From de59eb823724cea1f197f8012f41e6cb159b2a56 Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Tue, 4 Oct 2022 11:18:09 +0200
Subject: Added the ability to track the payload via -E and via the new option
 'ndpi_track_flow_payload'

---
 src/include/ndpi_typedefs.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/include')

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 8d7f1e864..a8b270b6d 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -650,7 +650,6 @@ struct ndpi_lru_cache {
 /* ************************************************** */
 
 struct ndpi_flow_tcp_struct {
-
   /* NDPI_PROTOCOL_MAIL_SMTP */
   /* NDPI_PROTOCOL_MAIL_POP */
   /* NDPI_PROTOCOL_MAIL_IMAP */
@@ -1242,6 +1241,8 @@ struct ndpi_detection_module_struct {
   u_int8_t num_nbpf_custom_proto;
   nbpf_filter nbpf_custom_proto[MAX_NBPF_CUSTOM_PROTO];
 #endif
+
+  u_int16_t max_payload_track_len;    
 };
 
 #endif /* NDPI_LIB_COMPILATION */
@@ -1554,6 +1555,10 @@ struct ndpi_flow_struct {
   /* NDPI_PROTOCOL_TINC */
   u_int8_t tinc_state;
 
+  /* Flow payload */
+  u_int16_t flow_payload_len;
+  char *flow_payload;
+  
   /* 
      Leave this field below at the end
      The field below can be used by third
@@ -1619,6 +1624,7 @@ typedef enum {
     ndpi_dont_load_icloud_private_relay_list  = (1 << 13),
     ndpi_dont_init_risk_ptree      = (1 << 14),
     ndpi_dont_load_cachefly_list   = (1 << 15),
+    ndpi_track_flow_payload        = (1 << 16),
   } ndpi_prefs;
 
 typedef struct {
-- 
cgit v1.2.3