diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e70fb87ec..3e16ca5c1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4394,6 +4394,8 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) { static default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_str, u_int8_t proto, u_int16_t sport, u_int16_t dport) { default_ports_tree_node_t node; + /* Set use_sport to config value if direction detection is enabled */ + int use_sport = ndpi_str->cfg.direction_detect_enabled ? ndpi_str->cfg.use_client_port_in_guess : 1; if(sport && dport) { const void *ret; @@ -4402,7 +4404,7 @@ static default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detec ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot, default_ports_tree_node_t_cmp); - if(ret == NULL) { + if(ret == NULL && use_sport) { node.default_port = sport; ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot, default_ports_tree_node_t_cmp); @@ -7425,6 +7427,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_str->packet; u_int16_t ret = NDPI_PROTOCOL_UNKNOWN; + int use_client = ndpi_str->cfg.use_client_ip_in_guess; if(packet->iph) { struct in_addr addr; @@ -7433,7 +7436,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ addr.s_addr = flow->s_address.v4; ret = ndpi_network_port_ptree_match(ndpi_str, &addr, flow->s_port); - if(ret == NDPI_PROTOCOL_UNKNOWN) { + if(ret == NDPI_PROTOCOL_UNKNOWN && use_client) { addr.s_addr = flow->c_address.v4; ret = ndpi_network_port_ptree_match(ndpi_str, &addr, flow->c_port); } @@ -7444,7 +7447,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ addr = *(struct in6_addr *)&flow->s_address.v6; ret = ndpi_network_port_ptree6_match(ndpi_str, &addr, flow->s_port); - if(ret == NDPI_PROTOCOL_UNKNOWN) { + if(ret == NDPI_PROTOCOL_UNKNOWN && use_client) { addr = *(struct in6_addr *)&flow->c_address.v6; ret = ndpi_network_port_ptree6_match(ndpi_str, &addr, flow->c_port); } @@ -11510,6 +11513,8 @@ static const struct cfg_param { { NULL, "packets_limit_per_flow", "32", "0", "255", CFG_PARAM_INT, __OFF(max_packets_to_process), NULL }, { NULL, "flow.direction_detection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(direction_detect_enabled), NULL }, { NULL, "flow.track_payload", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(track_payload_enabled), NULL }, + { NULL, "flow.use_client_ip_in_guess", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(use_client_ip_in_guess), NULL}, + { NULL, "flow.use_client_port_in_guess", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(use_client_port_in_guess), NULL}, { NULL, "tcp_ack_payload_heuristic", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tcp_ack_paylod_heuristic), NULL }, { NULL, "fully_encrypted_heuristic", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic), NULL }, { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), NULL }, |