diff options
author | Luca Deri <deri@ntop.org> | 2021-03-03 00:41:07 +0100 |
---|---|---|
committer | Luca Deri <deri@ntop.org> | 2021-03-03 00:41:07 +0100 |
commit | 56bfb439f85b3e4054bd7c6b849a6e06e5c2ac27 (patch) | |
tree | 6c7e2066917acc1c2a313321c7c7be3043df195f /src/lib/protocols/dns.c | |
parent | 4c00ff89dfa64f1026c2f1d267dc081a86b45243 (diff) |
Improved DGA detection with trigrams. Disadvantage: slower startup time
Reworked Tor dissector embedded in TLS (fixes #1141)
Removed false positive on HTTP User-Agent
Diffstat (limited to 'src/lib/protocols/dns.c')
-rw-r--r-- | src/lib/protocols/dns.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index abfc6aae8..27ef7c35f 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -89,7 +89,7 @@ static void ndpi_check_dns_type(struct ndpi_detection_module_struct *ndpi_struct case 106: case 107: case 259: - NDPI_SET_BIT(flow->risk, NDPI_DNS_SUSPICIOUS_TRAFFIC); + ndpi_set_risk(flow, NDPI_DNS_SUSPICIOUS_TRAFFIC); break; } } @@ -194,7 +194,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, else if((dns_header->flags & FLAGS_MASK) == 0x8000) *is_query = 0; else { - NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET); + ndpi_set_risk(flow, NDPI_MALFORMED_PACKET); return(1 /* invalid */); } @@ -219,7 +219,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, x++; } } else { - NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET); + ndpi_set_risk(flow, NDPI_MALFORMED_PACKET); return(1 /* invalid */); } } else { @@ -408,7 +408,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st #ifdef DNS_DEBUG printf("[DNS] Invalid query len [%u >= %u]\n", i+4, flow->packet.payload_packet_len); #endif - NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET); + ndpi_set_risk(flow, NDPI_MALFORMED_PACKET); break; } else idx += tot_len+4, num_queries++; |