diff options
| -rw-r--r-- | src/lib/protocols/http.c | 7 | ||||
| -rw-r--r-- | tests/pcap/http-lines-split.pcap | bin | 0 -> 2751 bytes | |||
| -rw-r--r-- | tests/result/http-lines-split.pcap.out | 3 |
3 files changed, 10 insertions, 0 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index dd6d39c88..9ac26785c 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -805,6 +805,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } + /* try to get some additional request header info even if the packet may not be HTTP */ + ndpi_parse_packet_line_info(ndpi_struct, flow); + if (packet->http_num_headers > 0) { + check_content_type_and_change_protocol(ndpi_struct, flow); + return; + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); http_bitmask_exclude_other(flow); return; diff --git a/tests/pcap/http-lines-split.pcap b/tests/pcap/http-lines-split.pcap Binary files differnew file mode 100644 index 000000000..01570c76c --- /dev/null +++ b/tests/pcap/http-lines-split.pcap diff --git a/tests/result/http-lines-split.pcap.out b/tests/result/http-lines-split.pcap.out new file mode 100644 index 000000000..99f6f1415 --- /dev/null +++ b/tests/result/http-lines-split.pcap.out @@ -0,0 +1,3 @@ +HTTP 14 2503 1 + + 1 TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Host: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known protocol on non standard port **** HTTP Suspicious User-Agent **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0] |