Renamed DNSoverHTTPS to handle bot DoH and DoT

author: Luca <deri@ntop.org> 2019-11-08 09:23:52 +0000
committer: Luca <deri@ntop.org> 2019-11-08 09:23:52 +0000
commit: d0e7e6955293b656e1a1d7b01aebc1b5beefe711 (patch)
tree: da82316eb6d11095dd686236ce704fdf3783e0f4
parent: 0558d641f2230795ef856e5e1e5c77050becb932 (diff)
7 files changed, 67 insertions, 51 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index c6d486933..0bbfd662a 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -229,7 +229,7 @@ typedef enum {
   NDPI_PROTOCOL_KAKAOTALK             = 193, /* KakaoTalk Chat (no voice call) */
   NDPI_PROTOCOL_KAKAOTALK_VOICE       = 194, /* KakaoTalk Voice */
   NDPI_PROTOCOL_TWITCH                = 195, /* Edoardo Dominici <edoaramis@gmail.com> */
-  NDPI_PROTOCOL_DNS_OVER_HTTPS        = 196,
+  NDPI_PROTOCOL_DOH_DOT               = 196, /* DoH (DNS over HTTPS), DoT (DNS over TLS) */
   NDPI_PROTOCOL_WECHAT                = 197,
   NDPI_PROTOCOL_MPEGTS                = 198,
   NDPI_PROTOCOL_SNAPCHAT              = 199,
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index a3c19dedc..9fb000173 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8719,53 +8719,53 @@ static ndpi_protocol_match host_match[] = {
   /* http://check.googlezip.net/connect [check browser connectivity] */
   // { ".googlezip.net", NULL, "\\.googlezip" TLD,                   "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { "dns.google", NULL, "dns\\.google" TLD, "DNSoverHTTPS",     NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  // { "mozilla.cloudflare-dns.com", NULL, "mozilla\\.cloudflare-dns\\.com" TLD, "DNSoverHTTPS",     NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* Firefox */
-  { "cloudflare-dns.com", NULL, "cloudflare-dns\\.com" TLD, "DNSoverHTTPS",     NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "commons.host", NULL, "commons\\.host" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.li", NULL, "doh\\.li" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns9.quad9.net", NULL, "dns9\\.quad9\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.opendns.com", NULL, "doh\\.opendns\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.dns.sb", NULL, "doh\\.dns\\.sb" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.netweaver.uk", NULL, "doh\\.netweaver\\.uk" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.dns-over-https.com", NULL, "dns\\.dns-over-https\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "jp.tiarap.org", NULL, "jp\\.tiarap\\.org" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.dnsoverhttps.net", NULL, "dns\\.dnsoverhttps\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.powerdns.org", NULL, "doh\\.powerdns\\.org" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "adblock.mydns.network", NULL, "adblock\\.mydns\\.network" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "jp.tiar.app", NULL, "jp\\.tiar\\.app" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.crypto.sx", NULL, "doh\\.crypto\\.sx" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.quad9.net", NULL, "dns\\.quad9\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.containerpi.com", NULL, "dns\\.containerpi\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "ibksturm.synology.me", NULL, "ibksturm\\.synology\\.me" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.captnemo.in", NULL, "doh\\.captnemo\\.in" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.rubyfish.cn", NULL, "dns\\.rubyfish\\.cn" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.42l.fr", NULL, "doh\\.42l\\.fr" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns-family.adguard.com", NULL, "dns-family\\.adguard\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "appliedprivacy.net", NULL, "appliedprivacy\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.cleanbrowsing.org", NULL, "doh\\.cleanbrowsing\\.org" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns10.quad9.net", NULL, "dns10\\.quad9\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh-ch.blahdns.com", NULL, "doh-ch\\.blahdns\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.seby.io", NULL, "doh\\.seby\\.io" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.adguard.com", NULL, "dns\\.adguard\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "ibuki.cgnat.net", NULL, "ibuki\\.cgnat\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "jcdns.fun", NULL, "jcdns\\.fun" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh-2.seby.io", NULL, "doh-2\\.seby\\.io" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