Various MDNS flow risks fixes

author: Luca <deri@ntop.org> 2023-12-21 12:24:30 +0100
committer: Luca <deri@ntop.org> 2023-12-21 12:24:30 +0100
commit: 41aa2f96b65754660699071f95028c8caa0bcd6b (patch)
tree: 295392ec9493bacbefa09238aa6fdb1fcc87f279 /src
parent: 28b1ce41cb754d0fb7437b89372bde66a9231fd5 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index f590f2879..163983040 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -805,6 +805,8 @@ int ndpi_init_empty_app_protocol(ndpi_protocol_match const * const hostname_list
   return 0;
 }
 
+/* ******************************************************************** */
+
 int ndpi_init_app_protocol(struct ndpi_detection_module_struct *ndpi_str,
                            ndpi_protocol_match const * const match) {
   ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
@@ -6987,6 +6989,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
     break;
 
   case NDPI_PROTOCOL_SYSLOG:
+  case NDPI_PROTOCOL_MDNS:
     if(flow->l4_proto == IPPROTO_UDP)
       ndpi_unset_risk(ndpi_str, flow, NDPI_UNIDIRECTIONAL_TRAFFIC);
     break;
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 2c7adac87..547da36c5 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -773,7 +773,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
     if(dot) {
       uintptr_t first_element_len = dot - _hostname;
 
-      if(first_element_len > 32) {
+      if((first_element_len > 32) && (!is_mdns)) {
 	/*
 	  The lenght of the first element in the query is very long
 	  and this might be an issue or indicate an exfiltration
author	Luca <deri@ntop.org>	2023-12-21 12:24:30 +0100
committer	Luca <deri@ntop.org>	2023-12-21 12:24:30 +0100
commit	41aa2f96b65754660699071f95028c8caa0bcd6b (patch)
tree	295392ec9493bacbefa09238aa6fdb1fcc87f279 /src
parent	28b1ce41cb754d0fb7437b89372bde66a9231fd5 (diff)