From 3e5491fa109fccfb28cd170d7a1dc3e55e7531e8 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Thu, 11 Nov 2021 12:36:55 +0100 Subject: Add detection of OCSP (#1370) This protocol is detected via HTTP Content-Type header. Until 89d548f9, nDPI had a dedicated automa (`content_automa`) to classify a HTTP flow according to this header. Since then, this automa has been useless because it is always empty. Re-enable it to match only a string seems overkilling. Remove all `content_automa` leftovers. --- src/lib/protocols/http.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index bb5b38eed..932b0f451 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -682,11 +682,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } if(flow->http_detected && packet->content_line.ptr && *(char*)packet->content_line.ptr) { - ndpi_protocol_match_result ret_match; - - ndpi_match_content_subprotocol(ndpi_struct, flow, - (char*)packet->content_line.ptr, packet->content_line.len, - &ret_match, NDPI_PROTOCOL_HTTP); + /* Matching on Content-Type. + OCSP: application/ocsp-request, application/ocsp-response + */ + if(strncmp((const char *)packet->content_line.ptr, "application/ocsp-", 17) == 0) { + NDPI_LOG_DBG2(ndpi_struct, "Found OCSP\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_HTTP); + } } } -- cgit v1.2.3