diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2024-01-10 10:06:03 +0100 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-18 10:21:24 +0100 |
| commit | c704be1a20d169bea1c55a720421742f09f4aa88 (patch) | |
| tree | a88a79ec47bdd7910385eac1b187607f80e4ff21 /src/lib/protocols/dns.c | |
| parent | 950f209a1736e76ca621a8ffebef9dcd2fa9745d (diff) | |
config: DNS: add two configuration options
* Enable/disable sub-classification of DNS flows
* Enable/disable processing of DNS responses
Diffstat (limited to 'src/lib/protocols/dns.c')
| -rw-r--r-- | src/lib/protocols/dns.c | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 8bef69461..112c2ad50 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -785,23 +785,30 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st } if(len > 0) { - ndpi_protocol_match_result ret_match; + if(ndpi_struct->cfg.dns_subclassification_enabled) { + ndpi_protocol_match_result ret_match; - ret.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, - flow->host_server_name, - strlen(flow->host_server_name), - &ret_match, + ret.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, + flow->host_server_name, + strlen(flow->host_server_name), + &ret_match, NDPI_PROTOCOL_DNS); + + if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) + ret.master_protocol = checkDNSSubprotocol(s_port, d_port); + else + ret.master_protocol = NDPI_PROTOCOL_DNS; + + ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); + } else { + ret.master_protocol = checkDNSSubprotocol(s_port, d_port); + ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + } + /* Category is always NDPI_PROTOCOL_CATEGORY_NETWORK, regardless of the subprotocol */ flow->category = NDPI_PROTOCOL_CATEGORY_NETWORK; - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) - ret.master_protocol = checkDNSSubprotocol(s_port, d_port); - else - ret.master_protocol = NDPI_PROTOCOL_DNS; - - ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); } /* Report if this is a DNS query or reply */ @@ -811,11 +818,13 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st /* In this case we say that the protocol has been detected just to let apps carry on with their activities */ ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol, NDPI_CONFIDENCE_DPI); - /* We have never triggered extra-dissection for LLMNR. Keep the old behaviour */ - if(ret.master_protocol != NDPI_PROTOCOL_LLMNR) { - /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */ - flow->max_extra_packets_to_check = 5; - flow->extra_packets_func = search_dns_again; + if(ndpi_struct->cfg.dns_parse_response_enabled) { + /* We have never triggered extra-dissection for LLMNR. Keep the old behaviour */ + if(ret.master_protocol != NDPI_PROTOCOL_LLMNR) { + /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */ + flow->max_extra_packets_to_check = 5; + flow->extra_packets_func = search_dns_again; + } } return; /* The response will set the verdict */ } |