diff options
| author | emanuele-f <black.silver@hotmail.it> | 2019-08-09 10:04:56 +0200 |
|---|---|---|
| committer | emanuele-f <black.silver@hotmail.it> | 2019-08-09 10:04:56 +0200 |
| commit | f73dc61ff8e498b8d2ae4ce26ec1de862a48592f (patch) | |
| tree | b663e35136ad81b4c8dfa4a782eb603ccd022730 | |
| parent | 90547c4fd20014bed3743f9200d0e8e3f0123217 (diff) | |
Add NDPI_PROTOCOL_DANGEROUS classification
| -rw-r--r-- | src/include/ndpi_typedefs.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 7 |
3 files changed, 7 insertions, 5 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 4d877e801..8bf5c4cfd 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -800,7 +800,8 @@ typedef enum { NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn't provide risks, but could be malicious (e.g., Dropbox) */ NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */ - NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Surely is dangerous (ex. Tor). Be prepared to troubles */ + NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Possibly dangerous (ex. Tor). */ + NDPI_PROTOCOL_DANGEROUS, /* Surely is dangerous (ex. smbv1). Be prepared to troubles */ NDPI_PROTOCOL_TRACKER_ADS, /* Trackers, Advertisements... */ NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */ } ndpi_protocol_breed_t; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2f959c71e..fa8384e21 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -846,7 +846,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SMBV1, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_DANGEROUS, NDPI_PROTOCOL_SMBV1, 0 /* can_have_a_subprotocol */, no_master, no_master, "SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index c92f5e4f6..d2aa5f1a9 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1243,9 +1243,10 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->udp != NULL) { /* DTLS dissector */ - int rc; - - rc = sslTryAndRetrieveServerCertificate(ndpi_struct, flow); +#ifdef DEBUG_TLS + int rc = /* sslTryAndRetrieveServerCertificate(...) */ +#endif + sslTryAndRetrieveServerCertificate(ndpi_struct, flow); #ifdef DEBUG_TLS printf("==>> %u [rc: %u][len: %u][%s][version: %u]\n", |