.tiar.app", NULL, "doh\\.tiar\\.app" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.dnswarden.com", NULL, "doh\\.dnswarden\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh-de.blahdns.com", NULL, "doh-de\\.blahdns\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh-jp.blahdns.com", NULL, "doh-jp\\.blahdns\\.com" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.appliedprivacy.net", NULL, "doh\\.appliedprivacy\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.tiarap.org", NULL, "doh\\.tiarap\\.org" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.armadillodns.net", NULL, "doh\\.armadillodns\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns-nyc.aaflalo.me", NULL, "dns-nyc\\.aaflalo\\.me" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.aa.net.uk", NULL, "dns\\.aa\\.net\\.uk" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.aaflalo.me", NULL, "dns\\.aaflalo\\.me" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns11.quad9.net", NULL, "dns11\\.quad9\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "dns.nextdns.io", NULL, "dns\\.nextdns\\.io" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "doh.securedns.eu", NULL, "doh\\.securedns\\.eu" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "rdns.faelix.net", NULL, "rdns\\.faelix\\.net" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-  { "captnemo.in", NULL, "captnemo\\.in" TLD, "DNSoverHTTPS", NDPI_PROTOCOL_DNS_OVER_HTTPS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.google", NULL, "dns\\.google" TLD, "DoH_DoT",     NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  // { "mozilla.cloudflare-dns.com", NULL, "mozilla\\.cloudflare-dns\\.com" TLD, "DoH_DoT",     NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* Firefox */
+  { "cloudflare-dns.com", NULL, "cloudflare-dns\\.com" TLD, "DoH_DoT",     NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "commons.host", NULL, "commons\\.host" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.li", NULL, "doh\\.li" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns9.quad9.net", NULL, "dns9\\.quad9\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.opendns.com", NULL, "doh\\.opendns\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.dns.sb", NULL, "doh\\.dns\\.sb" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.netweaver.uk", NULL, "doh\\.netweaver\\.uk" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.dns-over-https.com", NULL, "dns\\.dns-over-https\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "jp.tiarap.org", NULL, "jp\\.tiarap\\.org" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.dnsoverhttps.net", NULL, "dns\\.dnsoverhttps\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.powerdns.org", NULL, "doh\\.powerdns\\.org" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "adblock.mydns.network", NULL, "adblock\\.mydns\\.network" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "jp.tiar.app", NULL, "jp\\.tiar\\.app" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.crypto.sx", NULL, "doh\\.crypto\\.sx" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.quad9.net", NULL, "dns\\.quad9\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.containerpi.com", NULL, "dns\\.containerpi\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "ibksturm.synology.me", NULL, "ibksturm\\.synology\\.me" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.captnemo.in", NULL, "doh\\.captnemo\\.in" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.rubyfish.cn", NULL, "dns\\.rubyfish\\.cn" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.42l.fr", NULL, "doh\\.42l\\.fr" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns-family.adguard.com", NULL, "dns-family\\.adguard\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "appliedprivacy.net", NULL, "appliedprivacy\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.cleanbrowsing.org", NULL, "doh\\.cleanbrowsing\\.org" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns10.quad9.net", NULL, "dns10\\.quad9\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh-ch.blahdns.com", NULL, "doh-ch\\.blahdns\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.seby.io", NULL, "doh\\.seby\\.io" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.adguard.com", NULL, "dns\\.adguard\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "ibuki.cgnat.net", NULL, "ibuki\\.cgnat\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "jcdns.fun", NULL, "jcdns\\.fun" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh-2.seby.io", NULL, "doh-2\\.seby\