From fbb7b8c5784f4c9a4cb47c2d411bf906cc7271d4 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <nardi.ivan@gmail.com>
Date: Tue, 4 Mar 2025 16:08:48 +0100
Subject: custom rules: try to have a coherent behaviour

Custom rules with *new* protocols are checked "first": if there is a
match, the first packet of the flow provides a complete and final
classification.

The same logic should apply to custom rules with "existing" protocols:
if there is match, nDPI shouldn't do anything else.

Remove the `tcp:3000@ntop` custom rule.

Fix the default port for ElasticSearch (in the protocol file)
---
 example/protos.txt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'example/protos.txt')

diff --git a/example/protos.txt b/example/protos.txt
index 810ea1911..8da9ca0b9 100644
--- a/example/protos.txt
+++ b/example/protos.txt
@@ -4,8 +4,7 @@
 tcp:81,tcp:8181@HTTP
 udp:5062@SIP
 tcp:860,udp:860,tcp:3260,udp:3260@iSCSI
-tcp:3000@ntop
-tcp:9002@Elasticsearch
+tcp:9200@Elasticsearch
 tcp:5601@Kibana
 tcp:65535@TestProto
 
-- 
cgit v1.2.3