s_port)), - default_ports = ndpi_str->proto_defaults[ret.master_protocol ? ret.master_protocol : ret.app_protocol].tcp_default_ports; + default_ports = ndpi_str->proto_defaults[ret.proto.master_protocol ? ret.proto.master_protocol : ret.proto.app_protocol].tcp_default_ports; else found = NULL, default_ports = NULL; if(found && (found->proto->protoId != NDPI_PROTOCOL_UNKNOWN) - && (found->proto->protoId != ret.master_protocol) - && (found->proto->protoId != ret.app_protocol) + && (found->proto->protoId != ret.proto.master_protocol) + && (found->proto->protoId != ret.proto.app_protocol) ) { - // printf("******** %u / %u\n", found->proto->protoId, ret.master_protocol); + // printf("******** %u / %u\n", found->proto->protoId, ret.proto.master_protocol); if(!ndpi_check_protocol_port_mismatch_exceptions(found, &ret)) { /* @@ -8637,7 +8642,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio ntohs(flow->c_port), ntohs(flow->s_port)); if((r == NULL) - || ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol))) { + || ((r->proto->protoId != ret.proto.app_protocol) && (r->proto->protoId != ret.proto.master_protocol))) { if(default_ports[0] != 0) { char str[64]; u_int8_t i, offset; @@ -8673,9 +8678,9 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio if((num_loops == 0) && (!found)) { if(packet->udp) - default_ports = ndpi_str->proto_defaults[ret.app_protocol].udp_default_ports; + default_ports = ndpi_str->proto_defaults[ret.proto.app_protocol].udp_default_ports; else - default_ports = ndpi_str->proto_defaults[ret.app_protocol].tcp_default_ports; + default_ports = ndpi_str->proto_defaults[ret.proto.app_protocol].tcp_default_ports; num_loops = 1; goto check_default_ports; @@ -8686,8 +8691,8 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio ntohs(flow->c_port), ntohs(flow->s_port)); if((r == NULL) - || ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol))) { - if(ret.app_protocol != NDPI_PROTOCOL_FTP_DATA) + || ((r->proto->protoId != ret.proto.app_protocol) && (r->proto->protoId != ret.proto.master_protocol))) { + if(ret.proto.app_protocol != NDPI_PROTOCOL_FTP_DATA) ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,NULL); } } @@ -8734,12 +8739,12 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio /* ndpi_reconcile_protocols(ndpi_str, flow, &ret); */ if(ndpi_str->cfg.fully_encrypted_heuristic && - ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && /* Only for unknown traffic */ + ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && /* Only for unknown traffic */ flow->packet_counter == 1 && packet->payload_packet_len > 0) { flow->first_pkt_fully_encrypted = fully_enc_heuristic(ndpi_str, flow); } - if((ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) + if((ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) && (packet->payload_packet_len > 0) && (flow->packet_counter <= 5)) { ndpi_search_portable_executable(ndpi_str, flow); @@ -8752,9 +8757,9 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio flow->first_pkt_fully_encrypted == 0 && flow->packet_counter < 5 && /* The following protocols do their own entropy calculation/classification. */ - ret.app_protocol != NDPI_PROTOCOL_IP_ICMP) { + ret.proto.app_protocol != NDPI_PROTOCOL_IP_ICMP) { - if (ret.app_protocol != NDPI_PROTOCOL_HTTP) { + if (ret.proto.app_protocol != NDPI_PROTOCOL_HTTP) { flow->entropy = ndpi_entropy(packet->payload, packet->payload_packet_len); } @@ -8778,8 +8783,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct packetlen, current_time_ms, input_info); - p.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.master_protocol); - p.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.app_protocol); + p.proto.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.proto.master_protocol); + p.proto.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.proto.app_protocol); p.protocol_by_ip = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.protocol_by_ip); return(p); @@ -9172,7 +9177,7 @@ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_str, s ndpi_protocol ret; ndpi_int_change_protocol(flow, upper_detected_protocol, lower_detected_protocol, confidence); - ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + ret.proto.master_protocol = flow->detected_protocol_stack[1], ret.proto.app_protocol = flow->detected_protocol_stack[0]; ndpi_reconcile_protocols(ndpi_str, flow, &ret); } @@ -9208,8 +9213,8 @@ ndpi_protocol_category_t ndpi_get_flow_category(struct ndpi_flow_struct *flow) void ndpi_get_flow_ndpi_proto(struct ndpi_flow_struct *flow, struct ndpi_proto * ndpi_proto) { - ndpi_proto->master_protocol = ndpi_get_flow_masterprotocol(flow); - ndpi_proto->app_protocol = ndpi_get_flow_appprotocol(flow); + ndpi_proto->proto.master_protocol = ndpi_get_flow_masterprotocol(flow); + ndpi_proto->proto.app_protocol = ndpi_get_flow_appprotocol(flow); ndpi_proto->category = ndpi_get_flow_category(flow); } @@ -9304,19 +9309,19 @@ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t *str, /* ****************************************************** */ u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p) { - return(((proto.app_protocol == p) || (proto.master_protocol == p)) ? 