Add a new flow risk about literal IP addresses used as SNI (#1892)

RFC 6066 3: "Literal IPv4 and IPv6 addresses are not permitted in "HostName"." Don't set this risk if we have a valid sub-classification (example: via certificate) Since a similar risk already exists for HTTP hostnames, reuse it, with a more generic name.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-03-02 15:27:30 +0100
committer: GitHub <noreply@github.com> 2023-03-02 15:27:30 +0100
commit: 89cae9ddf257e156e3973270aacea51dad2c8662 (patch)
tree: df120c1bf5ec4f74bf7ccadae696c3f6bac336e8 /src/lib/ndpi_utils.c
parent: 3047e286c082902415554f6cdf761a5502962469 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 53ed95939..79138b8e2 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1928,8 +1928,8 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_HTTP_SUSPICIOUS_USER_AGENT:
     return("HTTP Susp User-Agent");
 
-  case NDPI_HTTP_NUMERIC_IP_HOST:
-    return("HTTP Numeric IP");
+  case NDPI_NUMERIC_IP_HOST:
+    return("HTTP/TLS/QUIC Numeric Hostname/SNI");
 
   case NDPI_HTTP_SUSPICIOUS_URL:
     return("HTTP Susp URL");
@@ -2053,7 +2053,7 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
     
   case NDPI_TCP_ISSUES:
     return("TCP Connection Issues");
-    
+
   default:
     ndpi_snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-03-02 15:27:30 +0100
committer	GitHub <noreply@github.com>	2023-03-02 15:27:30 +0100
commit	89cae9ddf257e156e3973270aacea51dad2c8662 (patch)
tree	df120c1bf5ec4f74bf7ccadae696c3f6bac336e8 /src/lib/ndpi_utils.c
parent	3047e286c082902415554f6cdf761a5502962469 (diff)