Added NDPI_MINOR_ISSUES risk used for storing generic/relevant information about issues found on traffic.

author: Luca Deri <deri@ntop.org> 2022-12-31 16:55:55 +0100
committer: Luca Deri <deri@ntop.org> 2022-12-31 16:55:55 +0100
commit: 2c551afbd7b2e14df6102724e426799b86b38964 (patch)
tree: 0bc02631769fcbe3ac054d0b5d92e2da2ced4091 /src
parent: 1735931f675eb9a70e3f2ea9dda9db8b6636f2bd (diff)
4 files changed, 8 insertions, 3 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index fde132e56..949db82a7 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -122,6 +122,7 @@ typedef enum {
 				  are received in the opposite direction */
   NDPI_HTTP_OBSOLETE_SERVER,
   NDPI_PERIODIC_FLOW, /* Set in case a flow repeats at a specific pace [used by apps on top of nDPI] */
+  NDPI_MINOR_ISSUES, /* Generic packet issues (e.g. DNS with 0 TTL) */
   
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 63 due to (**) */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 09bfe7be3..a6d32a6ff 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -167,6 +167,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
   { NDPI_UNIDIRECTIONAL_TRAFFIC,                NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
   { NDPI_HTTP_OBSOLETE_SERVER,                  NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE,  NDPI_SERVER_ACCOUNTABLE },
   { NDPI_PERIODIC_FLOW,                         NDPI_RISK_LOW,    CLIENT_LOW_RISK_PERCENTAGE,  NDPI_CLIENT_ACCOUNTABLE },
+  { NDPI_MINOR_ISSUES,                          NDPI_RISK_LOW,    CLIENT_LOW_RISK_PERCENTAGE,  NDPI_BOTH_ACCOUNTABLE   },
   
   /* Leave this as last member */
   { NDPI_MAX_RISK,                              NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY   }
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index e42e7d004..ace49cab7 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -2005,7 +2005,7 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
 
   case NDPI_DNS_LARGE_PACKET:
     return("Large DNS Packet (512+ bytes)");
-
+    
   case NDPI_DNS_FRAGMENTED:
     return("Fragmented DNS Message");
 
@@ -2047,6 +2047,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_PERIODIC_FLOW:
     return("Periodic Flow");
     break;
+
+  case NDPI_MINOR_ISSUES:
+    return("Minor Issues");
     
   default:
     ndpi_snprintf(buf, sizeof(buf), "%d", (int)risk);
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 7df825f8b..48da46e39 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -412,8 +412,8 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
 	  rsp_ttl  = ntohl(*((u_int32_t*)&packet->payload[x+2]));
 
 	  if(rsp_ttl == 0)
-	    ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_SUSPICIOUS_TRAFFIC, "DNS Record with zero TTL");
-
+	    ndpi_set_risk(ndpi_struct, flow, NDPI_MINOR_ISSUES, "DNS Record with zero TTL");
+	  
 #ifdef DNS_DEBUG
 	  printf("[DNS] TTL = %u\n", rsp_ttl);
 	  printf("[DNS] [response] response_type=%d\n", rsp_type);
author	Luca Deri <deri@ntop.org>	2022-12-31 16:55:55 +0100
committer	Luca Deri <deri@ntop.org>	2022-12-31 16:55:55 +0100
commit	2c551afbd7b2e14df6102724e426799b86b38964 (patch)
tree	0bc02631769fcbe3ac054d0b5d92e2da2ced4091 /src
parent	1735931f675eb9a70e3f2ea9dda9db8b6636f2bd (diff)