diff options
| -rw-r--r-- | doc/configuration_parameters.md | 8 | ||||
| -rw-r--r-- | example/config.txt | 1 | ||||
| -rw-r--r-- | example/ndpiReader.c | 47 | ||||
| -rw-r--r-- | fuzz/fuzz_config.cpp | 52 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 10 | ||||
| -rw-r--r-- | src/include/ndpi_private.h | 20 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 107 | ||||
| -rw-r--r-- | src/lib/protocols/ftp_control.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_imap.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_pop.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 2 | ||||
| -rw-r--r-- | tests/cfgs/disable_aggressiveness/config.txt | 2 |
14 files changed, 73 insertions, 186 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index 4e07e379f..bd7f826ac 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -11,7 +11,13 @@ TODO | NULL | "flow_risk.anonymous_subscriber.list.protonvpn.load" | 1 | NULL | NULL | Enable/disable loading of internal IP address list of ProtonVPN exit nodes used to check `NDPI_ANONYMOUS_SUBSCRIBER` flow risk | | NULL | "flow_risk.crawler_bot.list.load" | 1 | NULL | NULL | Enable/disable loading of internal IP address list used to check `NDPI_HTTP_CRAWLER_BOT` flow risk | | NULL | "filename.config" | NULL | NULL | NULL | Name of the file containing a list of configuration knobs itself (one per line)!. Useful to configure nDPI via text file instead of via API | -| "tls" | "metadata.sha1_fingerprint.enable" | 1 | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | | NULL | "lru.$CACHE_NAME.size" | See description | 0 | 16777215 | Set the size (in number of elements) of the specified LRU cache (0 = the cache is disabled). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "32768" for the bittorrent cache, "512" for the zoom cache and "1024" for all the other caches | | NULL | "lru.$CACHE_NAME.ttl" | See description | 0 | 16777215 | Set the TTL (in seconds) for the elements of the specified LRU cache (0 = the elements never explicitly expire). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "120" for the ookla cache, "60" for the msteams and stun_zoom caches and "0" for all the other caches | +| "tls" | "metadata.sha1_fingerprint.enable" | 1 | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | +| "smtp" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext SMTP flows (because of opportunistic TLS, via STARTTLS msg) | +| "imap" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext IMAP flows (because of opportunistic TLS, via STARTTLS msg) | +| "pop" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext POP flows (because of opportunistic TLS, via STARTTLS msg) | +| "ftp" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext FTP flows (because of opportunistic TLS, via AUTH TLS msg) | +| "stun" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets multiplexed into STUN flows | +| "ookla" | "aggressiveness", | 0x01 | 0x00 | 0x01 | Detection aggressiveness for Ookla. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable heuristic for detection over TLS (via Ookla LRU cache) | | $PROTO_NAME | "ip_list.load" | 1 | NULL | NULL | Enable/disable loading of internal list of IP addresses (used for (sub)classification) specific to that protocol. Use "any" as protocol name if you want to easily enable/disable all lists. This knob is valid only for the following protocols: Alibaba, Amazon AWS, Apple, Avast, Bloomberg, Cachefly, Cloudflare, Discord, Disney+, Dropbox, Edgecast, EpicGames, Ethereum, Facebook, Github, Google, Google Cloud, GoTo, Hotspot Shield, Hulu, Line, Microsoft 365, Microsoft Azure, Microsoft One Drive, Microsoft Outlook, Mullvad, Netflix, Nvidia, OpenDNS, ProtonVPN, RiotGames, Roblox, Skype/Teams, Starcraft, Steam, Teamviewer, Telegram, Tencent, Threema, TOR, Twitch, Twitter, UbuntuONE, VK, Yandex, Yandex Cloud, Webex, Whatsapp, Zoom | diff --git a/example/config.txt b/example/config.txt index 1e7f14ad1..95b66b1b6 100644 --- a/example/config.txt +++ b/example/config.txt @@ -5,6 +5,7 @@ #See