diff options
| author | Luca Deri <deri@ntop.org> | 2016-07-25 14:52:44 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2016-07-25 14:52:44 +0200 |
| commit | da80bd8bb4c79e7e49724d3e86a13e8e83beed9a (patch) | |
| tree | c816539ce9196d7d0b2a84a03cb1c7e779775a3b /src | |
| parent | 32e6a79e9c93c3d7b1183a9e3dfc014b384f915c (diff) | |
Added ndpi_get_proto_by_name() for mapping protocolIDs to protocol names
Added a new parameter to ndpi_guess_protocol_id() to indicate if the guessed protocol has been set by the user through a custom protocols file
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_main.h | 126 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 109 |
3 files changed, 143 insertions, 93 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 2e3d29827..43bd4e2bb 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -35,89 +35,91 @@ extern "C" { #endif -void *ndpi_tdelete(const void * __restrict, void ** __restrict, - int (*)(const void *, const void *)); -void *ndpi_tfind(const void *, void *, int (*)(const void *, const void *)); -void *ndpi_tsearch(const void *, void**, int (*)(const void *, const void *)); -void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int, void*), void *user_data); -void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)); + void *ndpi_tdelete(const void * __restrict, void ** __restrict, + int (*)(const void *, const void *)); + void *ndpi_tfind(const void *, void *, int (*)(const void *, const void *)); + void *ndpi_tsearch(const void *, void**, int (*)(const void *, const void *)); + void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int, void*), void *user_data); + void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)); -int NDPI_BITMASK_COMPARE(NDPI_PROTOCOL_BITMASK a, NDPI_PROTOCOL_BITMASK b); -int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a); -void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a); + int NDPI_BITMASK_COMPARE(NDPI_PROTOCOL_BITMASK a, NDPI_PROTOCOL_BITMASK b); + int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a); + void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a); -extern u_int8_t ndpi_net_match(u_int32_t ip_to_check, - u_int32_t net, - u_int32_t num_bits); + extern u_int8_t ndpi_net_match(u_int32_t ip_to_check, + u_int32_t net, + u_int32_t num_bits); -extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, - u_int32_t net, u_int32_t num_bits); + extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, + u_int32_t net, u_int32_t num_bits); -u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); -u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); -u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); -u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); -u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); -u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); -void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol); + void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t upper_detected_protocol, + u_int16_t lower_detected_protocol); -extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); + extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); -extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol); -extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol); -extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, - u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); + extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + u_int16_t upper_detected_protocol, + u_int16_t lower_detected_protocol); + extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + u_int16_t upper_detected_protocol, + u_int16_t lower_detected_protocol); + extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, + ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); -extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); -extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); + extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); + extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); -extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip); -extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip); -extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); -extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); + extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip); + extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip); + extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); + extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); -extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); -extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); -extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); + extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); + extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); + extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); + u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); -extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, - u_int8_t proto, u_int16_t sport, u_int16_t dport); + extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + u_int8_t proto, u_int16_t sport, u_int16_t dport, + u_int8_t *user_defined_proto); -extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); + extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); -extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); -extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, - u_int16_t** tcp_master_proto, - u_int16_t** udp_master_proto); + extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); + extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, + u_int16_t** tcp_master_proto, + u_int16_t** udp_master_proto); #ifdef NDPI_ENABLE_DEBUG_MESSAGES -void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, - const char **file, const char **func, u_int32_t * line); + void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, + const char **file, const char **func, u_int32_t * line); #endif -/** Checks when the @p payload starts with the string literal @p str. -* When the string is larger than the payload, check fails. -* @return non-zero if check succeeded -*/ -int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, - const char *str, size_t str_len); + /** Checks when the @p payload starts with the string literal @p str. + * When the string is larger than the payload, check fails. + * @return non-zero if check succeeded + */ + int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, + const char *str, size_t str_len); -/* version of ndpi_match_prefix with string literal */ -#define ndpi_match_strprefix(payload, payload_len, str) \ + /* version of ndpi_match_prefix with string literal */ +#define ndpi_match_strprefix(payload, payload_len, str) \ ndpi_match_prefix((payload), (payload_len), (str), (sizeof(str)-1)) #ifdef __cplusplus diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8ec1453fc..c5275c3d8 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -737,6 +737,7 @@ typedef struct ndpi_proto_defaults { typedef struct ndpi_default_ports_tree_node { ndpi_proto_defaults_t *proto; + u_int8_t customUserProto; u_int16_t default_port; } ndpi_default_ports_tree_node_t; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 