config: struct ndpi_detection_module_config_struct should be private

ntop · Dec 27, 2023 · bf06393 · bf06393
1 parent f5c3757
commit bf06393
Show file tree

Hide file tree

Showing 2 changed files with 98 additions and 98 deletions.
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -1153,104 +1153,6 @@ struct ndpi_risk_information {
   char *info;  
 };
 
-struct ndpi_detection_module_config_struct {
-  int max_packets_to_process;
-  int direction_detect_enabled;
- /* In some networks, there are some anomalous TCP flows where
-    the smallest ACK packets have some kind of zero padding.
-    It looks like the IP and TCP headers in those frames wrongly consider the
-    0x00 Ethernet padding bytes as part of the TCP payload.
-    While this kind of packets is perfectly valid per-se, in some conditions
-    they might be treated by the TCP reassembler logic as (partial) overlaps,
-    deceiving the classification engine.
-    Add an heuristic to detect these packets and to ignore them, allowing
-    correct detection/classification.
-    See #1946 for other details */
-  int tcp_ack_paylod_heuristic;
-  /* Heuristic to detect fully encrypted sessions, i.e. flows where every bytes of
-     the payload is encrypted in an attempt to “look like nothing”.
-     This heuristic only analyzes the first packet of the flow.
-     See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf */
-  int fully_encrypted_heuristic;
-  int track_payload_enabled;
-  int libgcrypt_init;
-  int guess_on_giveup;
-
-  char *filename_protocols;
-  char *filename_categories;
-  char *filename_malicious_sha1;
-  char *filename_malicious_ja3;
-  char *filename_risky_domains;
-  char *dirname_domains;
-
-  char *filename_config;
-
-  NDPI_PROTOCOL_BITMASK detection_bitmask;
-
-  /* LRU caches */
-
-  int ookla_cache_num_entries;
-  int ookla_cache_ttl;
-  int bittorrent_cache_num_entries;
-  int bittorrent_cache_ttl;
-  int zoom_cache_num_entries;
-  int zoom_cache_ttl;
-  int stun_cache_num_entries;
-  int stun_cache_ttl;
-  int tls_cert_cache_num_entries;
-  int tls_cert_cache_ttl;
-  int mining_cache_num_entries;
-  int mining_cache_ttl;
-  int msteams_cache_num_entries;
-  int msteams_cache_ttl;
-  int stun_zoom_cache_num_entries;
-  int stun_zoom_cache_ttl;
-
-  /* Protocols */
-
-  int tls_certificate_expire_in_x_days;
-  int tls_app_blocks_tracking_enabled;
-  int tls_sha1_fingerprint_enabled;
-
-  int smtp_opportunistic_tls_enabled;
-
-  int imap_opportunistic_tls_enabled;
-
-  int pop_opportunistic_tls_enabled;
-
-  int ftp_opportunistic_tls_enabled;
-
-  int stun_opportunistic_tls_enabled;
-
-  int dns_subclassification_enabled;
-  int dns_parse_response_enabled;
-
-  int http_parse_response_enabled;
-
-  int ookla_aggressiveness;
-
-  int ip_lists_enabled;
-  int ip_list_amazonaws_enabled;
-  int ip_list_azure_enabled;
-  int ip_list_cachefly_enabled;
-  int ip_list_cloudflare_enabled;
-  int ip_list_google_enabled;
-  int ip_list_googlecloud_enabled;
-  int ip_list_microsoft_enabled;
-  int ip_list_ethereum_enabled;
-  int ip_list_mullvad_enabled;
-  int ip_list_protonvpn_enabled;
-  int ip_list_tor_enabled;
-  int ip_list_whatsapp_enabled;
-  int ip_list_zoom_enabled;
-  int asn_lists_enabled;
-
-  int flow_risk_lists_enabled;
-  int risk_anonymous_subscriber_list_icloudprivaterelay_enabled;
-  int risk_anonymous_subscriber_list_protonvpn_enabled;
-  int risk_crawler_bot_list_enabled;
-};
-
 struct ndpi_flow_struct {
   u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
 

diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h
@@ -122,6 +122,104 @@ typedef struct {
 } nbpf_filter;
 #endif
 