doc/configuration_parameters.md for a complete list and description of all the accepted knobs packets_limit_per_flow,32 +ookla,aggressiveness,0x1 tls,metadata.sha1_fingerprint.enable,1 lru.bittorrent.ttl,0 diff --git a/example/ndpiReader.c b/example/ndpiReader.c index fef71d38c..7a614c219 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -107,7 +107,6 @@ static int num_cfgs = 0; int nDPI_LogLevel = 0; char *_debug_protocols = NULL; char *_disabled_protocols = NULL; -int aggressiveness[NDPI_MAX_SUPPORTED_PROTOCOLS]; static u_int8_t stats_flag = 0; ndpi_init_prefs init_prefs = ndpi_no_prefs | ndpi_enable_tcp_ack_payload_heuristic; u_int8_t human_readeable_string_len = 5; @@ -603,7 +602,6 @@ static void help(u_int long_help) { " -I | Ignore VLAN id for flow hash calculation\n" " -A | Dump internal statistics (LRU caches / Patricia trees / Ahocarasick automas / ...\n" " -M | Memory allocation stats on data-path (only by the library). It works only on single-thread configuration\n" - " -Z proto:value | Set this value of aggressiveness for this protocol (0 to disable it). This flag can be used multiple times\n" " --cfg=proto,param,value | Configure the specific attribute of this protocol\n" , human_readeable_string_len, @@ -981,7 +979,7 @@ int reader_add_cfg(char *proto, char *param, char *value, int dup) */ static void parseOptions(int argc, char **argv) { int option_idx = 0; - int opt, i; + int opt; #ifndef USE_DPDK char *__pcap_file = NULL; int thread_id, do_capture = 0; @@ -1003,11 +1001,8 @@ static void parseOptions(int argc, char **argv) { } #endif - for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) - aggressiveness[i] = -1; /* Use the default value */ - while((opt = getopt_long(argc, argv, - "a:Ab:B:e:Ec:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:Rs:tu:v:V:n:rp:x:X:w:Z:q0123:456:7:89:m:MT:U:", + "a:Ab:B:e:Ec:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:Rs:tu:v:V:n:rp:x:X:w:q0123:456:7:89:m:MT:U:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : ""); @@ -1147,36 +1142,6 @@ static void parseOptions(int argc, char **argv) { _disabled_protocols = ndpi_strdup(optarg); break; - case 'Z': /* proto_name:aggr_value */ - { - struct ndpi_detection_module_struct *module_tmp; - NDPI_PROTOCOL_BITMASK all; - char *saveptr, *tmp_str, *proto_str, *aggr_str; - - /* Use a temporary module with all protocols enabled */ - module_tmp = ndpi_init_detection_module(0); - if(!module_tmp) - break; - - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(module_tmp, &all); - ndpi_finalize_initialization(module_tmp); - - tmp_str = ndpi_strdup(optarg); - if(tmp_str) { - proto_str = strtok_r(tmp_str, ":", &saveptr); - if(proto_str) { - aggr_str = strtok_r(NULL, ":", &saveptr); - if(aggr_str) { - aggressiveness[ndpi_get_protocol_id(module_tmp, proto_str)] = atoi(aggr_str); - } - } - } - ndpi_free(tmp_str); - ndpi_exit_detection_module(module_tmp); - break; - } - case 'h': help(0); break; @@ -1313,7 +1278,7 @@ static void parseOptions(int argc, char **argv) { max_num_udp_dissected_pkts = atoi(optarg); break; - case OPTLONG_VALUE_CFG: + case OPTLONG_VALUE_CFG: if(parse_three_strings(optarg, &s1, &s2, &s3) == -1 || reader_add_cfg(s1, s2, s3, 0) == -1) { printf("Invalid parameter [%s] [num:%d/%d]\n", optarg, num_cfgs, MAX_NUM_CFGS); @@ -2822,12 +2787,6 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _protoFilePath); - /* Set aggressiveness here */ - for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { - if(aggressiveness[i] != -1) - ndpi_set_protocol_aggressiveness(ndpi_thread_info[thread_id].workflow->ndpi_struct, i, aggressiveness[i]); - } - for(i = 0; i < num_cfgs; i++) { rc = ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, cfgs[i].proto, cfgs[i].param, cfgs[i].value); diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index da995f0e6..73028a51a 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -14,8 +14,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct ndpi_flow_struct flow; u_int8_t protocol_was_guessed; u_int32_t i; - u_int16_t