diff options
| -rw-r--r-- | libndpi.sym | 1 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 16 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 28 |
3 files changed, 43 insertions, 2 deletions
diff --git a/libndpi.sym b/libndpi.sym index 9ef3c3456..c821189e8 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -58,3 +58,4 @@ ndpi_netbios_name_interpret ndpi_category_set_name ndpi_category_get_name ndpi_is_custom_category +ndpi_is_subprotocol_informative
\ No newline at end of file diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ce8489829..4193a2c57 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -440,9 +440,21 @@ extern "C" { u_int16_t protoId, ndpi_protocol_category_t protoCategory); /** + * Check if subprotocols of the specified master protocol are just + * informative (and not real) + * + * @par mod = the detection module + * @par protoId = the (master) protocol identifier to query + * @return 1 = the subprotocol is informative, 0 otherwise. + * + */ + u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId); + + /** * Get protocol category as string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @return the string name of the category * @@ -453,7 +465,7 @@ extern "C" { /** * Set protocol category string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @paw name = the string name of the category * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0551d56f3..d7583f520 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -452,6 +452,34 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, /* ********************************************************************************** */ +/* + There are some (master) protocols that are informative, meaning that it shows + what is the subprotocol about, but also that the subprotocol isn't a real protocol. + + Example: + - DNS is informative as if we see a DNS request for www.facebook.com, the + returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but + rather it indicates a query for Facebook and not Facebook traffic. + - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is + SSL (HTTPS) traffic containg Facebook traffic. + */ +u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return(0); + + switch(protoId) { + case NDPI_PROTOCOL_DNS: + return(1); + break; + + default: + return(0); + } +} + +/* ********************************************************************************** */ + void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], |