diff options
| author | Luca Deri <deri@ntop.org> | 2020-08-10 19:36:43 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-08-10 19:36:43 +0200 |
| commit | dfa9dd66c0d22bcf4af0ae18999d3c330cdf50b6 (patch) | |
| tree | e06c2234209e0f49f91df52a9c60f03f068cceb9 /src | |
| parent | 95dfbdc64a48c3f8e57189499d5bb82b1b41ab09 (diff) | |
Added case-insensitive substring matching
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 15 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 53d143327..5dd36bff2 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -80,6 +80,7 @@ typedef enum { NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, NDPI_SMB_INSECURE_VERSION, NDPI_TLS_SUSPICIOUS_ESNI_USAGE, + BDPI_BLACKLISTED_HOST, /* Leave this as last member */ NDPI_MAX_RISK diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index bdbdc89f3..83c10a1d7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2591,11 +2591,17 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str, char *rule, is_ip = 1, value = &attr[3]; else if(strncmp(attr, "host:", 5) == 0) { /* host:"<value>",host:"<value>",.....@<subproto> */ + u_int i, max_len; + value = &attr[5]; if(value[0] == '"') value++; /* remove leading " */ - if(value[strlen(value) - 1] == '"') - value[strlen(value) - 1] = '\0'; /* remove trailing " */ + + max_len = strlen(value) - 1; + if(value[max_len] == '"') + value[max_len] = '\0'; /* remove trailing " */ + + for(i=0; i<max_len; i++) value[i] = tolower(value[i]); } if(is_tcp || is_udp) { @@ -6105,7 +6111,7 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t master_protocol, char *name, u_int name_len) { ndpi_protocol_match_result ret_match; - u_int16_t subproto, what_len; + u_int16_t subproto, what_len, i; char *what; if((name_len > 2) && (name[0] == '*') && (name[1] == '.')) @@ -6113,6 +6119,9 @@ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struc else what = name, what_len = name_len; + /* Convert it first to lowercase: we assume meory is writable as in nDPI dissctors */ + for(i=0; i<name_len; i++) what[i] = tolower(what[i]); + subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, what, what_len, &ret_match, master_protocol); if(subproto != NDPI_PROTOCOL_UNKNOWN) { |