From 3e5491fa109fccfb28cd170d7a1dc3e55e7531e8 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 11 Nov 2021 12:36:55 +0100
Subject: Add detection of OCSP (#1370)

This protocol is detected via HTTP Content-Type header.

Until 89d548f9, nDPI had a dedicated automa (`content_automa`) to
classify a HTTP flow according to this header. Since then, this automa has
been useless because it is always empty.
Re-enable it to match only a string seems overkilling.

Remove all `content_automa` leftovers.
---
 src/lib/protocols/http.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index bb5b38eed..932b0f451 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -682,11 +682,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
     }    
     
     if(flow->http_detected && packet->content_line.ptr && *(char*)packet->content_line.ptr) {
-      ndpi_protocol_match_result ret_match;
-
-      ndpi_match_content_subprotocol(ndpi_struct, flow,
-				     (char*)packet->content_line.ptr, packet->content_line.len,
-				     &ret_match, NDPI_PROTOCOL_HTTP);
+      /* Matching on Content-Type.
+          OCSP:  application/ocsp-request, application/ocsp-response
+       */
+      if(strncmp((const char *)packet->content_line.ptr, "application/ocsp-", 17) == 0) {
+        NDPI_LOG_DBG2(ndpi_struct, "Found OCSP\n");
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_HTTP);
+      }
     }
   }
 
-- 
cgit v1.2.3