From 7571f48392ef3b79eb25b94f1da6932a137c4f02 Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Fri, 12 Aug 2022 16:40:41 +0200 Subject: Dissectors shouldn't update `flow->guessed_host_protocol_id` The field `flow->guessed_host_protocol_id` is set at the beginning of the flow analysis and it represents the "classification by ip" of the flow itself. This field should never be changed. Dissectors which want to provide an "hint" about the classification, should update `flow->guessed_protocol_id` instead. Such "hint" is useless if the dissector set the "extra-dissection" data-path. Rename such field to `guessed_protocol_id_by_ip` to better describe its role. Preliminary work necessary for #1687 --- src/lib/protocols/ssh.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'src/lib/protocols/ssh.c') diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 36e950ce1..935ec3cc7 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -209,8 +209,6 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct if(flow->extra_packets_func != NULL) return; - flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; - flow->max_extra_packets_to_check = 12; flow->extra_packets_func = search_ssh_again; @@ -445,7 +443,7 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct #endif NDPI_LOG_DBG2(ndpi_struct, "ssh stage 1 passed\n"); - flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; + flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; #ifdef SSH_DEBUG printf("[SSH] [completed stage: %u]\n", flow->l4.tcp.ssh_stage); -- cgit v1.2.3