DNS: fix check for DGA domain (#2716)

If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2025-02-11 15:48:53 +0100
committer: GitHub <noreply@github.com> 2025-02-11 15:48:53 +0100
commit: 1dccaf37b075ebfb726d407b9c4d95fcf2983135 (patch)
tree: 866227cce31642e6aaa8ac2073f14605dd12cd74 /src/lib/ndpi_main.c
parent: 73d1856525d99a22328d50dc15a24940a3f86922 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 0d82cfb4c..0150d12bf 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -10830,7 +10830,8 @@ static int ndpi_is_vowel(char c) {
 
 int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 			struct ndpi_flow_struct *flow,
-			char *name, u_int8_t is_hostname, u_int8_t check_subproto) {
+			char *name, u_int8_t is_hostname, u_int8_t check_subproto,
+			u_int8_t flow_fully_classified) {
 
   /* Get domain name if ndpi_load_domain_suffixes(..) has been called */
   name = (char*)ndpi_get_host_domain(ndpi_str, name);
@@ -10863,7 +10864,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
        )
       return(0);
 
-    if(flow && (flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN))
+    if(flow && (flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN || flow_fully_classified))
       return(0); /* Ignore DGA check for protocols already fully detected */
 
     if(check_subproto &&
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2025-02-11 15:48:53 +0100
committer	GitHub <noreply@github.com>	2025-02-11 15:48:53 +0100
commit	1dccaf37b075ebfb726d407b9c4d95fcf2983135 (patch)
tree	866227cce31642e6aaa8ac2073f14605dd12cd74 /src/lib/ndpi_main.c
parent	73d1856525d99a22328d50dc15a24940a3f86922 (diff)