From 402fab9dc3b2c44e3b2300a69c97344fb39b6f5a Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Mon, 18 Nov 2024 18:02:24 +0100 Subject: [PATCH] Add ftflow_pcap -N option to disable guess --- userland/examples_ft/ftflow_pcap.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/userland/examples_ft/ftflow_pcap.c b/userland/examples_ft/ftflow_pcap.c index 24251d05d..f344f7899 100644 --- a/userland/examples_ft/ftflow_pcap.c +++ b/userland/examples_ft/ftflow_pcap.c @@ -248,6 +248,7 @@ void print_help(void) { printf("-h Print help\n"); printf("-i Device name or PCAP file\n"); printf("-7 Enable L7 protocol detection (nDPI)\n"); + printf("-N Disable L7 protocol guess (nDPI)\n"); printf("-F Load filtering/shunting rules from file\n"); printf("-p Load nDPI custom protocols from file\n"); printf("-c Load nDPI categories by host from file\n"); @@ -272,6 +273,7 @@ int main(int argc, char* argv[]) { struct bpf_program fcode; u_int32_t ft_flags = 0; char *categories_file = NULL; + int no_guess = 0; int rc; #ifdef CUSTOM_NDPI struct ndpi_detection_module_struct *ndpi_mod; @@ -280,7 +282,7 @@ int main(int argc, char* argv[]) { startTime.tv_sec = 0; - while ((c = getopt(argc,argv,"c:dhi:vf:p:q7F:")) != '?') { + while ((c = getopt(argc,argv,"c:dhi:vf:p:q7F:N")) != '?') { if ((c == 255) || (c == -1)) break; switch(c) { @@ -313,6 +315,9 @@ int main(int argc, char* argv[]) { case '7': enable_l7 = 1; break; + case 'N': + no_guess = 1; + break; case 'F': enable_l7 = 1; configuration_file = strdup(optarg); @@ -331,6 +336,8 @@ int main(int argc, char* argv[]) { #ifdef PRINT_NDPI_INFO ft_flags |= PFRING_FT_TABLE_FLAGS_DPI_EXTRA; #endif + if (no_guess) + ft_flags |= PFRING_FT_TABLE_FLAGS_NO_GUESS; #endif ft_flags |= PFRING_FT_DECODE_TUNNELS; }