random_proto, bool_value; - int random_value; + u_int16_t bool_value; NDPI_PROTOCOL_BITMASK enabled_bitmask; struct ndpi_lru_cache_stats lru_stats; struct ndpi_patricia_tree_stats patricia_stats; @@ -86,25 +85,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_detection_preferences(ndpi_info_mod, static_cast<ndpi_detection_preference>(0xFF), 0xFF); /* Invalid preference */ - ndpi_set_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_SMTP, fuzzed_data.ConsumeBool()); - ndpi_get_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_SMTP); - ndpi_set_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_IMAP, fuzzed_data.ConsumeBool()); - ndpi_get_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_IMAP); - ndpi_set_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_POP, fuzzed_data.ConsumeBool()); - ndpi_get_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_MAIL_POP); - ndpi_set_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_FTP_CONTROL, fuzzed_data.ConsumeBool()); - ndpi_get_opportunistic_tls(ndpi_info_mod, NDPI_PROTOCOL_FTP_CONTROL); - - random_proto = fuzzed_data.ConsumeIntegralInRange(0, (1 << 16) - 1); - random_value = fuzzed_data.ConsumeIntegralInRange(0,2); /* Only 0-1 are valid values */ - ndpi_set_opportunistic_tls(ndpi_info_mod, random_proto, random_value); - ndpi_get_opportunistic_tls(ndpi_info_mod, random_proto); - - for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { - ndpi_set_protocol_aggressiveness(ndpi_info_mod, i, random_value); - ndpi_get_protocol_aggressiveness(ndpi_info_mod, i); - } - if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); @@ -113,6 +93,36 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "smtp", "tls_dissection.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "imap", "tls_dissection.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "pop", "tls_dissection.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "ftp", "tls_dissection.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "stun", "tls_dissection.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 0x01 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "ookla", "aggressiveness", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, "any", "ip_list.load", cfg_value); } for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 44dd87bf2..177f7bb75 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1074,16 +1074,6 @@ extern "C" { lru_cache_type cache_type, struct ndpi_lru_cache_stats *stats); - int ndpi_set_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto, int value); - int ndpi_get_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto); - - int ndpi_set_protocol_aggressiveness(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto, u_int32_t value); - u_int32_t ndpi_get_protocol_aggressiveness(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto); - /** * Find a protocol id associated with a string automata * diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 1f45987d8..3ec291f51 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -174,6 +174,18 @@ struct ndpi_detection_module_config_struct { int tls_sha1_fingerprint_enabled; + int smtp_opportunistic_tls_enabled; + + int imap_opportunistic_tls_enabled; + + int pop_opportunistic_tls_enabled; + + int ftp_opportunistic_tls_enabled; + + int stun_opportunistic_tls_enabled; + + int ookla_aggressiveness; + NDPI_PROTOCOL_BITMASK ip_list_bitmask; int flow_risk_lists_enabled; @@ -294,14 +306,6 @@ struct ndpi_detection_module_struct { /* *** If you add a new LRU cache, please update lru_cache_type above! *** */ - int opportunistic_tls_smtp_enabled; - int opportunistic_tls_imap_enabled; - int opportunistic_tls_pop_enabled; - int opportunistic_tls_ftp_enabled; - int opportunistic_tls_stun_enabled; - - u_int32_t aggressiveness_ookla; - int tcp_ack_paylod_heuristic; int fully_encrypted_based_on_first_pkt_heuristic; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6e593ccda..dea4770c3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3277,14 +3277,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs return(NULL); } - ndpi_str->opportunistic_tls_smtp_enabled = 1; - ndpi_str->opportunistic_tls_imap_enabled = 1; - ndpi_str->opportunistic_tls_pop_enabled = 1; - ndpi_str->opportunistic_tls_ftp_enabled = 1; - ndpi_str->opportunistic_tls_stun_enabled = 1; - - ndpi_str->aggressiveness_ookla = NDPI_AGGRESSIVENESS_OOKLA_TLS; - if(prefs & ndpi_enable_tcp_ack_payload_heuristic) ndpi_str->tcp_ack_paylod_heuristic = 1; @@ -10558,92 +10550,6 @@ int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow) /* ******************************************************************** */ -int ndpi_set_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto, int value) -{ - if(!ndpi_struct || (value != 0 && value != 1)) - return -1; - - switch(proto) { - case NDPI_PROTOCOL_MAIL_SMTP: - ndpi_struct->opportunistic_tls_smtp_enabled = value; - return 0; - case NDPI_PROTOCOL_MAIL_IMAP: - ndpi_struct->opportunistic_tls_imap_enabled = value; - return 0; - case NDPI_PROTOCOL_MAIL_POP: - ndpi_struct->opportunistic_tls_pop_enabled = value; - return 0; - case NDPI_PROTOCOL_FTP_CONTROL: - ndpi_struct->opportunistic_tls_ftp_enabled = value; - return 0; - case NDPI_PROTOCOL_STUN: - ndpi_struct->opportunistic_tls_stun_enabled = value; - return 0; - default: - return -1; - } -} - -/* ******************************************************************** */ - -int ndpi_get_opportunistic_tls(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto) -{ - if(!ndpi_struct) - return -1; - - switch(proto) { - case NDPI_PROTOCOL_MAIL_SMTP: - return ndpi_struct->opportunistic_tls_smtp_enabled; - case NDPI_PROTOCOL_MAIL_IMAP: - return ndpi_struct->opportunistic_tls_imap_enabled; - case NDPI_PROTOCOL_MAIL_POP: - return ndpi_struct->opportunistic_tls_pop_enabled; - case NDPI_PROTOCOL_FTP_CONTROL: - return ndpi_struct->opportunistic_tls_ftp_enabled; - case NDPI_PROTOCOL_STUN: - return ndpi_struct->opportunistic_tls_stun_enabled; - default: - return -1; - } -} - -/* ******************************************************************** */ - -int ndpi_set_protocol_aggressiveness(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto, u_int32_t value) -{ - if(!ndpi_struct) - return -1; - - switch(proto) { - case NDPI_PROTOCOL_OOKLA: - ndpi_struct->aggressiveness_ookla = value; - return 0; - default: - return -1; - } -} - -/* ******************************************************************** */ - -u_int32_t ndpi_get_protocol_aggressiveness(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t proto) -{ - if(!ndpi_struct) - return -1; - - switch(proto) { - case NDPI_PROTOCOL_OOKLA: - return ndpi_struct->aggressiveness_ookla; - default: - return -1; - } -} - -/* ******************************************************************** */ - void ndpi_set_user_data(struct ndpi_detection_module_struct *ndpi_str, void *user_data) { if (ndpi_str == NULL) @@ -10695,7 +10601,6 @@ static u_int16_t __get_proto_id(const char *proto_name_or_id) NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(module, &all); /* Try to be fast: we need only the protocol name -> protocol id mapping! */ - /* TODO */ ndpi_set_config(module, "any", "ip_list.load", "0"); ndpi_set_config(module, NULL, "flow_risk_lists.load", "0"); ndpi_finalize_initialization(module); @@ -10904,6 +10809,18 @@ static const struct cfg_param { { "tls", "metadata.sha1_fingerprint.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tls_sha1_fingerprint_enabled) }, + { "smtp", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(smtp_opportunistic_tls_enabled) }, + + { "imap", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(imap_opportunistic_tls_enabled) }, + + { "pop", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(pop_opportunistic_tls_enabled) }, + + { "ftp", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ftp_opportunistic_tls_enabled) }, + + { "stun", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_opportunistic_tls_enabled) }, + + { "ookla", "aggressiveness", "0x01", "0", "1", CFG_PARAM_INT, __OFF(ookla_aggressiveness) }, + { "$PROTO_NAME_OR_ID", "ip_list.load", "1", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(ip_list_bitmask)}, /* Global