diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2024-04-18 23:21:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-18 23:21:40 +0200 |
| commit | ad117bfaabd3bc75dc70d0ddbc4ba18c86c40dbd (patch) | |
| tree | 3b1fb6016da1e114bca190ed6a868421fd9c32f1 /src/lib/protocols/quic.c | |
| parent | 108b8331d5b345e110c9ef110a6aa95a2767a640 (diff) | |
Domain Classification Improvements (#2396)
* Added
size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize);
size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize);
used to compress short strings such as domain names. This code is based on
https://github.com/Ed-von-Schleck/shoco
* Major code rewrite for ndpi_hash and ndpi_domain_classify
* Improvements to make sure custom categories are loaded and enabled
* Fixed string encoding
* Extended SalesForce/Cloudflare domains list
Diffstat (limited to 'src/lib/protocols/quic.c')
| -rw-r--r-- | src/lib/protocols/quic.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 4734433e0..345f77c47 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1475,7 +1475,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_risk(flow, NDPI_INVALID_CHARACTERS, str); /* This looks like an attack */ - ndpi_set_risk(flow, NDPI_POSSIBLE_EXPLOIT, NULL); + ndpi_set_risk(flow, NDPI_POSSIBLE_EXPLOIT, "Suspicious hostname: attack ?"); } sni_found = 1; @@ -1503,7 +1503,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, /* Add check for missing SNI */ if(flow->host_server_name[0] == '\0') { /* This is a bit suspicious */ - ndpi_set_risk(flow, NDPI_TLS_MISSING_SNI, NULL); + ndpi_set_risk(flow, NDPI_TLS_MISSING_SNI, "SNI should be present all time: attack ?"); } } |