diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-02-16 14:32:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-16 14:32:56 +0100 |
| commit | d51b6ab0492e1c32e9954ee77a27a755ffaccc92 (patch) | |
| tree | 42671173adccab074450594d045135a68fb22c30 /src | |
| parent | 7dc5890c0f21ffded4807a35de8f14a51ecb6d8a (diff) | |
DNS: fix parsing of hostname for empty response messages (#2731)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/dns.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 36b928980..7199d51f6 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -706,6 +706,7 @@ static int search_dns_again(struct ndpi_detection_module_struct *ndpi_struct, st static int process_hostname(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + struct ndpi_dns_packet_header *dns_header, ndpi_master_app_protocol *proto) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; char *dot; @@ -716,6 +717,10 @@ static int process_hostname(struct ndpi_detection_module_struct *ndpi_struct, proto->master_protocol = checkDNSSubprotocol(ntohs(flow->c_port), ntohs(flow->s_port)); proto->app_protocol = NDPI_PROTOCOL_UNKNOWN; + /* We try to get hostname only from "standard" query/answer */ + if(dns_header->num_queries == 0 && dns_header->num_answers == 0) + return -1; + is_mdns = (proto->master_protocol == NDPI_PROTOCOL_MDNS); /* TODO: should we overwrite existing hostname? @@ -803,7 +808,7 @@ static void search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - process_hostname(ndpi_struct, flow, &proto); + process_hostname(ndpi_struct, flow, &dns_header, &proto); off = sizeof(struct ndpi_dns_packet_header) + payload_offset; |