diff options
| author | Luca Deri <deri@ntop.org> | 2020-12-28 16:11:39 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-12-28 16:11:39 +0100 |
| commit | 84132c6735935ce494a665557dcbabfd2703b036 (patch) | |
| tree | 746763690ddb91144447b32514f03159b4bd1a68 /src | |
| parent | 7f944cc43ba58b5d049e36b7cbe1556e79790172 (diff) | |
Added known protocol on unknown port for ntop
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 13 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 4 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 68c5fa926..6990882aa 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4488,6 +4488,15 @@ static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) { /* ********************************************************************************* */ +static int ndpi_is_ntop_protocol(ndpi_protocol *ret) { + if((ret->master_protocol == NDPI_PROTOCOL_HTTP) && (ret->app_protocol == NDPI_PROTOCOL_NTOP)) + return(1); + else + return(0); +} + +/* ********************************************************************************* */ + static int ndpi_check_protocol_port_mismatch_exceptions(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_default_ports_tree_node_t *expected_proto, @@ -4498,6 +4507,8 @@ static int ndpi_check_protocol_port_mismatch_exceptions(struct ndpi_detection_mo options available */ + if(ndpi_is_ntop_protocol(returned_proto)) return(1); + if(returned_proto->master_protocol == NDPI_PROTOCOL_TLS) { switch(expected_proto->proto->protoId) { case NDPI_PROTOCOL_MAIL_IMAPS: @@ -4847,7 +4858,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(!ndpi_check_protocol_port_mismatch_exceptions(ndpi_str, flow, found, &ret)) NDPI_SET_BIT(flow->risk, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT); - } else if(default_ports && (default_ports[0] != 0)) { + } else if((!ndpi_is_ntop_protocol(&ret)) && default_ports && (default_ports[0] != 0)) { u_int8_t found = 0, i, num_loops = 0; check_default_ports: diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index cc81644aa..f130ea6b9 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -446,8 +446,10 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } if(packet->server_line.ptr != NULL && (packet->server_line.len > 7)) { - if(strncmp((const char *)packet->server_line.ptr, "ntopng ", 7) == 0) + if(strncmp((const char *)packet->server_line.ptr, "ntopng ", 7) == 0) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_HTTP); + NDPI_CLR_BIT(flow->risk, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT); + } } if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) { |