aboutsummaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/ndpi_main.c3
-rw-r--r--src/lib/ndpi_utils.c6
-rw-r--r--src/lib/protocols/dns.c3
-rw-r--r--src/lib/protocols/http.c3
4 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index baa41d5fb..d14c8086b 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -111,7 +111,8 @@ static ndpi_risk_info ndpi_known_risks[] = {
{ NDPI_POSSIBLE_EXPLOIT, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE },
{ NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE },
{ NDPI_PUNYCODE_IDN, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE },
-
+ { NDPI_ERROR_CODE_DETECTED, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE },
+
/* Leave this as last member */
{ NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE }
};
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 605f2110e..013a1918e 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1848,7 +1848,11 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
case NDPI_PUNYCODE_IDN:
return("IDN Domain Name");
break;
-
+
+ case NDPI_ERROR_CODE_DETECTED:
+ return("Error Code Detected");
+ break;
+
default:
snprintf(buf, sizeof(buf), "%d", (int)risk);
return(buf);
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 6537b8b2e..96b1f5da7 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -233,6 +233,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
/* DNS Reply */
flow->protos.dns.reply_code = dns_header->flags & 0x0F;
+ if(flow->protos.dns.reply_code != 0)
+ ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED);
+
if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */
&& ((((dns_header->num_answers > 0) && (dns_header->num_answers <= NDPI_MAX_DNS_REQUESTS))
|| ((dns_header->authority_rrs > 0) && (dns_header->authority_rrs <= NDPI_MAX_DNS_REQUESTS))
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index fd3a64664..cf1e6282b 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -999,9 +999,12 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
buf[3] = '\0';
flow->http.response_status_code = atoi(buf);
+
/* https://en.wikipedia.org/wiki/List_of_HTTP_status_codes */
if((flow->http.response_status_code < 100) || (flow->http.response_status_code > 509))
flow->http.response_status_code = 0; /* Out of range */
+ else if(flow->http.response_status_code >= 400)
+ ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED);
}
ndpi_parse_packet_line_info(ndpi_struct, flow);
Powered by cgit, Themed by Ted Yin.