diff options
| author | Luca Deri <deri@ntop.org> | 2017-02-12 20:14:11 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2017-02-12 20:14:11 +0100 |
| commit | b16769ddbe0f20000b52fa86b7a1d6a966705c28 (patch) | |
| tree | fe7c6ba6b0c52911a5810570048ec4ec65d8075f /src | |
| parent | 1d2e67d38ca195f115b3f06e1dbda3ab9c6d3df7 (diff) | |
Refined guess that does not happen for protocols that have been excluded
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 35 | ||||
| -rw-r--r-- | src/lib/protocols/mssql_tds.c | 2 |
2 files changed, 28 insertions, 9 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 20b27c7fe..2bf1a103e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3439,22 +3439,41 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* TODO: add the remaining stage_XXXX protocols */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + u_int16_t guessed_protocol_id, guessed_host_protocol_id; + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; - - ndpi_int_change_protocol(ndpi_struct, flow, - flow->guessed_host_protocol_id, - flow->guessed_protocol_id); + + guessed_protocol_id = flow->guessed_protocol_id, + guessed_host_protocol_id = flow->guessed_host_protocol_id; + + if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + + /* Ignore guessed protocol if they have been discarded */ + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) + guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ndpi_int_change_protocol(ndpi_struct, flow, + guessed_host_protocol_id, + guessed_protocol_id); + } } else { flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; - + if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0]) flow->detected_protocol_stack[1] = flow->guessed_host_protocol_id; } - + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); @@ -4177,10 +4196,10 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, if((upper_detected_protocol == NDPI_PROTOCOL_UNKNOWN) && (lower_detected_protocol != NDPI_PROTOCOL_UNKNOWN)) upper_detected_protocol = lower_detected_protocol; - + if(upper_detected_protocol == lower_detected_protocol) lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN; - + ndpi_int_change_flow_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol); ndpi_int_change_packet_protocol(ndpi_struct, flow, diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 8a78266a9..42cecb8e2 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -46,7 +46,7 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; - if (packet->payload_packet_len < sizeof(struct tds_packet_header)) { + if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); return; |