1 : 0); + return(((proto.proto.app_protocol == p) || (proto.proto.master_protocol == p)) ? 1 : 0); } /* ****************************************************** */ u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { - return((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.master_protocol : proto.app_protocol); + return((proto.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.proto.master_protocol : proto.proto.app_protocol); } /* ****************************************************** */ u_int16_t ndpi_get_upper_proto(ndpi_protocol proto) { - return((proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.app_protocol : proto.master_protocol); + return((proto.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.proto.app_protocol : proto.proto.master_protocol); } /* ****************************************************** */ @@ -9336,28 +9341,28 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti if(flow && ((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP))) { if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { if(flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { - ret.master_protocol = flow->guessed_protocol_id; - ret.app_protocol = flow->guessed_protocol_id_by_ip; + ret.proto.master_protocol = flow->guessed_protocol_id; + ret.proto.app_protocol = flow->guessed_protocol_id_by_ip; } else { - ret.app_protocol = flow->guessed_protocol_id; + ret.proto.app_protocol = flow->guessed_protocol_id; } } else { - ret.app_protocol = flow->guessed_protocol_id_by_ip; + ret.proto.app_protocol = flow->guessed_protocol_id_by_ip; } - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && search_into_bittorrent_cache(ndpi_str, flow)) { /* This looks like BitTorrent */ - ret.app_protocol = NDPI_PROTOCOL_BITTORRENT; + ret.proto.app_protocol = NDPI_PROTOCOL_BITTORRENT; } } else { - ret.app_protocol = guess_protocol_id(ndpi_str, flow, proto, 0, 0, &user_defined_proto); + ret.proto.app_protocol = guess_protocol_id(ndpi_str, flow, proto, 0, 0, &user_defined_proto); } ret.category = ndpi_get_proto_category(ndpi_str, ret); #ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); + printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.proto.master_protocol, ret.proto.app_protocol); #endif return(ret); @@ -9385,17 +9390,17 @@ ndpi_protocol ndpi_guess_undetected_protocol_v4(struct ndpi_detection_module_str rc = NDPI_PROTOCOL_UNKNOWN; if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc, - ret.master_protocol = guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); + ret.proto.app_protocol = rc, + ret.proto.master_protocol = guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + if(ret.proto.app_protocol == ret.proto.master_protocol) + ret.proto.master_protocol = NDPI_PROTOCOL_UNKNOWN; } else { - ret.app_protocol = guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto), - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.proto.app_protocol = guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto), + ret.proto.master_protocol = NDPI_PROTOCOL_UNKNOWN; } - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) { + if(ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) { ret.category = ndpi_get_proto_category(ndpi_str, ret); return(ret); } @@ -9410,8 +9415,8 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct struct ndpi_flow_struct *flow, u_int8_t proto) { ndpi_protocol p = ndpi_internal_guess_undetected_protocol(ndpi_str, flow, proto); - p.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.master_protocol), - p.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.app_protocol); + p.proto.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.proto.master_protocol), + p.proto.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.proto.app_protocol); return(p); } @@ -9419,13 +9424,13 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct /* ****************************************************** */ char *ndpi_protocol2id(ndpi_protocol proto, char *buf, u_int buf_len) { - if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { - if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) - ndpi_snprintf(buf, buf_len, "%u.%u", proto.master_protocol, proto.app_protocol); + if((proto.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.proto.master_protocol != proto.proto.app_protocol)) { + if(proto.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + ndpi_snprintf(buf, buf_len, "%u.