diff options
| -rw-r--r-- | example/ndpi_util.c | 38 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/skype.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/ssl.c | 2 |
5 files changed, 30 insertions, 19 deletions
diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 328047b90..b4d588c67 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -653,25 +653,33 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, } if(!flow->detection_completed) { + u_int enough_packets = + (((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > 8)) + || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) ? 1 : 0; + flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, ipsize, time, src, dst); - if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) - || ((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > 8)) - || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) { - /* New protocol detected or give up */ - flow->detection_completed = 1; - - /* Check if we should keep checking extra packets */ - if(ndpi_flow && ndpi_flow->check_extra_packets) - flow->check_extra_packets = 1; - - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, - enable_protocol_guess); - - process_ndpi_collected_info(workflow, flow); + if(enough_packets || (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN)) { + if((!enough_packets) + && (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL) + && (flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server[0] == '\0')) + ; /* Wait for JA3S certificate */ + else { + /* New protocol detected or give up */ + flow->detection_completed = 1; + + /* Check if we should keep checking extra packets */ + if(ndpi_flow && ndpi_flow->check_extra_packets) + flow->check_extra_packets = 1; + + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, + enable_protocol_guess); + + process_ndpi_collected_info(workflow, flow); + } } } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 206007a66..a0a3c92af 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -809,6 +809,9 @@ extern "C" { u_int8_t ndpi_is_safe_ssl_cipher(u_int32_t cipher); const char* ndpi_cipher2str(u_int32_t cipher); + u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + #ifdef __cplusplus } #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index bf9c4069e..fcc159350 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3888,8 +3888,8 @@ void ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -static u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { +u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { u_int16_t ret = NDPI_PROTOCOL_UNKNOWN; if(flow->packet.iph) { diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 35dcb0161..b36e03277 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -24,7 +24,7 @@ #include "ndpi_api.h" static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - //printf("-> payload_len=%u\n", flow->packet.payload_packet_len); + /* printf("-> payload_len=%u\n", flow->packet.payload_packet_len); */ NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE); diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 9b3a6c51b..947b8371d 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" -/* #define CERTIFICATE_DEBUG 1 */ +/* #define CERTIFICATE_DEBUG 1 */ #define NDPI_MAX_SSL_REQUEST_SIZE 10000 |