\.io" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.tiar.app", NULL, "doh\\.tiar\\.app" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.dnswarden.com", NULL, "doh\\.dnswarden\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh-de.blahdns.com", NULL, "doh-de\\.blahdns\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh-jp.blahdns.com", NULL, "doh-jp\\.blahdns\\.com" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.appliedprivacy.net", NULL, "doh\\.appliedprivacy\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.tiarap.org", NULL, "doh\\.tiarap\\.org" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.armadillodns.net", NULL, "doh\\.armadillodns\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns-nyc.aaflalo.me", NULL, "dns-nyc\\.aaflalo\\.me" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.aa.net.uk", NULL, "dns\\.aa\\.net\\.uk" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.aaflalo.me", NULL, "dns\\.aaflalo\\.me" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns11.quad9.net", NULL, "dns11\\.quad9\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "dns.nextdns.io", NULL, "dns\\.nextdns\\.io" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "doh.securedns.eu", NULL, "doh\\.securedns\\.eu" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "rdns.faelix.net", NULL, "rdns\\.faelix\\.net" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "captnemo.in", NULL, "captnemo\\.in" TLD, "DoH_DoT", NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
 
 
   /*
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index c5059bd06..35ba7087f 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1017,10 +1017,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "Signal", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DNS_OVER_HTTPS,
+    ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOH_DOT,
 			    0 /* can_have_a_subprotocol */, no_master,
-			    no_master, "DNSoverHTTPS", NDPI_PROTOCOL_CATEGORY_NETWORK /* dummy */,
-			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    no_master, "DoH_DoT", NDPI_PROTOCOL_CATEGORY_NETWORK /* dummy */,
+			    ndpi_build_default_ports(ports_a, 853, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_LINE,
 			    0 /* can_have_a_subprotocol */, no_master,
diff --git a/tests/pcap/dns_doh.pcap b/tests/pcap/dns_doh.pcap
new file mode 100644
index 000000000..f7dea5b26
--- /dev/null
+++ b/tests/pcap/dns_doh.pcap
diff --git a/tests/pcap/dns_dot.pcap b/tests/pcap/dns_dot.pcap
new file mode 100644
index 000000000..a5863072b
--- /dev/null
+++ b/tests/pcap/dns_dot.pcap
diff --git a/tests/result/dns_doh.pcap.out b/tests/result/dns_doh.pcap.out
new file mode 100644
index 000000000..d0f545f3d
--- /dev/null
+++ b/tests/result/dns_doh.pcap.out
@@ -0,0 +1,8 @@
+DoH_DoT	142	20362	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 172.20.10.4              	 1      
+
+
+	1	TCP 172.20.10.4:49877 <-> 104.16.248.249:443 [proto: 91.196/TLS.DoH_DoT][cat: Network/14][86 pkts/8460 bytes <-> 56 pkts/11902 bytes][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.6/30.8 535/580 86.2/115.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98.4/212.5 571/1354 68.9/257.4][TLSv1.3][Client: mozilla.cloudflare-dns.com][JA3C: f6ce47303dce394049af395fc6d0bc20][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Cipher: TLS_AES_128_GCM_SHA256]
diff --git a/tests/result/dns_dot.pcap.out b/tests/result/dns_dot.pcap.out
new file mode 100644
index 000000000..9d7c3781b
--- /dev/null
+++ b/tests/result/dns_dot.pcap.out
@@ -0,0 +1,8 @@
+DoH_DoT	24	5869	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.1.185            	 1      
+
+
+	1	TCP 192.168.1.185:58290 <-> 8.8.8.8:853 [proto: 91.196/TLS.DoH_DoT][cat: Web/5][14 pkts/1480 bytes <-> 10 pkts/4389 bytes][bytes ratio: -0.496 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 269.6/181.6 1596/1192 531.3/412.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105.7/438.9 264/3135 52.7/903.0][TLSv1.2][JA3C: 4fe4099926d0acdc9b2fe4b02013659f][Server: dns.google][JA3S: 2b341b88c742e940cfb485ce7d93dde7][Organization: Google LLC][Certificate SHA-1: BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53][Validity: 2017-06-15 00:00:42 - 2021-12-15 00:00:42][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]
author	Luca <deri@ntop.org>	2019-11-08 09:23:52 +0000
committer	Luca <deri@ntop.org>	2019-11-08 09:23:52 +0000
commit	d0e7e6955293b656e1a1d7b01aebc1b5beefe711 (patch)
tree	da82316eb6d11095dd686236ce704fdf3783e0f4
parent	0558d641f2230795ef856e5e1e5c77050becb932 (diff)