Fixed invalid category matching in HTTP

Fixed overlapping categories
author: Luca Deri <deri@ntop.org> 2019-11-23 19:54:06 +0100
committer: Luca Deri <deri@ntop.org> 2019-11-23 19:54:06 +0100
commit: 509cfcb5560cd00bbd2f6d651ac8829147e08729 (patch)
tree: 8b56529fd0337e565cb9302727c8c9f303ef80d9 /src
parent: 3b203d57e97d3bc48762bbee61e3524fccb4632d (diff)
3 files changed, 16 insertions, 25 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 0421b6192..3d188f9a0 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -9069,13 +9069,18 @@ static ndpi_protocol_match host_match[] = {
 
 /* ******************************************************************** */
 
+/* 
+   IMPORTANT
+	
+   Do NOT pur here strings that overlap with string in host_match[]
+   specified above
+*/
 static ndpi_category_match category_match[] = {
    { ".edgecastcdn.net", "egdecastcdn" TLD,                       NDPI_PROTOCOL_CATEGORY_MEDIA },
    { ".hwcdn.net", "hwcdn" TLD,                                   NDPI_PROTOCOL_CATEGORY_MEDIA },
    { ".llnwd.net", "llnwd" TLD,                                   NDPI_PROTOCOL_CATEGORY_MEDIA },
    { ".llns.net", "llns" TLD,                                     NDPI_PROTOCOL_CATEGORY_MEDIA },
-   { ".fastly.net", "fastly" TLD,                                 NDPI_PROTOCOL_CATEGORY_MEDIA },
-   { ".akamaiedge.net", "akamaiedge" TLD,                         NDPI_PROTOCOL_CATEGORY_MEDIA },
+   { ".fastly.net", "fastly" TLD,                                 NDPI_PROTOCOL_CATEGORY_MEDIA },     
    { ".vultr.com", "vultr" TLD,                                   NDPI_PROTOCOL_CATEGORY_CLOUD },
    { "baidu.com", "baidu" TLD,                                    NDPI_PROTOCOL_CATEGORY_WEB },
    { "icq.com", "icq" TLD,                                        NDPI_PROTOCOL_CATEGORY_CHAT },
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 1589b0431..7138ab9c1 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4879,7 +4879,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     ret.app_protocol = flow->detected_protocol_stack[0];
 
   /* Don't overwrite the category if already set */
-  if(flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
+  if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
+     && (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN))
     ndpi_fill_protocol_category(ndpi_str, flow, &ret);
   else
     ret.category = flow->category;
@@ -6305,16 +6306,12 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
   u_int16_t rc = ndpi_automa_match_string_subprotocol(ndpi_str,
 						      flow, string_to_match, string_to_match_len,
 						      master_protocol_id, ret_match, 1);
-
-  if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
-     && (ret_match->protocol_category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) {
-    unsigned long id = ret_match->protocol_category;
-
-    if(ndpi_get_custom_category_match(ndpi_str, string_to_match, string_to_match_len, &id) != -1) {
-      if(id != -1) {
-	flow->category = ret_match->protocol_category = id;
-	rc = master_protocol_id;
-      }
+  unsigned long id = ret_match->protocol_category;
+  
+  if(ndpi_get_custom_category_match(ndpi_str, string_to_match, string_to_match_len, &id) != -1) {
+    if(id != -1) {
+      flow->category = ret_match->protocol_category = id;
+      rc = master_protocol_id;
     }
   }
 
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 2525cfbd7..6b26a7dc3 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -287,17 +287,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
     NDPI_LOG_DBG2(ndpi_struct, "HOST line found %.*s\n",
 		  packet->host_line.len, packet->host_line.ptr);
 
-    /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */
-    if(flow->http_detected) {
-      ndpi_protocol_match_result ret_match;
-
-      ndpi_match_host_subprotocol(ndpi_struct, flow,
-				  (char*)packet->host_line.ptr,
-				  packet->host_line.len,
-				  &ret_match,
-				  NDPI_PROTOCOL_HTTP);
-    }
-
     /* Copy result for nDPI apps */
     if(!ndpi_struct->disable_metadata_export) {
       len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1);
@@ -305,7 +294,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
       flow->host_server_name[len] = '\0';
       flow->extra_packets_func = NULL; /* We're good now */
     }
-
+    
     flow->server_id = flow->dst;
 
     if(packet->forwarded_line.ptr) {
author	Luca Deri <deri@ntop.org>	2019-11-23 19:54:06 +0100
committer	Luca Deri <deri@ntop.org>	2019-11-23 19:54:06 +0100
commit	509cfcb5560cd00bbd2f6d651ac8829147e08729 (patch)
tree	8b56529fd0337e565cb9302727c8c9f303ef80d9 /src
parent	3b203d57e97d3bc48762bbee61e3524fccb4632d (diff)