diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-09-14 10:44:16 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-09-14 17:52:01 +0200 |
| commit | 9ce4d40d1490fb0f89d9d5eb6d249529cbd60513 (patch) | |
| tree | 60c75381e87229f696b306f64266206b342c6213 /src | |
| parent | 7571f48392ef3b79eb25b94f1da6932a137c4f02 (diff) | |
Remove a case of guessed sub-classification
This code is triggered only for "unknown" flows with a valid
sni/hostname.
Why in that case the guessed classification should be
something like `DNS/Subprotocol_depending_on_hostname`? Why DNS as
master and not HTTP or TLS or QUIC?
Furthermore, I have not been able to trigger a positive match from that
lookup. I strongly think that if we had a valid subprotocol, we would
have a valid master in the first place.
In doubt, remove it completely.
As a follow up, we should investigate why some dissectors (the HTTP one,
at least) set the sni/hostname field without setting a valid protocol,
in the first place.
This behaviour seems quite suspicious, if not plainly buggy.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c44391c85..7a01827ab 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5788,17 +5788,6 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st confidence = NDPI_CONFIDENCE_DPI_PARTIAL; } - if(flow->host_server_name[0] != '\0') { - ndpi_protocol_match_result ret_match; - - ndpi_match_host_subprotocol(ndpi_str, flow, (char *) flow->host_server_name, - strlen((const char *) flow->host_server_name), &ret_match, - NDPI_PROTOCOL_DNS); - - if(ret_match.protocol_id != NDPI_PROTOCOL_UNKNOWN) - guessed_host_protocol_id = ret_match.protocol_id; - } - *protocol_was_guessed = 1; ndpi_set_detected_protocol(ndpi_str, flow, guessed_host_protocol_id, guessed_protocol_id, confidence); } |