Aligned DNS to HTTP dissection

author: Luca Deri <deri@ntop.org> 2019-02-07 22:44:48 +0100
committer: Luca Deri <deri@ntop.org> 2019-02-07 22:44:48 +0100
commit: ddf0066c11c0df4e3bc9744df11f08dce676f36e (patch)
tree: c90d95acd4f65798675279782e92b26886e2dad7
parent: 2ec41c17320622fe83dbba97ae8a2f4b40a30f34 (diff)
4 files changed, 26 insertions, 25 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 9cb4ad6f6..fe0ea879b 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1459,7 +1459,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
   ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct,
 				 ndpi_pref_http_dont_dissect_response, 0);
   ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct,
-				 ndpi_pref_dns_dissect_response, 0);
+				 ndpi_pref_dns_dont_dissect_response, 0);
   ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct,
 				 ndpi_pref_enable_category_substring_match, 1);
 
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 172763789..a5f1864e0 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -827,7 +827,7 @@ typedef enum {
 
 typedef enum {
 	      ndpi_pref_http_dont_dissect_response = 0,
-	      ndpi_pref_dns_dissect_response,
+	      ndpi_pref_dns_dont_dissect_response,
 	      ndpi_pref_direction_detect_disable,
 	      ndpi_pref_disable_metadata_export,
 	      ndpi_pref_enable_category_substring_match
@@ -1008,7 +1008,7 @@ struct ndpi_detection_module_struct {
 
   ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
 
-  u_int8_t http_dont_dissect_response:1, dns_dissect_response:1,
+  u_int8_t http_dont_dissect_response:1, dns_dont_dissect_response:1,
     direction_detect_disable:1, /* disable internal detection of packet direction */
     disable_metadata_export:1, /* No metadata is exported */
     enable_category_substring_match:1 /* Default is perfect match */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index ea370ff7d..62914efbe 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -942,8 +942,8 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod
     ndpi_mod->http_dont_dissect_response = (u_int8_t)value;
     break;
 
-  case ndpi_pref_dns_dissect_response:
-    ndpi_mod->dns_dissect_response = (u_int8_t)value;
+  case ndpi_pref_dns_dont_dissect_response:
+    ndpi_mod->dns_dont_dissect_response = (u_int8_t)value;
     break;
 
   case ndpi_pref_direction_detect_disable:
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 90be9544c..f77040020 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -36,9 +36,9 @@
 
 static u_int16_t get16(int *i, const u_int8_t *payload) {
   u_int16_t v = *(u_int16_t*)&payload[*i];
-  
+
   (*i) += 2;
-  
+
   return(ntohs(v));
 }
 
@@ -52,7 +52,7 @@ static u_int getNameLength(u_int i, const u_int8_t *payload, u_int payloadLen) {
   else {
     u_int8_t len = payload[i];
     u_int8_t off = len + 1;
-	
+
     if(off == 0) /* Bad packet */
       return(0);
     else
@@ -66,7 +66,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
   int x;
   u_int8_t is_query;
   u_int16_t s_port = 0, d_port = 0;
-  
+
   NDPI_LOG_DBG(ndpi_struct, "search DNS\n");
 
   if(flow->packet.udp != NULL) {
@@ -118,7 +118,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	      if(flow->packet.payload[x] == '\0') {
 		x++;
 		flow->protos.dns.query_type = get16(&x, flow->packet.payload);
-#ifdef DNS_DEBUG		
+#ifdef DNS_DEBUG
     		NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type);
 #endif
 		break;
@@ -128,7 +128,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	  }
 	} else
 	  invalid = 1;
-	
       } else {
 	/* DNS Reply */
 
@@ -140,15 +139,15 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	       || ((dns_header.additional_rrs > 0) && (dns_header.additional_rrs <= NDPI_MAX_DNS_REQUESTS)))
 	   ) {
 	  /* This is a good reply */
-	  if(ndpi_struct->dns_dissect_response) {
+	  if(ndpi_struct->dns_dont_dissect_response == 0) {
 	    x++;
-	  
+
 	    if(flow->packet.payload[x] != '\0') {
 	      while((x < flow->packet.payload_packet_len)
 		    && (flow->packet.payload[x] != '\0')) {
 		x++;
 	      }
-	        
+
 	      x++;
 	    }
 
@@ -160,7 +159,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 
 	      for(num = 0; num < dns_header.num_answers; num++) {
 		u_int16_t data_len;
-  
+
 		if((x+6) >= flow->packet.payload_packet_len) {
 		  break;
 		}
@@ -169,7 +168,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 		  break;
 		} else
 		  x += data_len;
- 
+
 		rsp_type = get16(&x, flow->packet.payload);
 		flow->protos.dns.rsp_type = rsp_type;
 		break;
@@ -199,9 +198,11 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	off++;
       }
 
-	if(is_query && ndpi_struct->dns_dissect_response)
-	  return; /* The response will set the verdict */
-
+      if(is_query && (ndpi_struct->dns_dont_dissect_response == 0)) {
+	// dpi_set_detected_protocol(ndpi_struct, flow, (d_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS, NDPI_PROTOCOL_UNKNOWN);	
+	return; /* The response will set the verdict */
+      }
+      
       flow->host_server_name[j] = '\0';
 
       flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries,
@@ -209,33 +210,33 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 
       if(j > 0) {
 	ndpi_protocol_match_result ret_match;
-	
-	ndpi_match_host_subprotocol(ndpi_struct, flow, 
+
+	ndpi_match_host_subprotocol(ndpi_struct, flow,
 				    (char *)flow->host_server_name,
 				    strlen((const char*)flow->host_server_name),
 				    &ret_match,
 				    NDPI_PROTOCOL_DNS);
       }
-      
+
 #ifdef DNS_DEBUG
       NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n",
 	     flow->protos.dns.num_queries, flow->protos.dns.num_answers,
 	     flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name
 	     );
 #endif
-    
+
       if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
 	/**
 	   Do not set the protocol with DNS if ndpi_match_host_subprotocol() has
 	   matched a subprotocol
 	**/
-	NDPI_LOG_INFO(ndpi_struct, "found DNS\n");      
+	NDPI_LOG_INFO(ndpi_struct, "found DNS\n");
 	ndpi_set_detected_protocol(ndpi_struct, flow, (d_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS, NDPI_PROTOCOL_UNKNOWN);
       } else {
 	NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
       }
     }
-  } 
+  }
 }
 
 void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
author	Luca Deri <deri@ntop.org>	2019-02-07 22:44:48 +0100
committer	Luca Deri <deri@ntop.org>	2019-02-07 22:44:48 +0100
commit	ddf0066c11c0df4e3bc9744df11f08dce676f36e (patch)
tree	c90d95acd4f65798675279782e92b26886e2dad7
parent	2ec41c17320622fe83dbba97ae8a2f4b40a30f34 (diff)