Added ndpi_is_subprotocol_informative() API call

2026-05-05 19:15:12 +00:00 · 2017-10-06 15:20:36 +02:00 · 2017-10-06 15:20:36 +02:00 · 9b91623d57
commit 9b91623d57
parent 27d66f6845
3 changed files with 43 additions and 2 deletions
--- a/libndpi.sym
+++ b/libndpi.sym
@ -58,3 +58,4 @@ ndpi_netbios_name_interpret
 ndpi_category_set_name
 ndpi_category_get_name
 ndpi_is_custom_category
+ndpi_is_subprotocol_informative
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@ -439,10 +439,22 @@ extern "C" {
  void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod,
 			       u_int16_t protoId, ndpi_protocol_category_t protoCategory);

+  /**
+   * Check if subprotocols of the specified master protocol are just
+   * informative (and not real)
+   *
+   * @par     mod           = the detection module
+   * @par     protoId       = the (master) protocol identifier to query
+   * @return  1 = the subprotocol is informative, 0 otherwise.
+   *
+   */
+  u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod,
+					   u_int16_t protoId);
+
  /**
   * Get protocol category as string
   *
-   * @par     mod           = the detection module                                                                                                                                   
+   * @par     mod           = the detection module
   * @par     category      = the category associated to the protocol
   * @return  the string name of the category
   *
@ -453,7 +465,7 @@ extern "C" {
  /**
   * Set protocol category string
   *
-   * @par     mod           = the detection module                                                                                                                                   
+   * @par     mod           = the detection module
   * @par     category      = the category associated to the protocol
   * @paw     name          = the string name of the category
   *
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@ -452,6 +452,34 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod,

 /* ********************************************************************************** */

+/*
+  There are some (master) protocols that are informative, meaning that it shows
+  what is the subprotocol about, but also that the subprotocol isn't a real protocol.
+
+  Example:
+  - DNS is informative as if we see a DNS request for www.facebook.com, the
+    returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but
+    rather it indicates a query for Facebook and not Facebook traffic.
+  - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is
+    SSL (HTTPS) traffic containg Facebook traffic.
+ */
+u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod,
+					 u_int16_t protoId) {
+  if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)
+    return(0);
+
+  switch(protoId) {
+  case NDPI_PROTOCOL_DNS:
+    return(1);
+    break;
+
+  default:
+    return(0);
+  }
+}
+
+/* ********************************************************************************** */
+
 void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
 			     ndpi_protocol_breed_t breed, u_int16_t protoId,
 			     u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2],