diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-09-16 22:21:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-16 22:21:14 +0200 |
| commit | a1602dd0a5f243da2aa550669c0c01c1c89cae52 (patch) | |
| tree | 9e3feccd95dfb0b64d1eea13e9b26902c22dec89 /src/lib/protocols | |
| parent | 1197cbdf58d54a56a5ac520a619861f70b9622c0 (diff) | |
dns: add a check before setting `NDPI_MALFORMED_PACKET` risk (#2558)
"Invalid DNS Header"-risk should be set only if the flow has been
already classified as DNS. Otherwise, almost any non-DNS flows on port 53
will end up having the `NDPI_MALFORMED_PACKET` risk set, which is a little
bit confusing for non DNS traffic
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dns.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 94367d318..4e3b09d5b 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -320,7 +320,8 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, x++; } } else { - ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, "Invalid DNS Header"); + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) + ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, "Invalid DNS Header"); return(1 /* invalid */); } } else { |