From e2ed23a72ae6027a52f7d92a0e96c56af8459600 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 27 Sep 2024 18:51:47 +0200
Subject: Let the library returning the packet direction calculated internally
 (#2572)

wireshark, lua: add basic analysis of possible obfuscated flows
---
 src/include/ndpi_api.h      | 4 ++--
 src/include/ndpi_private.h  | 2 +-
 src/include/ndpi_typedefs.h | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/include')

diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index d2ba9816e..edfb497d4 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -334,7 +334,7 @@ extern "C" {
 				 const unsigned char *packet,
 				 const unsigned short packetlen,
 				 const u_int64_t packet_time_ms,
-				 const struct ndpi_flow_input_info *input_info);
+				 struct ndpi_flow_input_info *input_info);
 
   /**
    * Processes one packet and returns the ID of the detected protocol.
@@ -354,7 +354,7 @@ extern "C" {
 					      const unsigned char *packet,
 					      const unsigned short packetlen,
 					      const u_int64_t packet_time_ms,
-					      const struct ndpi_flow_input_info *input_info);
+					      struct ndpi_flow_input_info *input_info);
   /**
    * Get the main protocol of the passed flows for the detected module
    *
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index 3aa17ed3c..c7eef1e0b 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -404,7 +404,7 @@ struct ndpi_detection_module_struct {
 
   /* Current packet */
   struct ndpi_packet_struct packet;
-  const struct ndpi_flow_input_info *input_info;
+  struct ndpi_flow_input_info *input_info;
 
 #ifdef HAVE_NBPF
   u_int8_t num_nbpf_custom_proto;
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index fc0a2cf16..1973bd981 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -645,7 +645,7 @@ struct ndpi_gre_basehdr {
  * Optional information about flow management (per packet)
  */
 struct ndpi_flow_input_info {
-  unsigned char in_pkt_dir;
+  unsigned char in_pkt_dir; /* If unknown, the library might *returns* to the application the direction calculated internally */
   unsigned char seen_flow_beginning;
 };
 
-- 
cgit v1.2.3