diff options
| author | Liam Wilson <37528501+liwilson1@users.noreply.github.com> | 2024-09-20 20:25:41 +1200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-20 10:25:41 +0200 |
| commit | 80971e4a173a046adf0cab703387184f205bf596 (patch) | |
| tree | 6935e9b4b76a403d8aa27731d73a106dd3f34559 /src | |
| parent | 191694f797639fc0b56adcf050bc9cfa8dc02f3d (diff) | |
Allow IP guess before port in ndpi_detection_giveup (#2562)
Add dpi.guess_ip_before_port which when enabled uses classification
by-ip before classification by-port.
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_private.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 21 |
2 files changed, 19 insertions, 3 deletions
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 809d6c7b3..be142717b 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -199,6 +199,7 @@ struct ndpi_detection_module_config_struct { int guess_on_giveup; int compute_entropy; int fpc_enabled; + int guess_ip_before_port; char filename_config[CFG_MAX_LEN]; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 12f51af0e..b3b70de5a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7896,6 +7896,20 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ndpi_set_risk(flow, NDPI_FULLY_ENCRYPTED, NULL); } + /* If guess_ip_before_port is enabled, classify by-ip first */ + if((ndpi_str->cfg.guess_ip_before_port)) + { + if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_IP) && + ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && + flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { + + ndpi_set_detected_protocol(ndpi_str, flow, + flow->guessed_protocol_id_by_ip, + ret.proto.master_protocol, + NDPI_CONFIDENCE_MATCH_BY_IP); + ret.proto.app_protocol = flow->detected_protocol_stack[0]; + } + } /* Classification by-port */ if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_PORT) && ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) { @@ -7912,9 +7926,9 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ret.proto.app_protocol = flow->detected_protocol_stack[0]; } } - - /* Classification by-ip, as last effort */ - if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_IP) && + /* Classification by-ip, as last effort if guess_ip_before_port is disabled*/ + if(!(ndpi_str->cfg.guess_ip_before_port) && + (ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_IP) && ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN && flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { @@ -11493,6 +11507,7 @@ static const struct cfg_param { { NULL, "fully_encrypted_heuristic", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic), NULL }, { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), NULL }, { NULL, "dpi.guess_on_giveup", "0x3", "0", "3", CFG_PARAM_INT, __OFF(guess_on_giveup), NULL }, + { NULL, "dpi.guess_ip_before_port", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(guess_ip_before_port), NULL}, { NULL, "dpi.compute_entropy", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(compute_entropy), NULL }, { NULL, "fpc", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fpc_enabled), NULL }, |