@@ -1153,104 +1153,6 @@ struct ndpi_risk_information {
11531153 char * info ;
11541154};
11551155
1156- struct ndpi_detection_module_config_struct {
1157- int max_packets_to_process ;
1158- int direction_detect_enabled ;
1159- /* In some networks, there are some anomalous TCP flows where
1160- the smallest ACK packets have some kind of zero padding.
1161- It looks like the IP and TCP headers in those frames wrongly consider the
1162- 0x00 Ethernet padding bytes as part of the TCP payload.
1163- While this kind of packets is perfectly valid per-se, in some conditions
1164- they might be treated by the TCP reassembler logic as (partial) overlaps,
1165- deceiving the classification engine.
1166- Add an heuristic to detect these packets and to ignore them, allowing
1167- correct detection/classification.
1168- See #1946 for other details */
1169- int tcp_ack_paylod_heuristic ;
1170- /* Heuristic to detect fully encrypted sessions, i.e. flows where every bytes of
1171- the payload is encrypted in an attempt to “look like nothing”.
1172- This heuristic only analyzes the first packet of the flow.
1173- See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf */
1174- int fully_encrypted_heuristic ;
1175- int track_payload_enabled ;
1176- int libgcrypt_init ;
1177- int guess_on_giveup ;
1178-
1179- char * filename_protocols ;
1180- char * filename_categories ;
1181- char * filename_malicious_sha1 ;
1182- char * filename_malicious_ja3 ;
1183- char * filename_risky_domains ;
1184- char * dirname_domains ;
1185-
1186- char * filename_config ;
1187-
1188- NDPI_PROTOCOL_BITMASK detection_bitmask ;
1189-
1190- /* LRU caches */
1191-
1192- int ookla_cache_num_entries ;
1193- int ookla_cache_ttl ;
1194- int bittorrent_cache_num_entries ;
1195- int bittorrent_cache_ttl ;
1196- int zoom_cache_num_entries ;
1197- int zoom_cache_ttl ;
1198- int stun_cache_num_entries ;
1199- int stun_cache_ttl ;
1200- int tls_cert_cache_num_entries ;
1201- int tls_cert_cache_ttl ;
1202- int mining_cache_num_entries ;
1203- int mining_cache_ttl ;
1204- int msteams_cache_num_entries ;
1205- int msteams_cache_ttl ;
1206- int stun_zoom_cache_num_entries ;
1207- int stun_zoom_cache_ttl ;
1208-
1209- /* Protocols */
1210-
1211- int tls_certificate_expire_in_x_days ;
1212- int tls_app_blocks_tracking_enabled ;
1213- int tls_sha1_fingerprint_enabled ;
1214-
1215- int smtp_opportunistic_tls_enabled ;
1216-
1217- int imap_opportunistic_tls_enabled ;
1218-
1219- int pop_opportunistic_tls_enabled ;
1220-
1221- int ftp_opportunistic_tls_enabled ;
1222-
1223- int stun_opportunistic_tls_enabled ;
1224-
1225- int dns_subclassification_enabled ;
1226- int dns_parse_response_enabled ;
1227-
1228- int http_parse_response_enabled ;
1229-
1230- int ookla_aggressiveness ;
1231-
1232- int ip_lists_enabled ;
1233- int ip_list_amazonaws_enabled ;
1234- int ip_list_azure_enabled ;
1235- int ip_list_cachefly_enabled ;
1236- int ip_list_cloudflare_enabled ;
1237- int ip_list_google_enabled ;
1238- int ip_list_googlecloud_enabled ;
1239- int ip_list_microsoft_enabled ;
1240- int ip_list_ethereum_enabled ;
1241- int ip_list_mullvad_enabled ;
1242- int ip_list_protonvpn_enabled ;
1243- int ip_list_tor_enabled ;
1244- int ip_list_whatsapp_enabled ;
1245- int ip_list_zoom_enabled ;
1246- int asn_lists_enabled ;
1247-
1248- int flow_risk_lists_enabled ;
1249- int risk_anonymous_subscriber_list_icloudprivaterelay_enabled ;
1250- int risk_anonymous_subscriber_list_protonvpn_enabled ;
1251- int risk_crawler_bot_list_enabled ;
1252- };
1253-
12541156struct ndpi_flow_struct {
12551157 u_int16_t detected_protocol_stack [NDPI_PROTOCOL_SIZE ];
12561158
0 commit comments