From 9b91623d574e199bd157d1db5d5f14ac4ff7e070 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Fri, 6 Oct 2017 15:20:36 +0200
Subject: Added ndpi_is_subprotocol_informative() API call

---
 src/include/ndpi_api.h | 16 ++++++++++++++--
 src/lib/ndpi_main.c    | 28 ++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index ce8489829..4193a2c57 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -439,10 +439,22 @@ extern "C" {
   void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod,
 			       u_int16_t protoId, ndpi_protocol_category_t protoCategory);
 
+  /**
+   * Check if subprotocols of the specified master protocol are just
+   * informative (and not real)
+   *
+   * @par     mod           = the detection module
+   * @par     protoId       = the (master) protocol identifier to query
+   * @return  1 = the subprotocol is informative, 0 otherwise.
+   *
+   */
+  u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod,
+					   u_int16_t protoId);
+
   /**
    * Get protocol category as string
    *
-   * @par     mod           = the detection module                                                                                                                                   
+   * @par     mod           = the detection module
    * @par     category      = the category associated to the protocol
    * @return  the string name of the category
    *
@@ -453,7 +465,7 @@ extern "C" {
   /**
    * Set protocol category string
    *
-   * @par     mod           = the detection module                                                                                                                                   
+   * @par     mod           = the detection module
    * @par     category      = the category associated to the protocol
    * @paw     name          = the string name of the category
    *
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 0551d56f3..d7583f520 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -452,6 +452,34 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod,
 
 /* ********************************************************************************** */
 
+/*
+  There are some (master) protocols that are informative, meaning that it shows
+  what is the subprotocol about, but also that the subprotocol isn't a real protocol.
+
+  Example:
+  - DNS is informative as if we see a DNS request for www.facebook.com, the
+    returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but
+    rather it indicates a query for Facebook and not Facebook traffic.
+  - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is
+    SSL (HTTPS) traffic containg Facebook traffic.
+ */
+u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod,
+					 u_int16_t protoId) {
+  if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)
+    return(0);
+
+  switch(protoId) {
+  case NDPI_PROTOCOL_DNS:
+    return(1);
+    break;
+
+  default:
+    return(0);
+  }
+}
+
+/* ********************************************************************************** */
+
 void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
 			     ndpi_protocol_breed_t breed, u_int16_t protoId,
 			     u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2],
-- 
cgit v1.2.3