config: HTTP: enable/disable processing of HTTP responses

3 files changed, 17 insertions, 14 deletions

diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index 8f7208a05..cf857be23 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -205,6 +205,8 @@ struct ndpi_detection_module_config_struct {
 
   int stun_opportunistic_tls_enabled;
 
+  int http_parse_response_enabled;
+
   int ookla_aggressiveness;
 
   NDPI_PROTOCOL_BITMASK ip_list_bitmask;
@@ -327,14 +329,9 @@ struct ndpi_detection_module_struct {
 
   /* *** If you add a new LRU cache, please update lru_cache_type above! *** */
 
-  int tcp_ack_paylod_heuristic;
-  int fully_encrypted_based_on_first_pkt_heuristic;
-
   u_int16_t ndpi_to_user_proto_id[NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; /* custom protocolId mapping */
   ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
 
-  u_int8_t direction_detect_disable:1, /* disable internal detection of packet direction */ _pad:7;
-
 #ifdef CUSTOM_NDPI_PROTOCOLS
   #include "../../../nDPI-custom/custom_ndpi_typedefs.h"
 #endif
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 33278c490..d3282c7da 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -10790,6 +10790,8 @@ static const struct cfg_param {
 
   { "stun",          "tls_dissection.enable",                   "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_opportunistic_tls_enabled) },
 
+  { "http",          "process_response.enable",                 "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(http_parse_response_enabled) },
+
   { "ookla",         "aggressiveness",                          "0x01", "0", "1", CFG_PARAM_INT, __OFF(ookla_aggressiveness) },
 
   { "$PROTO_NAME_OR_ID", "ip_list.load",                        "1", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(ip_list_bitmask)},
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index b0bbd30ca..673345b93 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -1493,16 +1493,20 @@ static void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struc
   NDPI_LOG_DBG(ndpi_struct, "search HTTP\n");
   ndpi_check_http_tcp(ndpi_struct, flow);
 
-  if((flow->host_server_name[0] != '\0'&&
+  if((ndpi_struct->cfg.http_parse_response_enabled &&
+      flow->host_server_name[0] != '\0'&&
       flow->http.response_status_code != 0) ||
-    /* We have found 3 consecutive requests (without the reply) or 3
-       consecutive replies (without the request). If the traffic is really
-       asymmetric, stop here, because we will never find the metadata from
-       both the request and the reply. We wait for 3 events (instead of 2)
-       to avoid false positives triggered by missing/dropped packets */
-    (flow->l4.tcp.http_asymmetric_stage == 2 &&
-     (flow->packet_direction_complete_counter[0] == 0 ||
-      flow->packet_direction_complete_counter[1] == 0))) {
+     (!ndpi_struct->cfg.http_parse_response_enabled &&
+      (flow->host_server_name[0] != '\0' ||
+       flow->http.response_status_code != 0)) ||
+     /* We have found 3 consecutive requests (without the reply) or 3
+        consecutive replies (without the request). If the traffic is really
+        asymmetric, stop here, because we will never find the metadata from
+        both the request and the reply. We wait for 3 events (instead of 2)
+        to avoid false positives triggered by missing/dropped packets */
+     (flow->l4.tcp.http_asymmetric_stage == 2 &&
+      (flow->packet_direction_complete_counter[0] == 0 ||
+       flow->packet_direction_complete_counter[1] == 0))) {
     flow->extra_packets_func = NULL; /* We're good now */
 
     if(flow->initial_binary_bytes_len) ndpi_analyze_content_signature(ndpi_struct, flow);