diff options
| author | Luca Deri <deri@ntop.org> | 2016-06-27 11:19:47 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2016-06-27 11:19:47 +0200 |
| commit | 6fb81f146e2542cfbf7fab7d53678339c7747b35 (patch) | |
| tree | eb02da320348eb54aadb92e76689e3306a96eccd /src/lib/protocols/dns.c | |
| parent | 539ab241cd499d2cd0d4dea758ca4769abe7e9d6 (diff) | |
Refreshed DNS implementation
Diffstat (limited to 'src/lib/protocols/dns.c')
| -rw-r--r-- | src/lib/protocols/dns.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index bee277752..7ee114579 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -126,12 +126,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd } else invalid = 1; - /* if(ndpi_struct->dns_dissect_response) */ - return; /* The response will set the verdict */ } else { /* DNS Reply */ - /* flow->protos.dns.reply_code = dns_header.flags & 0x0F; */ + flow->protos.dns.reply_code = dns_header.flags & 0x0F; if((dns_header.num_queries > 0) && (dns_header.num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */ && (((dns_header.num_answers > 0) && (dns_header.num_answers <= NDPI_MAX_DNS_REQUESTS)) @@ -139,7 +137,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd || ((dns_header.additional_rrs > 0) && (dns_header.additional_rrs <= NDPI_MAX_DNS_REQUESTS))) ) { /* This is a good reply */ - /* if(ndpi_struct->dns_dissect_response) */ { + if(ndpi_struct->dns_dissect_response) { x++; if(flow->packet.payload[x] != '\0') { @@ -170,7 +168,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd x += data_len; rsp_type = get16(&x, flow->packet.payload); - /* flow->protos.dns.rsp_type = rsp_type; */ + flow->protos.dns.rsp_type = rsp_type; break; } } @@ -198,11 +196,18 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd off++; } + flow->host_server_name[j] = '\0'; - /* flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, */ + flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs); + if(j > 0) + ndpi_match_host_subprotocol(ndpi_struct, flow, + (char *)flow->host_server_name, + strlen((const char*)flow->host_server_name), + NDPI_PROTOCOL_DNS); + #ifdef DNS_DEBUG printf("[%s:%d] [num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", __FILE__, __LINE__, @@ -210,14 +215,11 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name ); #endif - - if(j > 0) - ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)flow->host_server_name, - strlen((const char*)flow->host_server_name), - NDPI_PROTOCOL_DNS); if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + if(is_query && ndpi_struct->dns_dissect_response) + return; /* The response will set the verdict */ + /** Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol |