diff options
| author | Luca Deri <deri@ntop.org> | 2017-10-06 15:20:36 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2017-10-06 15:20:36 +0200 |
| commit | 9b91623d574e199bd157d1db5d5f14ac4ff7e070 (patch) | |
| tree | b083737becb66f481149877089051a8ff22e9a9b /src | |
| parent | 27d66f68459804d4b44a4259dd0813dc995d5ca1 (diff) | |
Added ndpi_is_subprotocol_informative() API call
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 16 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 28 |
2 files changed, 42 insertions, 2 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ce8489829..4193a2c57 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -440,9 +440,21 @@ extern "C" { u_int16_t protoId, ndpi_protocol_category_t protoCategory); /** + * Check if subprotocols of the specified master protocol are just + * informative (and not real) + * + * @par mod = the detection module + * @par protoId = the (master) protocol identifier to query + * @return 1 = the subprotocol is informative, 0 otherwise. + * + */ + u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId); + + /** * Get protocol category as string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @return the string name of the category * @@ -453,7 +465,7 @@ extern "C" { /** * Set protocol category string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @paw name = the string name of the category * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0551d56f3..d7583f520 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -452,6 +452,34 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, /* ********************************************************************************** */ +/* + There are some (master) protocols that are informative, meaning that it shows + what is the subprotocol about, but also that the subprotocol isn't a real protocol. + + Example: + - DNS is informative as if we see a DNS request for www.facebook.com, the + returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but + rather it indicates a query for Facebook and not Facebook traffic. + - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is + SSL (HTTPS) traffic containg Facebook traffic. + */ +u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return(0); + + switch(protoId) { + case NDPI_PROTOCOL_DNS: + return(1); + break; + + default: + return(0); + } +} + +/* ********************************************************************************** */ + void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], |