From 0a47f745cc87f967f0d8513b4178321e21a02efc Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Mon, 5 Sep 2022 13:59:51 +0200
Subject: Avoid useless host automa lookup (#1724)

The host automa is used for two tasks:
* protocol sub-classification (obviously);
* DGA evaluation: the idea is that if a domain is present in this
automa, it can't be a DGA, regardless of its format/name.

In most dissectors both checks are executed, i.e. the code is something
like:

```
ndpi_match_host_subprotocol(..., flow->host_server_name, ...);
ndpi_check_dga_name(..., flow->host_server_name,...);

```

In that common case, we can perform only one automa lookup: if we check the
sub-classification before the DGA, we can avoid the second lookup in
the DGA function itself.
---
 tests/result/netflix.pcap.out | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/result/netflix.pcap.out')

diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out
index 1b0c8b172..0952ca97d 100644
--- a/tests/result/netflix.pcap.out
+++ b/tests/result/netflix.pcap.out
@@ -13,7 +13,7 @@ LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-Automa host:          92/66 (search/found)
+Automa host:          72/50 (search/found)
 Automa domain:        72/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     13/0 (search/found)
-- 
cgit v1.2.3