From 9ce4d40d1490fb0f89d9d5eb6d249529cbd60513 Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Wed, 14 Sep 2022 10:44:16 +0200
Subject: Remove a case of guessed sub-classification

This code is triggered only for "unknown" flows with a valid
sni/hostname.
Why in that case the guessed classification should be
something like `DNS/Subprotocol_depending_on_hostname`? Why DNS as
master and not HTTP or TLS or QUIC?

Furthermore, I have not been able to trigger a positive match from that
lookup. I strongly think that if we had a valid subprotocol, we would
have a valid master in the first place.
In doubt, remove it completely.

As a follow up, we should investigate why some dissectors (the HTTP one,
at least) set the sni/hostname field without setting a valid protocol,
in the first place.
This behaviour seems quite suspicious, if not plainly buggy.
---
 tests/result/fuzz-2006-06-26-2594.pcap.out            | 4 ++--
 tests/result/http_guessed_host_and_guessed.pcapng.out | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'tests')

diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out
index ea9276842..133e48e1e 100644
--- a/tests/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/result/fuzz-2006-06-26-2594.pcap.out
@@ -14,8 +14,8 @@ LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-Automa host:          255/0 (search/found)
-Automa domain:        248/0 (search/found)
+Automa host:          254/0 (search/found)
+Automa domain:        247/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     38/0 (search/found)
 Automa common alpns:  0/0 (search/found)
diff --git a/tests/result/http_guessed_host_and_guessed.pcapng.out b/tests/result/http_guessed_host_and_guessed.pcapng.out
index 51a013bf2..f646a1472 100644
--- a/tests/result/http_guessed_host_and_guessed.pcapng.out
+++ b/tests/result/http_guessed_host_and_guessed.pcapng.out
@@ -10,8 +10,8 @@ LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-Automa host:          2/0 (search/found)
-Automa domain:        2/0 (search/found)
+Automa host:          1/0 (search/found)
+Automa domain:        1/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-- 
cgit v1.2.3