diff options
| author | Luca Deri <deri@ntop.org> | 2016-04-06 09:45:38 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2016-04-06 09:45:38 +0200 |
| commit | 5a37ee99764b7d262676b0ca052075c9c559c01d (patch) | |
| tree | ef3e271e8af8fd091321efd4c8c9f0efb350cb26 /src/lib | |
| parent | 6a63ea46a469b6af61a03b0eefc37cafc94f7e5c (diff) | |
Removed some Tor false positives (more work necessary)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/tor.c | 56 |
1 files changed, 30 insertions, 26 deletions
diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index f53e5da66..7903bf511 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -19,7 +19,7 @@ static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate) { - int prev_num = 0, numbers_found = 0, num_found = 0, i; + int prev_num = 0, numbers_found = 0, num_found = 0, i, len; char dummy[48], *dot, *name; if((certificate == NULL) @@ -37,41 +37,45 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, if((dot = strrchr(dummy, '.')) == NULL) return(0); name = &dot[1]; - for(i = 0; name[i+1] != '\0'; i++) { - if((name[i] >= '0') && (name[i] <= '9')) { + len = strlen(name); + + if(len > 6) { + for(i = 0; name[i+1] != '\0'; i++) { + if((name[i] >= '0') && (name[i] <= '9')) { - if(prev_num != 1) { - numbers_found++; + if(prev_num != 1) { + numbers_found++; - if(numbers_found == 2) { - ndpi_int_tor_add_connection(ndpi_struct, flow); - return(1); + if(numbers_found == 2) { + ndpi_int_tor_add_connection(ndpi_struct, flow); + return(1); + } + prev_num = 1; } - prev_num = 1; - } - } else - prev_num = 0; + } else + prev_num = 0; - if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { - ndpi_int_tor_add_connection(ndpi_struct, flow); - return(1); - } + if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { + ndpi_int_tor_add_connection(ndpi_struct, flow); + return(1); + } - if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) { - num_found++; + if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) { + num_found++; + } } - } - if(num_found == 0) { - ndpi_int_tor_add_connection(ndpi_struct, flow); - return(1); - } else { -#ifdef PENDANTIC_TOR_CHECK - if(gethostbyname(certificate) == NULL) { + if(num_found == 0) { ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); - } + } else { +#ifdef PENDANTIC_TOR_CHECK + if(gethostbyname(certificate) == NULL) { + ndpi_int_tor_add_connection(ndpi_struct, flow); + return(1); + } #endif + } } return(0); |