diff options
| author | Luca Deri <deri@ntop.org> | 2019-02-07 22:44:48 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-02-07 22:44:48 +0100 |
| commit | ddf0066c11c0df4e3bc9744df11f08dce676f36e (patch) | |
| tree | c90d95acd4f65798675279782e92b26886e2dad7 /src/lib/protocols/dns.c | |
| parent | 2ec41c17320622fe83dbba97ae8a2f4b40a30f34 (diff) | |
Aligned DNS to HTTP dissection
Diffstat (limited to 'src/lib/protocols/dns.c')
| -rw-r--r-- | src/lib/protocols/dns.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 90be9544c..f77040020 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -36,9 +36,9 @@ static u_int16_t get16(int *i, const u_int8_t *payload) { u_int16_t v = *(u_int16_t*)&payload[*i]; - + (*i) += 2; - + return(ntohs(v)); } @@ -52,7 +52,7 @@ static u_int getNameLength(u_int i, const u_int8_t *payload, u_int payloadLen) { else { u_int8_t len = payload[i]; u_int8_t off = len + 1; - + if(off == 0) /* Bad packet */ return(0); else @@ -66,7 +66,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd int x; u_int8_t is_query; u_int16_t s_port = 0, d_port = 0; - + NDPI_LOG_DBG(ndpi_struct, "search DNS\n"); if(flow->packet.udp != NULL) { @@ -118,7 +118,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(flow->packet.payload[x] == '\0') { x++; flow->protos.dns.query_type = get16(&x, flow->packet.payload); -#ifdef DNS_DEBUG +#ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type); #endif break; @@ -128,7 +128,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd } } else invalid = 1; - } else { /* DNS Reply */ @@ -140,15 +139,15 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd || ((dns_header.additional_rrs > 0) && (dns_header.additional_rrs <= NDPI_MAX_DNS_REQUESTS))) ) { /* This is a good reply */ - if(ndpi_struct->dns_dissect_response) { + if(ndpi_struct->dns_dont_dissect_response == 0) { x++; - + if(flow->packet.payload[x] != '\0') { while((x < flow->packet.payload_packet_len) && (flow->packet.payload[x] != '\0')) { x++; } - + x++; } @@ -160,7 +159,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd for(num = 0; num < dns_header.num_answers; num++) { u_int16_t data_len; - + if((x+6) >= flow->packet.payload_packet_len) { break; } @@ -169,7 +168,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd break; } else x += data_len; - + rsp_type = get16(&x, flow->packet.payload); flow->protos.dns.rsp_type = rsp_type; break; @@ -199,9 +198,11 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd off++; } - if(is_query && ndpi_struct->dns_dissect_response) - return; /* The response will set the verdict */ - + if(is_query && (ndpi_struct->dns_dont_dissect_response == 0)) { + // dpi_set_detected_protocol(ndpi_struct, flow, (d_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS, NDPI_PROTOCOL_UNKNOWN); + return; /* The response will set the verdict */ + } + flow->host_server_name[j] = '\0'; flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, @@ -209,33 +210,33 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(j > 0) { ndpi_protocol_match_result ret_match; - - ndpi_match_host_subprotocol(ndpi_struct, flow, + + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), &ret_match, NDPI_PROTOCOL_DNS); } - + #ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", flow->protos.dns.num_queries, flow->protos.dns.num_answers, flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name ); #endif - + if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { /** Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol **/ - NDPI_LOG_INFO(ndpi_struct, "found DNS\n"); + NDPI_LOG_INFO(ndpi_struct, "found DNS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, (d_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS, NDPI_PROTOCOL_UNKNOWN); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } - } + } } void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) |