203ce0c2c..4224dd2d6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -302,9 +302,13 @@ strncasecmp(s1, s2, n) /* Forward */ static void addDefaultPort(ndpi_port_range *range, - ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root); + ndpi_proto_defaults_t *def, + u_int8_t customUserProto, + ndpi_default_ports_tree_node_t **root); + static int removeDefaultPort(ndpi_port_range *range, - ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root); + ndpi_proto_defaults_t *def, + ndpi_default_ports_tree_node_t **root); /* ****************************************** */ @@ -373,6 +377,18 @@ char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); } +/* ****************************************************** */ + +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { + u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); + + for(i = 0; i < num; i++) + if(strcasecmp(ndpi_get_proto_by_id(ndpi_mod, i), name) == 0) + return(i); + + return(NDPI_PROTOCOL_UNKNOWN); +} + /* ******************************************************************** */ ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports, @@ -445,8 +461,8 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); for(j=0; j<MAX_DEFAULT_PORTS; j++) { - if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->udpRoot); - if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->tcpRoot); + if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot); + if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot); } } @@ -479,12 +495,12 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh /* ******************************************************************** */ static void addDefaultPort(ndpi_port_range *range, - ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root) { + ndpi_proto_defaults_t *def, + u_int8_t customUserProto, + ndpi_default_ports_tree_node_t **root) { ndpi_default_ports_tree_node_t *ret; u_int16_t port; - // printf("[NDPI] %s(%d)\n", __FUNCTION__, port); - for(port=range->port_low; port<=range->port_high; port++) { ndpi_default_ports_tree_node_t *node = (ndpi_default_ports_tree_node_t*)ndpi_malloc(sizeof(ndpi_default_ports_tree_node_t)); @@ -493,11 +509,11 @@ static void addDefaultPort(ndpi_port_range *range, break; } - node->proto = def, node->default_port = port; + node->proto = def, node->default_port = port, node->customUserProto = customUserProto; ret = *(ndpi_default_ports_tree_node_t**)ndpi_tsearch(node, (void*)root, ndpi_default_ports_tree_node_t_cmp); /* Add it to the tree */ if(ret != node) { - printf("[NDPI] %s(): found duplicate for port %u: overwriting it with new value\n", __FUNCTION__, port); + /* printf("[NDPI] %s(): found duplicate for port %u: overwriting it with new value\n", __FUNCTION__, port); */ ret->proto = def; ndpi_free(node); @@ -1864,11 +1880,11 @@ int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_ /* ****************************************************** */ -u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, - u_int8_t proto, u_int16_t sport, u_int16_t dport) { +static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + u_int8_t proto, u_int16_t sport, u_int16_t dport) { const void *ret; ndpi_default_ports_tree_node_t node; - + if(sport && dport) { int low = ndpi_min(sport, dport); int high = ndpi_max(sport, dport); @@ -1885,10 +1901,27 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc ndpi_default_ports_tree_node_t_cmp); } - if(ret != NULL) { - ndpi_default_ports_tree_node_t *found = *(ndpi_default_ports_tree_node_t**)ret; + if(ret) return(*(ndpi_default_ports_tree_node_t**)ret); + } + + return(NULL); +} - return(found->proto->protoId); +/* ****************************************************** */ + +u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + u_int8_t proto, u_int16_t sport, u_int16_t dport, + u_int8_t *user_defined_proto) { + const void *ret; + ndpi_default_ports_tree_node_t node; + + *user_defined_proto = 0; /* Default */ + if(sport && dport) { + ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport); + + if(found != NULL) { + *user_defined_proto = found->customUserProto; + return(found->proto->protoId); } } else { /* No TCP/UDP */ @@ -1942,13 +1975,13 @@ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi #ifdef WIN32 char * strsep(char **sp, char *sep) { - char *p, *s; - if (sp == NULL || *sp == NULL || **sp == '\0') return(NULL); - s = *sp; - p = s + strcspn(s, sep); - if (*p != '\0') *p++ = '\0'; - *sp = p; - return(s); + char *p, *s; + if (sp == NULL || *sp == NULL || **sp == '\0') return(NULL); + s = *sp; + p = s + strcspn(s, sep); + if (*p != '\0') *p++ = '\0'; + *sp = p; + return(s); } #endif @@ -2041,7 +2074,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(sscanf(value, "%u-%u", (unsigned int *)&range.port_low, (unsigned int *)&range.port_high) != 2) range.port_low = range.port_high = atoi(&elem[4]); if(do_add) - addDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { @@ -3237,7 +3270,7 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru u_int8_t l4_proto, struct ndpi_id_struct *src, u_int16_t sport, - struct ndpi_id_struct *dst, + struct ndpi_id_struct *dst, u_int16_t dport, const u_int64_t current_tick_l, u_int8_t *payload, u_int16_t payload_len) { @@ -3304,10 +3337,16 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru flow->packet.iphv6 || #endif flow->packet.iph)) { - flow->protocol_id_already_guessed = 1; - - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport); + u_int8_t user_defined_proto; + + flow->protocol_id_already_guessed = 1, + flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport, &user_defined_proto); + if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id; + return(ret); + } + if(flow->packet.iph) { if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); @@ -3447,6 +3486,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int16_t sport, dport; u_int8_t protocol; u_int32_t saddr, daddr; + u_int8_t user_defined_proto; flow->protocol_id_already_guessed = 1; @@ -3463,7 +3503,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else if(flow->packet.tcp) sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest); else sport = dport = 0; - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport); + flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); + + if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id; + return(ret); + } if(flow->packet.iph) { if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) @@ -4298,12 +4343,14 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct unsigned int rc; struct in_addr addr; ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport); + if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport); + ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); if(ret.protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; @@ -4311,7 +4358,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct return(ret); } - rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport); + rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.protocol = rc; @@ -4335,7 +4382,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct ret.protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport); + ret.protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); return(ret); } |