From 10afb257510fbbf8827492372a79ca6e1d3bd6f3 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <benjamin.drung@profitbricks.com>
Date: Tue, 30 Jan 2018 10:33:25 +0100
Subject: [PATCH] Support nDPI 2.2

nDPI 2.0 renamed detected_protocol.protocol to
detected_protocol.app_protocol (to avoid confusion).

fixes #699
Bug-Debian: https://bugs.debian.org/887623
---
 src/fastnetmon.cpp | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/fastnetmon.cpp b/src/fastnetmon.cpp
index c1a43dab..f337e483 100644
--- a/src/fastnetmon.cpp
+++ b/src/fastnetmon.cpp
@@ -3699,24 +3699,29 @@ void produce_dpi_dump_for_pcap_dump(std::string pcap_file_path, std::stringstrea
 
         ndpi_protocol detected_protocol = dpi_parse_packet(packet_buffer, pcap_packet_header.orig_len, pcap_packet_header.incl_len, src, dst, flow, parsed_packet_as_string);
 
-        char* protocol_name = ndpi_get_proto_name(my_ndpi_struct, detected_protocol.protocol);
+#if NDPI_MAJOR >= 2
+        u_int16_t app_protocol = detected_protocol.app_protocol;
+#else
+        u_int16_t app_protocol = detected_protocol.protocol;
+#endif
+        char* protocol_name = ndpi_get_proto_name(my_ndpi_struct, app_protocol);
         char* master_protocol_name = ndpi_get_proto_name(my_ndpi_struct, detected_protocol.master_protocol); 
 
-        if (detected_protocol.protocol == NDPI_PROTOCOL_DNS) {
+        if (app_protocol == NDPI_PROTOCOL_DNS) {
             // It's answer for ANY request with so much
             if (flow->protos.dns.query_type == 255 && flow->protos.dns.num_queries < flow->protos.dns.num_answers) {
                 dns_amplification_packets++;
             }
 
-        } else if (detected_protocol.protocol == NDPI_PROTOCOL_NTP) {
+        } else if (app_protocol == NDPI_PROTOCOL_NTP) {
             // Detect packets with type MON_GETLIST_1
             if (flow->protos.ntp.version == 2 && flow->protos.ntp.request_code == 42) {
                 ntp_amplification_packets++;
             }
-        } else if (detected_protocol.protocol == NDPI_PROTOCOL_SSDP) {
+        } else if (app_protocol == NDPI_PROTOCOL_SSDP) {
             // So, this protocol completely unexpected in WAN networks
             ssdp_amplification_packets++;
-        } else if (detected_protocol.protocol == NDPI_PROTOCOL_SNMP) {
+        } else if (app_protocol == NDPI_PROTOCOL_SNMP) {
             // TODO: we need detailed tests for SNMP!
             snmp_amplification_packets++;
         }