diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2024-01-10 11:46:57 +0100 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-18 10:21:24 +0100 |
| commit | 0712d496fe63fd16f8e943a438c57f75d8cae880 (patch) | |
| tree | 5102d4c3de8250cd16f52658de3f0dad55554c7c /src | |
| parent | 6c85f10cd5a29346522ad647a38066f0cc44e5a7 (diff) | |
config: allow configuration of guessing algorithms
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_private.h | 1 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 11 |
4 files changed, 10 insertions, 6 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 818228aac..ce94df0d5 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -290,14 +290,12 @@ extern "C" { * * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module - * @par enable_guess = guess protocol if unknown * @par protocol_was_guessed = 1 if the protocol was guesses (requires enable_guess = 1), 0 otherwise * @return the detected protocol even if the flow is not completed; * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t enable_guess, u_int8_t *protocol_was_guessed); /** diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 282deba2d..ed246c01f 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -167,6 +167,7 @@ struct ndpi_detection_module_config_struct { int fully_encrypted_heuristic; int track_payload_enabled; int libgcrypt_init; + int guess_on_giveup; char filename_config[CFG_MAX_LEN]; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 7fc5ce0de..0e8f7a25c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -761,6 +761,8 @@ struct ndpi_lru_cache { struct ndpi_lru_cache_entry *entries; }; +#define NDPI_GIVEUP_GUESS_BY_PORT 0x01 +#define NDPI_GIVEUP_GUESS_BY_IP 0x02 /* Aggressiveness values */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b22b6c68e..316b25ac2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7377,7 +7377,7 @@ static void ndpi_check_tcp_flags(struct ndpi_detection_module_struct *ndpi_str, /* ********************************************************************************* */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, - u_int8_t enable_guess, u_int8_t *protocol_was_guessed) { + u_int8_t *protocol_was_guessed) { ndpi_protocol ret = NDPI_PROTOCOL_NULL; u_int16_t cached_proto; @@ -7448,7 +7448,8 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st } /* Classification by-port */ - if(enable_guess && ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_PORT) && + ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) { /* Ignore guessed protocol if they have been discarded */ if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN && @@ -7464,7 +7465,8 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st } /* Classification by-ip, as last effort */ - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + if((ndpi_str->cfg.guess_on_giveup & NDPI_GIVEUP_GUESS_BY_IP) && + ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { ndpi_set_detected_protocol(ndpi_str, flow, @@ -7929,7 +7931,7 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n if(flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { u_int8_t protocol_was_guessed; - *ret = ndpi_detection_giveup(ndpi_str, flow, 0, &protocol_was_guessed); + *ret = ndpi_detection_giveup(ndpi_str, flow, &protocol_was_guessed); } ndpi_fill_protocol_category(ndpi_str, flow, ret); @@ -10795,6 +10797,7 @@ static const struct cfg_param { { NULL, "tcp_ack_payload_heuristic.enable", "0", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tcp_ack_paylod_heuristic) }, { NULL, "fully_encrypted_heuristic.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic) }, { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), }, + { NULL, "guess_on_giveup", "0x3", "0", "3", CFG_PARAM_INT, __OFF(guess_on_giveup) }, { NULL, "flow_risk_lists.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(flow_risk_lists_enabled)}, |