parameters */ diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 40378a4c6..ce7903397 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -640,7 +640,7 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) { flow->ftp_control_stage = 0; } else if (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 && - ndpi_struct->opportunistic_tls_ftp_enabled) { + ndpi_struct->cfg.ftp_opportunistic_tls_enabled) { flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */ /* Switch classification to FTPS */ ndpi_set_detected_protocol(ndpi_struct, flow, diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index a9eeaf64f..1b8b31287 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -110,7 +110,7 @@ static void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_ if(flow->l4.tcp.mail_imap_starttls == 1) { NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n"); ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS); - if(ndpi_struct->opportunistic_tls_imap_enabled) { + if(ndpi_struct->cfg.imap_opportunistic_tls_enabled) { NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n", flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]); /* We are done (in IMAP dissector): delegating TLS... */ diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 045ff1c7c..5741eba0e 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -174,7 +174,7 @@ static void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct if(packet->payload[0] == '+' && flow->l4.tcp.mail_imap_starttls == 1) { NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n"); ndpi_int_mail_pop_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_POPS); - if(ndpi_struct->opportunistic_tls_pop_enabled) { + if(ndpi_struct->cfg.pop_opportunistic_tls_enabled) { NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n", flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]); /* We are done (in POP dissector): delegating TLS... */ diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 980ebb8c9..cf8e31146 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -418,7 +418,7 @@ int ndpi_extra_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_st 454 TLS not available due to temporary reason" */ - if(ndpi_struct->opportunistic_tls_smtp_enabled && + if(ndpi_struct->cfg.smtp_opportunistic_tls_enabled && packet->payload_packet_len > 3 && memcmp(packet->payload, "220", 3) == 0) { rc = 1; /* Switch classification to SMTPS, keeping the hostname sub-classification (if any) */ diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 59106c77e..ddb42c980 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -402,7 +402,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct, } else if(first_byte <= 63) { NDPI_LOG_DBG(ndpi_struct, "DTLS\n"); - if(ndpi_struct->opportunistic_tls_stun_enabled && + if(ndpi_struct->cfg.stun_opportunistic_tls_enabled && is_dtls(packet->payload, packet->payload_packet_len, &unused)) { /* Process this DTLS packet via TLS/DTLS code but keep using STUN dissection. diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 943b817a4..11ef6dd4a 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1163,7 +1163,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, printf("*** [TLS Block] No more blocks\n"); #endif /* An ookla flow? */ - if((ndpi_struct->aggressiveness_ookla & NDPI_AGGRESSIVENESS_OOKLA_TLS) && /* Feature enabled */ + if((ndpi_struct->cfg.ookla_aggressiveness & NDPI_AGGRESSIVENESS_OOKLA_TLS) && /* Feature enabled */ (!something_went_wrong && flow->tls_quic.certificate_processed == 1 && flow->protos.tls_quic.hello_processed == 1) && /* TLS handshake found without errors */ diff --git a/tests/cfgs/disable_aggressiveness/config.txt b/tests/cfgs/disable_aggressiveness/config.txt index 1504f51be..6a4f24099 100644 --- a/tests/cfgs/disable_aggressiveness/config.txt +++ b/tests/cfgs/disable_aggressiveness/config.txt @@ -1 +1 @@ --Z ookla:0 +--cfg=ookla,aggressiveness,0x0 |