%u", proto.proto.master_protocol, proto.proto.app_protocol); else - ndpi_snprintf(buf, buf_len, "%u", proto.master_protocol); + ndpi_snprintf(buf, buf_len, "%u", proto.proto.master_protocol); } else - ndpi_snprintf(buf, buf_len, "%u", proto.app_protocol); + ndpi_snprintf(buf, buf_len, "%u", proto.proto.app_protocol); return(buf); } @@ -9434,14 +9439,14 @@ char *ndpi_protocol2id(ndpi_protocol proto, char *buf, u_int buf_len) { char *ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto, char *buf, u_int buf_len) { - if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { - if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) - ndpi_snprintf(buf, buf_len, "%s.%s", ndpi_get_proto_name(ndpi_str, proto.master_protocol), - ndpi_get_proto_name(ndpi_str, proto.app_protocol)); + if((proto.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.proto.master_protocol != proto.proto.app_protocol)) { + if(proto.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + ndpi_snprintf(buf, buf_len, "%s.%s", ndpi_get_proto_name(ndpi_str, proto.proto.master_protocol), + ndpi_get_proto_name(ndpi_str, proto.proto.app_protocol)); else - ndpi_snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_str, proto.master_protocol)); + ndpi_snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_str, proto.proto.master_protocol)); } else - ndpi_snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_str, proto.app_protocol)); + ndpi_snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_str, proto.proto.app_protocol)); return(buf); } @@ -9616,21 +9621,21 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st return(proto.category); #if 0 - proto.master_protocol = ndpi_map_user_proto_id_to_ndpi_id(ndpi_str, proto.master_protocol), - proto.app_protocol = ndpi_map_user_proto_id_to_ndpi_id(ndpi_str, proto.app_protocol); + proto.proto.master_protocol = ndpi_map_user_proto_id_to_ndpi_id(ndpi_str, proto.proto.master_protocol), + proto.proto.app_protocol = ndpi_map_user_proto_id_to_ndpi_id(ndpi_str, proto.proto.app_protocol); #endif /* Simple rule: sub protocol first, master after, with some exceptions (i.e. mail) */ - if(category_depends_on_master(proto.master_protocol)) { - if(ndpi_is_valid_protoId(proto.master_protocol)) - return(ndpi_str->proto_defaults[proto.master_protocol].protoCategory); - } else if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || - (ndpi_str->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) { - if(ndpi_is_valid_protoId(proto.app_protocol)) - return(ndpi_str->proto_defaults[proto.app_protocol].protoCategory); - } else if(ndpi_is_valid_protoId(proto.master_protocol)) - return(ndpi_str->proto_defaults[proto.master_protocol].protoCategory); + if(category_depends_on_master(proto.proto.master_protocol)) { + if(ndpi_is_valid_protoId(proto.proto.master_protocol)) + return(ndpi_str->proto_defaults[proto.proto.master_protocol].protoCategory); + } else if((proto.proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || + (ndpi_str->proto_defaults[proto.proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) { + if(ndpi_is_valid_protoId(proto.proto.app_protocol)) + return(ndpi_str->proto_defaults[proto.proto.app_protocol].protoCategory); + } else if(ndpi_is_valid_protoId(proto.proto.master_protocol)) + return(ndpi_str->proto_defaults[proto.proto.master_protocol].protoCategory); return(NDPI_PROTOCOL_CATEGORY_UNSPECIFIED); } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index ef0f185f0..5de1b7107 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -821,12 +821,12 @@ static const char* ndpi_get_flow_info_by_proto_id(struct ndpi_flow_struct const const char* ndpi_get_flow_info(struct ndpi_flow_struct const * const flow, ndpi_protocol const * const l7_protocol) { - char const * const app_protocol_info = ndpi_get_flow_info_by_proto_id(flow, l7_protocol->app_protocol); + char const * const app_protocol_info = ndpi_get_flow_info_by_proto_id(flow, l7_protocol->proto.app_protocol); if(app_protocol_info != NULL) return app_protocol_info; - return ndpi_get_flow_info_by_proto_id(flow, l7_protocol->master_protocol); + return ndpi_get_flow_info_by_proto_id(flow, l7_protocol->proto.master_protocol); } /* ********************************** */ @@ -1127,7 +1127,7 @@ void ndpi_serialize_proto(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_string_uint32(serializer, "encrypted", ndpi_is_encrypted_proto(ndpi_struct, l7_protocol)); ndpi_protocol_breed_t breed = ndpi_get_proto_breed(ndpi_struct, - (l7_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN ? l7_protocol.app_protocol : l7_protocol.master_protocol)); + (l7_protocol.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN ? l7_protocol.proto.app_protocol : l7_protocol.proto.master_protocol)); ndpi_serialize_string_string(serializer, "breed", ndpi_get_proto_breed_name(breed)); if(l7_protocol.