From 8c5e6e9761e2cd490245fddf6327440bf8cff135 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sat, 11 May 2024 14:12:13 +0200
Subject: IRC: simplify detection (#2423)

IRC has its best times well behind, but there are still some servers
using it.

We should try to simplify the detection logic, still based on OpenDPI
logic.

Let's start with some easy changes:
* try to detect TLS connection via standard hostname/SNI matching,
removing an old heuristic (we have never had any trace matching it);
* add some basic server names;
* once we detect that the flow is IRC, we don't have to perform
anything else;
* remove HTTP stuff; real HTTP flows never trigger that data path
* use `ndpi_memmem()` when possible
---
 src/include/ndpi_typedefs.h | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'src/include/ndpi_typedefs.h')

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 08b8e490f..17275b60e 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -820,9 +820,6 @@ struct ndpi_flow_tcp_struct {
 
   /* NDPI_PROTOCOL_IRC */
   u_int32_t irc_3a_counter:3;
-  u_int32_t irc_stage2:5;
-  u_int32_t irc_direction:2;
-  u_int32_t irc_0x1000_full:1;
 
   /* NDPI_PROTOCOL_USENET */
   u_int32_t usenet_stage:2;
-- 
cgit v1.2.3