From eea3c448de75bcb63f505957fbcbf4e36a3b8d88 Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Mon, 12 Sep 2022 20:27:59 +0200 Subject: HTTP: remove some wrong code This code seems wrong or in the wrong place, at least: * "classification by port" and "classification by ip" protocols (i.e "guessed" protocols) should be used to set the protocol stack only after trying all the dissectors, and only by the generic code * there are no reason (for a dissector) to update the "guessed" information using the protocol stack values: it is usually the other way around (see previous point) --- src/lib/protocols/http.c | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 5a088c7c8..dd494702a 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -751,28 +751,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); } - /** - check result of host subprotocol detection - - if "detected" in flow == 0 then "detected" = "guess" - else "guess" = "detected" - **/ - if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) { - /* Avoid putting as subprotocol a "core" protocol such as SSL or DNS */ - if(ndpi_struct->proto_defaults[flow->guessed_protocol_id].subprotocol_count == 0) { - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && - flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, flow->guessed_protocol_id, NDPI_CONFIDENCE_DPI); - } - } - } - else { - if(flow->detected_protocol_stack[1] != flow->guessed_protocol_id) - flow->guessed_protocol_id = flow->detected_protocol_stack[1]; - if(flow->detected_protocol_stack[0] != flow->guessed_host_protocol_id) - flow->guessed_host_protocol_id = flow->detected_protocol_stack[0]; - } - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->http_detected) && (packet->http_origin.len > 0)) { -- cgit v1.2.3