Fixed risk mask implementation

2 files changed, 7 insertions, 4 deletions

diff --git a/example/protos.txt b/example/protos.txt
index de3a8f1de..b80e4cf57 100644
--- a/example/protos.txt
+++ b/example/protos.txt
@@ -50,4 +50,7 @@ ip:54.80.47.130@AmazonPrime
 # For IPs, the flow risk is put in AND (source IP mask OR destination IP mask)
 # For Flows with a hostname (e.g. TLS) the risk is also put in AND with the host_risk_mask
 ip_risk_mask:192.168.1.6=0
+ip_risk_mask:10.196.157.228=0
 host_risk_mask:"api-global.netflix.com"=0
+
+
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index bd76bd7c7..5fee38f15 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4742,7 +4742,7 @@ void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndpi_str,
 
   host = ndpi_get_flow_name(flow);
   
-  if(host) {
+  if(host && (host[0] != '\0')) {
     /* Check host exception */
     ndpi_automa *automa = &ndpi_str->host_risk_mask_automa;
     
@@ -5556,7 +5556,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
 
   ndpi_reconcile_protocols(ndpi_str, flow, &ret);
   
-  if((!flow->risk_checked) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) {
+  if((!flow->risk_checked)
+     && ((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN))
+     ) {
     ndpi_default_ports_tree_node_t *found;
     u_int16_t *default_ports, sport, dport;
 
@@ -5613,8 +5615,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     flow->risk_checked = 1;
   }
 
-  // printf("===> RISK=%llu\n", flow->risk);
-  
   if(num_calls == 0)
     flow->fail_with_unknown = 1;