From b190dab6bc23bcacf127f1f8d93df257f40bb898 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Mon, 25 Jul 2022 12:57:33 +0200 Subject: Improve handling of HTTP-Proxy and HTTP-Connect (#1673) Treat HTTP-Proxy and HTTP-Connect flows like the HTTP ones: print/serialize all the attributes and allow parsing of replies. The line about "1kxun" has been removed to avoid regressions in 1KXUN classification in `tests/pcap/1kxun.pcap`. I haven't fully understod what was happening but the comment at the beginning of `static ndpi_category_match category_match[]` says that we can't have overlaps between `host_match` and `category_match` lists and that is no longer true since 938e89ca. Bottom line: removing this line seems the right thing to do, anyway. --- src/lib/ndpi_utils.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/lib/ndpi_utils.c') diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 6a58b5982..5471b911c 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1299,6 +1299,8 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, break; case NDPI_PROTOCOL_HTTP: + case NDPI_PROTOCOL_HTTP_CONNECT: + case NDPI_PROTOCOL_HTTP_PROXY: ndpi_serialize_start_of_block(serializer, "http"); if(flow->host_server_name[0] != '\0') ndpi_serialize_string_string(serializer, "hostname", flow->host_server_name); -- cgit v1.2.3