From fcbdd58a526a1c05abfebb08924a8d82eece4200 Mon Sep 17 00:00:00 2001
From: Simone Mainardi <mainardi@ntop.org>
Date: Thu, 19 Dec 2019 19:58:11 +0100
Subject: [PATCH] Implements custom protocols for ZMQ interfaces

---
 src/ParserInterface.cpp | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/ParserInterface.cpp b/src/ParserInterface.cpp
index 0e37a7eb62..48dba12502 100755
--- a/src/ParserInterface.cpp
+++ b/src/ParserInterface.cpp
@@ -311,7 +311,29 @@ void ParserInterface::processFlow(ParsedFlow *zflow) {
   p.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
 
   if(!flow->isDetectionCompleted()) {
+    ndpi_protocol guessed_protocol = Flow::ndpiUnknownProtocol;
+    u_int8_t is_proto_user_defined;
+
+    /* First, there's an attempt to guess the protocol so that custom protocols
+       defined in ntopng will still be applied to the protocols detected by nprobe. */
+    guessed_protocol.app_protocol = (int16_t)ndpi_guess_protocol_id(get_ndpi_struct(),
+								   NULL, flow->get_protocol(),
+								   flow->get_cli_port(),
+								   flow->get_srv_port(),
+								   &is_proto_user_defined);
+    if(guessed_protocol.app_protocol >= NDPI_MAX_SUPPORTED_PROTOCOLS) {
+      /* If the protocol is greater than NDPI_MAX_SUPPORTED_PROTOCOLS, it means it is
+         a custom protocol so the application protocol received from nprobe can be
+         overridden */
+      p.app_protocol = guessed_protocol.app_protocol;
+    }
+
+    /* Now, depending on the q and on the zflow, there's an additional check
+       to possibly override the category, according to the rules specified
+       in ntopng */
     flow->fillZmqFlowCategory(zflow, &p);
+
+    /* Here everything is setup and it is possible to set the actual protocol to the flow */
     flow->setDetectedProtocol(p, true);
   }