From b190dab6bc23bcacf127f1f8d93df257f40bb898 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Mon, 25 Jul 2022 12:57:33 +0200
Subject: Improve handling of HTTP-Proxy and HTTP-Connect (#1673)

Treat HTTP-Proxy and HTTP-Connect flows like the HTTP ones:
print/serialize all the attributes and allow parsing of replies.

The line about "1kxun" has been removed to avoid regressions in 1KXUN
classification in `tests/pcap/1kxun.pcap`. I haven't fully understod
what was happening but the comment at the beginning of `static
ndpi_category_match category_match[]` says that we can't have overlaps
between `host_match` and `category_match` lists and that is no longer true
since 938e89ca.
Bottom line: removing this line seems the right thing to do, anyway.
---
 example/reader_util.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'example')

diff --git a/example/reader_util.c b/example/reader_util.c
index 2344937ad..dfeeb8672 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1140,8 +1140,9 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
                   "%s", flow->ndpi_flow->protos.kerberos.username);
   }
   /* HTTP */
-  else if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_HTTP)
-	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP)) {
+  else if(is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP)
+	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_PROXY)
+	  || is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP_CONNECT)) {
     if(flow->ndpi_flow->http.url != NULL) {
       ndpi_snprintf(flow->http.url, sizeof(flow->http.url), "%s", flow->ndpi_flow->http.url);
       flow->http.response_status_code = flow->ndpi_flow->http.response_status_code;
-- 
cgit v1.2.3