diff options
| author | Luca Deri <deri@ntop.org> | 2020-08-30 12:25:15 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-08-30 12:25:15 +0200 |
| commit | dd75060932d476320b72113ee9f6527aac36a357 (patch) | |
| tree | 0d0b03de31bfde707baa3bff29e50d2fb44186a5 /src/lib/ndpi_main.c | |
| parent | 8bf95b6198f1c1c04b9f783540b275282720e258 (diff) | |
Fixed false positive in suspicous user agent
Optimized stddev calculation
Diffstat (limited to 'src/lib/ndpi_main.c')
| -rw-r--r-- | src/lib/ndpi_main.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5ee124ac7..de95726ef 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -55,7 +55,7 @@ extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); static int _ndpi_debug_callbacks = 0; -/* #define DGA_DEBUG 1 */ +/* #define DGA_DEBUG 1 */ /* #define MATCH_DEBUG 1 */ /* ****************************************** */ @@ -6644,7 +6644,12 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, char tmp[128], *word, *tok_tmp; len = snprintf(tmp, sizeof(tmp)-1, "%s", name); - if(len < 0) return(0); + if(len < 0) { +#ifdef DGA_DEBUG + printf("[DGA] Too short"); +#endif + return(0); + } for(i=0, j=0; (i<len) && (j<(sizeof(tmp)-1)); i++) { tmp[j] = tolower(name[i]); @@ -6709,6 +6714,9 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, || (max_domain_element_len >= 19 /* word too long. Example bbcbedxhgjmdobdprmen.com */) ) { if(flow) NDPI_SET_BIT(flow->risk, NDPI_SUSPICIOUS_DGA_DOMAIN); +#ifdef DGA_DEBUG + printf("[DGA] Found!"); +#endif return(1); } @@ -6801,5 +6809,9 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, #endif } +#ifdef DGA_DEBUG + printf("[DGA] Result: %u", rc); +#endif + return(rc); } |