diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 44 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 6 |
3 files changed, 31 insertions, 21 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 86192c1fb..364fd0101 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -165,6 +165,8 @@ extern "C" { u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport); ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport); + int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *string_to_match, u_int string_to_match_len); int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 4ec1fa503..cffcbd78c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4305,14 +4305,11 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { /* ****************************************************** */ -static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - ndpi_automa *automa, - struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len, - u_int16_t master_protocol_id) { - int matching_protocol_id; - struct ndpi_packet_struct *packet = &flow->packet; +int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *string_to_match, u_int string_to_match_len) { + int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; AC_TEXT_t ac_input_text; + ndpi_automa *automa = &ndpi_struct->host_automa; if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); @@ -4321,13 +4318,23 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str automa->ac_automa_finalized = 1; } - matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; - ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; - ac_automata_search (((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); - + ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); + return(matching_protocol_id); +} + +/* ****************************************************** */ + +static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id) { + int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len); + struct ndpi_packet_struct *packet = &flow->packet; + AC_TEXT_t ac_input_text; + #ifdef DEBUG { char m[256]; @@ -4336,7 +4343,8 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str strncpy(m, string_to_match, len); m[len] = '\0'; - printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); + printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", + m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); } #endif @@ -4362,10 +4370,10 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str /* ****************************************************** */ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len, - u_int16_t master_protocol_id) { - return(ndpi_automa_match_string_subprotocol(ndpi_struct, &ndpi_struct->host_automa, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id) { + return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, master_protocol_id)); } @@ -4376,8 +4384,8 @@ int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id) { - return(ndpi_automa_match_string_subprotocol(ndpi_struct, &ndpi_struct->content_automa, - flow, string_to_match, string_to_match_len, + return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, + string_to_match, string_to_match_len, master_protocol_id)); } diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 9f9bb243b..8749f4d5e 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -72,10 +72,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* 0x0000 QUERY */ if((dns_header->flags & FLAGS_MASK) == 0x0000) - is_query = 0; + is_query = 1; /* 0x8000 RESPONSE */ else if((dns_header->flags & FLAGS_MASK) != 0x8000) - is_query = 1; + is_query = 0; else invalid = 1; @@ -89,7 +89,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd invalid = 1; } else { /* DNS Reply */ - if((dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */ + if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */ && (((dns_header->num_answers > 0) && (dns_header->num_answers <= NDPI_MAX_DNS_REQUESTS)) || ((dns_header->authority_rrs > 0) && (dns_header->authority_rrs <= NDPI_MAX_DNS_REQUESTS)) || ((dns_header->additional_rrs > 0) && (dns_header->additional_rrs <= NDPI_MAX_DNS_REQUESTS))) |