+struct ndpi_detection_module_config_struct {
+  int max_packets_to_process;
+  int direction_detect_enabled;
+ /* In some networks, there are some anomalous TCP flows where
+    the smallest ACK packets have some kind of zero padding.
+    It looks like the IP and TCP headers in those frames wrongly consider the
+    0x00 Ethernet padding bytes as part of the TCP payload.
+    While this kind of packets is perfectly valid per-se, in some conditions
+    they might be treated by the TCP reassembler logic as (partial) overlaps,
+    deceiving the classification engine.
+    Add an heuristic to detect these packets and to ignore them, allowing
+    correct detection/classification.
+    See #1946 for other details */
+  int tcp_ack_paylod_heuristic;
+  /* Heuristic to detect fully encrypted sessions, i.e. flows where every bytes of
+     the payload is encrypted in an attempt to “look like nothing”.
+     This heuristic only analyzes the first packet of the flow.
+     See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf */
+  int fully_encrypted_heuristic;
+  int track_payload_enabled;
+  int libgcrypt_init;
+  int guess_on_giveup;
+
+  char *filename_protocols;
+  char *filename_categories;
+  char *filename_malicious_sha1;
+  char *filename_malicious_ja3;
+  char *filename_risky_domains;
+  char *dirname_domains;
+
+  char *filename_config;
+
+  NDPI_PROTOCOL_BITMASK detection_bitmask;
+
+  /* LRU caches */
+
+  int ookla_cache_num_entries;
+  int ookla_cache_ttl;
+  int bittorrent_cache_num_entries;
+  int bittorrent_cache_ttl;
+  int zoom_cache_num_entries;
+  int zoom_cache_ttl;
+  int stun_cache_num_entries;
+  int stun_cache_ttl;
+  int tls_cert_cache_num_entries;
+  int tls_cert_cache_ttl;
+  int mining_cache_num_entries;
+  int mining_cache_ttl;
+  int msteams_cache_num_entries;
+  int msteams_cache_ttl;
+  int stun_zoom_cache_num_entries;
+  int stun_zoom_cache_ttl;
+
+  /* Protocols */
+
+  int tls_certificate_expire_in_x_days;
+  int tls_app_blocks_tracking_enabled;
+  int tls_sha1_fingerprint_enabled;
+
+  int smtp_opportunistic_tls_enabled;
+
+  int imap_opportunistic_tls_enabled;
+
+  int pop_opportunistic_tls_enabled;
+
+  int ftp_opportunistic_tls_enabled;
+
+  int stun_opportunistic_tls_enabled;
+
+  int dns_subclassification_enabled;
+  int dns_parse_response_enabled;
+
+  int http_parse_response_enabled;
+
+  int ookla_aggressiveness;
+
+  int ip_lists_enabled;
+  int ip_list_amazonaws_enabled;
+  int ip_list_azure_enabled;
+  int ip_list_cachefly_enabled;
+  int ip_list_cloudflare_enabled;
+  int ip_list_google_enabled;
+  int ip_list_googlecloud_enabled;
+  int ip_list_microsoft_enabled;
+  int ip_list_ethereum_enabled;
+  int ip_list_mullvad_enabled;
+  int ip_list_protonvpn_enabled;
+  int ip_list_tor_enabled;
+  int ip_list_whatsapp_enabled;
+  int ip_list_zoom_enabled;
+  int asn_lists_enabled;
+
+  int flow_risk_lists_enabled;
+  int risk_anonymous_subscriber_list_icloudprivaterelay_enabled;
+  int risk_anonymous_subscriber_list_protonvpn_enabled;
+  int risk_crawler_bot_list_enabled;
+};
+
 struct ndpi_detection_module_struct {
   u_int64_t current_ts;
   u_int16_t num_tls_blocks_to_follow;