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) { @@ -1272,7 +1272,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_string_string(serializer, "hostname", host_server_name); } - switch(l7_protocol.master_protocol ? l7_protocol.master_protocol : l7_protocol.app_protocol) { + switch(l7_protocol.proto.master_protocol ? l7_protocol.proto.master_protocol : l7_protocol.proto.app_protocol) { case NDPI_PROTOCOL_IP_ICMP: if(flow->entropy > 0.0f) { ndpi_serialize_string_float(serializer, "entropy", flow->entropy, "%.6f"); @@ -1493,7 +1493,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, break; case NDPI_PROTOCOL_DISCORD: - if (l7_protocol.master_protocol != NDPI_PROTOCOL_TLS) { + if (l7_protocol.proto.master_protocol != NDPI_PROTOCOL_TLS) { ndpi_serialize_start_of_block(serializer, "discord"); ndpi_serialize_string_string(serializer, "client_ip", flow->protos.discord.client_ip); ndpi_serialize_end_of_block(serializer); @@ -1918,8 +1918,8 @@ ndpi_risk_enum ndpi_validate_url(char *url) { /* ******************************************************************** */ u_int8_t ndpi_is_protocol_detected(ndpi_protocol proto) { - if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) - || (proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + if((proto.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) + || (proto.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) || (proto.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) return(1); else @@ -2905,15 +2905,15 @@ u_int8_t ndpi_is_valid_protoId(u_int16_t protoId) { u_int8_t ndpi_is_encrypted_proto(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto) { - if(proto.master_protocol == NDPI_PROTOCOL_UNKNOWN && ndpi_is_valid_protoId(proto.app_protocol)) { - return(!ndpi_str->proto_defaults[proto.app_protocol].isClearTextProto); - } else if(ndpi_is_valid_protoId(proto.master_protocol) && ndpi_is_valid_protoId(proto.app_protocol)) { - if(ndpi_str->proto_defaults[proto.master_protocol].isClearTextProto - && (!ndpi_str->proto_defaults[proto.app_protocol].isClearTextProto)) + if(proto.proto.master_protocol == NDPI_PROTOCOL_UNKNOWN && ndpi_is_valid_protoId(proto.proto.app_protocol)) { + return(!ndpi_str->proto_defaults[proto.proto.app_protocol].isClearTextProto); + } else if(ndpi_is_valid_protoId(proto.proto.master_protocol) && ndpi_is_valid_protoId(proto.proto.app_protocol)) { + if(ndpi_str->proto_defaults[proto.proto.master_protocol].isClearTextProto + && (!ndpi_str->proto_defaults[proto.proto.app_protocol].isClearTextProto)) return(0); else - return((ndpi_str->proto_defaults[proto.master_protocol].isClearTextProto - && ndpi_str->proto_defaults[proto.app_protocol].isClearTextProto) ? 0 : 1); + return((ndpi_str->proto_defaults[proto.proto.master_protocol].isClearTextProto + && ndpi_str->proto_defaults[proto.proto.app_protocol].isClearTextProto) ? 0 : 1); } else return(0); } @@ -2921,7 +2921,7 @@ u_int8_t ndpi_is_encrypted_proto(struct ndpi_detection_module_struct *ndpi_str, /* ******************************************* */ u_int32_t ndpi_get_flow_error_code(struct ndpi_flow_struct *flow) { - switch(flow->detected_protocol_stack[0] /* app_protocol */) { + switch(flow->detected_protocol_stack[0] /* proto.app_protocol */) { case NDPI_PROTOCOL_DNS: return(flow->protos.dns.reply_code); diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 7fc2e2085..94367d318 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -699,8 +699,8 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st u_int num_queries, idx; char _hostname[256]; - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - ret.app_protocol = (d_port == LLMNR_PORT) ? NDPI_PROTOCOL_LLMNR : (((d_port == MDNS_PORT) && isLLMNRMulticastAddress(packet) ) ? NDPI_PROTOCOL_MDNS : NDPI_PROTOCOL_DNS); + ret.proto.master_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.proto.app_protocol = (d_port == LLMNR_PORT) ? NDPI_PROTOCOL_LLMNR : (((d_port == MDNS_PORT) && isLLMNRMulticastAddress(packet) ) ? NDPI_PROTOCOL_MDNS : NDPI_PROTOCOL_DNS); if(invalid) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); @@ -800,29 +800,29 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(ndpi_struct->cfg.dns_subclassification_enabled) { ndpi_protocol_match_result ret_match; - ret.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, + ret.proto.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, flow->host_server_name, strlen(flow->host_server_name), &ret_match, NDPI_PROTOCOL_DNS); /* Add to FPC DNS cache */ - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN && + if(ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN && (flow->protos.dns.rsp_type == 0x1 || flow->protos.dns.rsp_type == 0x1c) && /* A, AAAA */ ndpi_struct->fpc_dns_cache) { ndpi_lru_add_to_cache(ndpi_struct->fpc_dns_cache, - fpc_dns_cache_key_from_dns_info(flow), ret.app_protocol, + fpc_dns_cache_key_from_dns_info(flow), ret.proto.app_protocol, ndpi_get_current_time(flow)); } - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) - ret.master_protocol = checkDNSSubprotocol(s_port, d_port); + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) + ret.proto.master_protocol = checkDNSSubprotocol(s_port, d_port); else - ret.master_protocol = NDPI_PROTOCOL_DNS; + ret.proto.master_protocol = NDPI_PROTOCOL_DNS; ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); } else { - ret.master_protocol = checkDNSSubprotocol(s_port, d_port); - ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.proto.master_protocol = checkDNSSubprotocol(s_port, d_port); + ret.