From 3c64e0ff55e0f3f0742bfee082eee37dcbd4c871 Mon Sep 17 00:00:00 2001
From: aouinizied <aouinizied@gmail.com>
Date: Mon, 8 Mar 2021 19:08:02 +0100
Subject: [PATCH] Update nDPI definitions.

---
 nfstream/engine/engine.py   | 11 +++++++----
 nfstream/engine/engine_cc.c |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/nfstream/engine/engine.py b/nfstream/engine/engine.py
index b87a7f8..5b14dba 100644
--- a/nfstream/engine/engine.py
+++ b/nfstream/engine/engine.py
@@ -157,7 +157,8 @@ typedef enum {
   NDPI_HTTP_SUSPICIOUS_CONTENT,
   NDPI_RISKY_ASN,
   NDPI_RISKY_DOMAIN,
-  NDPI_RISKY_COUNTRY,
+  NDPI_MALICIOUS_JA3,
+  NDPI_MALICIOUS_SHA1,
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 31 due to (**) */
 } ndpi_risk_enum;
@@ -785,12 +786,14 @@ struct ndpi_detection_module_struct {
   unsigned ndpi_num_supported_protocols;
   unsigned ndpi_num_custom_protocols;
 
-  /* HTTP/DNS/HTTPS host matching */
+  /* HTTP/DNS/HTTPS/QUIC host matching */
   ndpi_automa host_automa,                     /* Used for DNS/HTTPS */
     content_automa,                            /* Used for HTTP subprotocol_detection */
     subprotocol_automa,                        /* Used for HTTP subprotocol_detection */
-    bigrams_automa, impossible_bigrams_automa; /* TOR */
-  /* IMPORTANT: please update ndpi_finalize_initalization() whenever you add a new automa */
+    bigrams_automa, trigrams_automa, impossible_bigrams_automa, /* TOR */
+    risky_domain_automa, tls_cert_subject_automa,
+    malicious_ja3_automa, malicious_sha1_automa;
+  /* IMPORTANT: please update ndpi_finalize_initialization() whenever you add a new automa */
 
   struct {
     ndpi_automa hostnames, hostnames_shadow;
diff --git a/nfstream/engine/engine_cc.c b/nfstream/engine/engine_cc.c
index cd04352..27b1684 100644
--- a/nfstream/engine/engine_cc.c
+++ b/nfstream/engine/engine_cc.c
@@ -1941,7 +1941,7 @@ void dissector_configure(struct ndpi_detection_module_struct *dissector) {
       NDPI_PROTOCOL_BITMASK protos;
       NDPI_BITMASK_SET_ALL(protos); // Set bitmask for ALL protocols
       ndpi_set_protocol_detection_bitmask2(dissector, &protos);
-      ndpi_finalize_initalization(dissector);
+      ndpi_finalize_initialization(dissector);
     }
 }