Domain Classification Improvements (#2396)

* Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list
author: Luca Deri <lucaderi@users.noreply.github.com> 2024-04-18 23:21:40 +0200
committer: GitHub <noreply@github.com> 2024-04-18 23:21:40 +0200
commit: ad117bfaabd3bc75dc70d0ddbc4ba18c86c40dbd (patch)
tree: 3b1fb6016da1e114bca190ed6a868421fd9c32f1 /src/lib/protocols/http.c
parent: 108b8331d5b345e110c9ef110a6aa95a2767a640 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index a85f1c44c..8fc82dd67 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -1007,7 +1007,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 	ndpi_set_risk(flow, NDPI_INVALID_CHARACTERS, str);
 
 	/* This looks like an attack */
-	ndpi_set_risk(flow, NDPI_POSSIBLE_EXPLOIT, NULL);
+	ndpi_set_risk(flow, NDPI_POSSIBLE_EXPLOIT, "Suspicious hostname: attack ?");
       }
 
       double_col = strchr((char*)flow->host_server_name, ':');
author	Luca Deri <lucaderi@users.noreply.github.com>	2024-04-18 23:21:40 +0200
committer	GitHub <noreply@github.com>	2024-04-18 23:21:40 +0200
commit	ad117bfaabd3bc75dc70d0ddbc4ba18c86c40dbd (patch)
tree	3b1fb6016da1e114bca190ed6a868421fd9c32f1 /src/lib/protocols/http.c
parent	108b8331d5b345e110c9ef110a6aa95a2767a640 (diff)