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN; } /* Category is always NDPI_PROTOCOL_CATEGORY_NETWORK, regardless of the subprotocol */ @@ -835,11 +835,11 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(is_query) { /* In this case we say that the protocol has been detected just to let apps carry on with their activities */ - ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, ret.proto.app_protocol, ret.proto.master_protocol, NDPI_CONFIDENCE_DPI); if(ndpi_struct->cfg.dns_parse_response_enabled) { /* We have never triggered extra-dissection for LLMNR. Keep the old behaviour */ - if(ret.master_protocol != NDPI_PROTOCOL_LLMNR) { + if(ret.proto.master_protocol != NDPI_PROTOCOL_LLMNR) { /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */ flow->max_extra_packets_to_check = 5; flow->extra_packets_func = search_dns_again; @@ -864,7 +864,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st matched a subprotocol **/ NDPI_LOG_INFO(ndpi_struct, "found DNS\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, ret.proto.app_protocol, ret.proto.master_protocol, NDPI_CONFIDENCE_DPI); } else { if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS) || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS)) diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 345f77c47..5ff7e0e88 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1772,8 +1772,8 @@ static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_stru NDPI_LOG_DBG(ndpi_struct, "Found RTP/RTCP over QUIC\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI); /* In "extra_eval" data path, if we change the classification, we need to update the category, too */ - proto.master_protocol = NDPI_PROTOCOL_QUIC; - proto.app_protocol = NDPI_PROTOCOL_SNAPCHAT_CALL; + proto.proto.master_protocol = NDPI_PROTOCOL_QUIC; + proto.proto.app_protocol = NDPI_PROTOCOL_SNAPCHAT_CALL; proto.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; ndpi_fill_protocol_category(ndpi_struct, flow, &proto); } else { diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index eba865ecb..a238e0a45 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -964,7 +964,7 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd /* In "normal" data-path the generic code in `ndpi_internal_detection_process_packet()` takes care of setting the category */ if(flow->extra_packets_func) { - ndpi_protocol ret = { master_proto, app_proto, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; + ndpi_protocol ret = { { master_proto, app_proto }, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; flow->category = ndpi_get_proto_category(ndpi_struct, ret); } } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 2d8247d51..9fe2a460a 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -349,7 +349,7 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key, &cached_proto, 0 /* Don't remove it as it can be used for other connections */, ndpi_get_current_time(flow))) { - ndpi_protocol ret = { __get_master(ndpi_struct, flow), cached_proto, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; + ndpi_protocol ret = { { __get_master(ndpi_struct, flow), cached_proto }, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; ndpi_set_detected_protocol(ndpi_struct, flow, cached_proto, __get_master(ndpi_struct, flow), NDPI_CONFIDENCE_DPI_CACHE); flow->category = ndpi_get_proto_category(ndpi_struct, ret); @@ -735,7 +735,7 @@ void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct if(rc == 0) { /* Match found */ u_int16_t proto_id = (u_int16_t)val; - ndpi_protocol ret = { __get_master(ndpi_struct, flow), proto_id, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; + ndpi_protocol ret = { { __get_master(ndpi_struct, flow), proto_id }, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; ndpi_set_detected_protocol(ndpi_struct, flow, proto_id, __get_master(ndpi_struct, flow), NDPI_CONFIDENCE_DPI); flow->category = ndpi_get_proto_category(ndpi_struct, ret); @@ -1357,7 +1357,7 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, /* DTLS mid session: no need to further inspect the flow */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DTLS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - ndpi_protocol ret = { __get_master(ndpi_struct, flow), NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; + ndpi_protocol ret = { { __get_master(ndpi_struct, flow), NDPI_PROTOCOL_UNKNOWN }, NDPI_PROTOCOL_UNKNOWN /* unused */, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL}; flow->category = ndpi_get_proto_category(ndpi_struct, ret); flow->tls_quic.certificate_processed = 1; /* Fake, to avoid extra dissection */ |