From dcbd42ae1f8f6883867f3d8037c705b711d7e79d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 10 Apr 2019 11:46:27 +0200 Subject: [PATCH] Fixed suricata README Tiny flow change to avoid false positives when the application protocol is not NULL --- doc/README.suricata | 4 ++-- include/Flow.h | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/README.suricata b/doc/README.suricata index 211408939b..7ab7609666 100644 --- a/doc/README.suricata +++ b/doc/README.suricata @@ -22,7 +22,7 @@ specifying the IP and port where ntopng will listen for connections. This can be configured by creating a new under /etc/rsyslog.d. Example: cat /etc/rsyslog.d/99-remote.conf - *.* action(type="omfwd" target="192.168.2.222" port="9999" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000”) + *.* action(type="omfwd" target="127.0.0.1" port="9999" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000") Please restart the rsyslog service in order to apply the configuration: @@ -31,7 +31,7 @@ Please restart the rsyslog service in order to apply the configuration: 3. ntopng needs to be configured using '-i syslog://:' as interface name to listen for connections on the specified and . Example: - ntopng -i syslog://192.168.2.222:9999 + ntopng -i syslog://127.0.0.1:9999 Note: multiple simultaneous clients (rsyslog) are supported. diff --git a/include/Flow.h b/include/Flow.h index 84832dd6b9..da5b915800 100644 --- a/include/Flow.h +++ b/include/Flow.h @@ -192,7 +192,9 @@ class Flow : public GenericHashEntry { (srv_host->getDeviceAllowedProtocolStatus(ndpiDetectedProtocol, false) == device_proto_allowed))); } char* printTCPflags(u_int8_t flags, char * const buf, u_int buf_len) const; - inline bool isProto(u_int16_t p ) const { return((ndpi_get_lower_proto(ndpiDetectedProtocol) == p) ? true : false); } + inline bool isProto(u_int16_t p) const { return(((ndpiDetectedProtocol.master_protocol == p) + || (ndpiDetectedProtocol.app_protocol == p)) + ? true : false); } #ifdef NTOPNG_PRO void update_pools_stats(const struct timeval *tv, u_int64_t diff_sent_packets, u_int64_t diff_sent_bytes,