diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-02-11 13:16:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-11 13:16:03 +0100 |
| commit | d738b60cac411d91d3474ec6cc9457f7c86110dd (patch) | |
| tree | 21ce51937abbf9f2537ca6399f0c99776b4d93bf /src/lib/protocols/dns.c | |
| parent | 65c224e19cddf78f7579f7954a79746ab729d0c3 (diff) | |
DNS: evaluate all flow risks even if sub-classification is disabled (#2714)
Diffstat (limited to 'src/lib/protocols/dns.c')
| -rw-r--r-- | src/lib/protocols/dns.c | 59 |
1 files changed, 27 insertions, 32 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 70e1b81f5..19215e79b 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -801,44 +801,39 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st } } - if(len > 0) { - if(ndpi_struct->cfg.dns_subclassification_enabled || ndpi_struct->cfg.fpc_enabled) { - ndpi_protocol_match_result ret_match; - - /* Avoid writing on flow (i.e. updating classification) if subclassification is disabled */ - ret.proto.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, ndpi_struct->cfg.dns_subclassification_enabled ? flow : NULL, - flow->host_server_name, - strlen(flow->host_server_name), - &ret_match, - NDPI_PROTOCOL_DNS); - /* Add to FPC DNS cache */ - if(ndpi_struct->cfg.fpc_enabled && - ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN && - ret.proto.app_protocol != NDPI_PROTOCOL_DNS && - (flow->protos.dns.rsp_type == 0x1 || flow->protos.dns.rsp_type == 0x1c) && /* A, AAAA */ - ndpi_struct->fpc_dns_cache) { - ndpi_lru_add_to_cache(ndpi_struct->fpc_dns_cache, - fpc_dns_cache_key_from_dns_info(flow), ret.proto.app_protocol, - ndpi_get_current_time(flow)); - } + if(strlen(flow->host_server_name) > 0) { + ndpi_protocol_match_result ret_match; + + /* Avoid updating classification if subclassification is disabled */ + ret.proto.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, + flow->host_server_name, + strlen(flow->host_server_name), + &ret_match, + NDPI_PROTOCOL_DNS, + ndpi_struct->cfg.dns_subclassification_enabled ? 1 : 0); + /* Add to FPC DNS cache */ + if(ndpi_struct->cfg.fpc_enabled && + ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN && + ret.proto.app_protocol != NDPI_PROTOCOL_DNS && + (flow->protos.dns.rsp_type == 0x1 || flow->protos.dns.rsp_type == 0x1c) && /* A, AAAA */ + ndpi_struct->fpc_dns_cache) { + ndpi_lru_add_to_cache(ndpi_struct->fpc_dns_cache, + fpc_dns_cache_key_from_dns_info(flow), ret.proto.app_protocol, + ndpi_get_current_time(flow)); + } - if(!ndpi_struct->cfg.dns_subclassification_enabled) - ret.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN; + if(!ndpi_struct->cfg.dns_subclassification_enabled) + ret.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN; - if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) - ret.proto.master_protocol = checkDNSSubprotocol(s_port, d_port); - else - ret.proto.master_protocol = NDPI_PROTOCOL_DNS; + if(ret.proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) + ret.proto.master_protocol = checkDNSSubprotocol(s_port, d_port); + else + ret.proto.master_protocol = NDPI_PROTOCOL_DNS; - ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); - } else { - ret.proto.master_protocol = checkDNSSubprotocol(s_port, d_port); - ret.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN; - } + ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1, 0); /* Category is always NDPI_PROTOCOL_CATEGORY_NETWORK, regardless of the subprotocol */ flow->category = NDPI_PROTOCOL_CATEGORY_NETWORK; - } /* Report if this is a DNS query or reply */ |