diff options
| -rw-r--r-- | src/lib/ndpi_main.c | 35 | ||||
| -rw-r--r-- | src/lib/protocols/mssql_tds.c | 2 |
2 files changed, 28 insertions, 9 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 20b27c7fe..2bf1a103e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3439,22 +3439,41 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* TODO: add the remaining stage_XXXX protocols */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + u_int16_t guessed_protocol_id, guessed_host_protocol_id; + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; - - ndpi_int_change_protocol(ndpi_struct, flow, - flow->guessed_host_protocol_id, - flow->guessed_protocol_id); + + guessed_protocol_id = flow->guessed_protocol_id, + guessed_host_protocol_id = flow->guessed_host_protocol_id; + + if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + + /* Ignore guessed protocol if they have been discarded */ + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) + guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ndpi_int_change_protocol(ndpi_struct, flow, + guessed_host_protocol_id, + guessed_protocol_id); + } } else { flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; - + if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0]) flow->detected_protocol_stack[1] = flow->guessed_host_protocol_id; } - + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); @@ -4177,10 +4196,10 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, if((upper_detected_protocol == NDPI_PROTOCOL_UNKNOWN) && (lower_detected_protocol != NDPI_PROTOCOL_UNKNOWN)) upper_detected_protocol = lower_detected_protocol; - + if(upper_detected_protocol == lower_detected_protocol) lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN; - + ndpi_int_change_flow_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol); ndpi_int_change_packet_protocol(ndpi_struct, flow, diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 8a78266a9..42cecb8e2 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -46,7 +46,7 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; - if (packet->payload_packet_len < sizeof(struct tds_packet_header)) { + if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); return; |