diff options
| author | Luca Deri <deri@ntop.org> | 2020-06-17 19:46:37 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-06-17 19:46:37 +0200 |
| commit | 46d96e7f32a799ae57400d82e4c485e4ef9771ab (patch) | |
| tree | 9ac0add675d61a6653e5b59414e3672f1773e94f /src/lib/protocols | |
| parent | ffd20ebdf94beffc1cb8ec56896a86e28907702c (diff) | |
Added checks for DGA detection
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dns.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/netbios.c | 5 |
3 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 099f343e4..897fb1e4b 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -294,11 +294,12 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st } flow->host_server_name[j] = '\0'; - ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name); if(j > 0) { ndpi_protocol_match_result ret_match; + ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name); + ret.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index a896c6214..7d54d1470 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -450,7 +450,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ flow->host_server_name[len] = '\0'; flow->extra_packets_func = NULL; /* We're good now */ - ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name); + if(len > 0) ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name); flow->server_id = flow->dst; if(packet->forwarded_line.ptr) { diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index c396a392b..66224557a 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -80,8 +80,9 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct char name[64]; u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14; - if((off < flow->packet.payload_packet_len) && - ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], flow->packet.payload_packet_len - off, name, sizeof(name)) > 0) { + if((off < flow->packet.payload_packet_len) + && ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], + flow->packet.payload_packet_len - off, name, sizeof(name)) > 0) { snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name); |