diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-09-05 13:59:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-05 13:59:51 +0200 |
| commit | 0a47f745cc87f967f0d8513b4178321e21a02efc (patch) | |
| tree | bfa7610e8c35281d8c94d35aacd1f67908355721 /tests/result/tor.pcap.out | |
| parent | 01028ee77921cb21dee8b0e5f1f912ffd304244a (diff) | |
Avoid useless host automa lookup (#1724)
The host automa is used for two tasks:
* protocol sub-classification (obviously);
* DGA evaluation: the idea is that if a domain is present in this
automa, it can't be a DGA, regardless of its format/name.
In most dissectors both checks are executed, i.e. the code is something
like:
```
ndpi_match_host_subprotocol(..., flow->host_server_name, ...);
ndpi_check_dga_name(..., flow->host_server_name,...);
```
In that common case, we can perform only one automa lookup: if we check the
sub-classification before the DGA, we can avoid the second lookup in
the DGA function itself.
Diffstat (limited to 'tests/result/tor.pcap.out')
| -rw-r--r-- | tests/result/tor.pcap.out | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 6827a5962..60255cc81 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -12,7 +12,7 @@ LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) -Automa host: 15/0 (search/found) +Automa host: 8/0 (search/found) Automa domain: 7/0 (search/found) Automa tls cert: 4/0 (search/found) Automa risk mask: 6/0 (search/found) |