diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 29 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 33 |
2 files changed, 54 insertions, 8 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6c7ba2e15..f678416a8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2953,6 +2953,8 @@ static void ndpi_add_domain_risk_exceptions(struct ndpi_detection_module_struct u_int i; ndpi_risk mask = ((ndpi_risk)-1); + if(!ndpi_str) return; + for(i=0; risks_to_mask[i] != NDPI_NO_RISK; i++) mask &= ~(1ULL << risks_to_mask[i]); @@ -8041,6 +8043,9 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st char *ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_str, u_int16_t proto_id) { + + if(!ndpi_str) return("Unknown"); + if((proto_id >= ndpi_str->ndpi_num_supported_protocols) || (!ndpi_is_valid_protoId(proto_id)) || (ndpi_str->proto_defaults[proto_id].protoName == NULL)) @@ -8053,6 +8058,9 @@ char *ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_str, u_int16_t proto_id) { + + if(!ndpi_str) return(NDPI_PROTOCOL_UNRATED); + if((proto_id >= ndpi_str->ndpi_num_supported_protocols) || (!ndpi_is_valid_protoId(proto_id)) || (ndpi_str->proto_defaults[proto_id].protoName == NULL)) @@ -8092,6 +8100,8 @@ char *ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_str, int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_str, char *proto) { int i; + if(!ndpi_str) return(-1); + for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++) if(ndpi_str->proto_defaults[i].protoName && strcasecmp(proto, ndpi_str->proto_defaults[i].protoName) == 0) @@ -8105,6 +8115,8 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_str, char *pr int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *cat) { int i; + if(!ndpi_str) return(-1); + for(i = 0; i < NDPI_PROTOCOL_NUM_CATEGORIES; i++) { const char *name = ndpi_category_get_name(ndpi_str, i); @@ -8120,6 +8132,8 @@ int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *ca void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) { int i; + if(!ndpi_str) return; + for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++) printf("%3d %-22s %-10s %-8s %-12s %s\n", i, ndpi_str->proto_defaults[i].protoName, @@ -8275,6 +8289,8 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_str, ndpi_automa *automa = &ndpi_str->host_automa; int rc; + if(!ndpi_str) return(NDPI_PROTOCOL_UNKNOWN); + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); @@ -8315,6 +8331,8 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu ndpi_protocol_match_result *ret_match) { int matching_protocol_id; + if(!ndpi_str) return(NDPI_PROTOCOL_UNKNOWN); + matching_protocol_id = ndpi_match_string_subprotocol(ndpi_str, string_to_match, string_to_match_len, ret_match); @@ -8369,6 +8387,9 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu void ndpi_check_subprotocol_risk(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t subprotocol_id) { + + if(!ndpi_str) return; + switch(subprotocol_id) { case NDPI_PROTOCOL_ANYDESK: ndpi_set_risk(ndpi_str, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION, "Found AnyDesk"); /* Remote assistance */ @@ -8386,6 +8407,8 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_ u_int16_t rc; ndpi_protocol_category_t id; + if(!ndpi_str) return(-1); + memset(ret_match, 0, sizeof(*ret_match)); rc = ndpi_automa_match_string_subprotocol(ndpi_str, flow, @@ -8434,6 +8457,8 @@ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struc u_int16_t subproto, what_len; char *what; + if(!ndpi_struct) return(0); + if((name_len > 2) && (name[0] == '*') && (name[1] == '.')) what = &name[1], what_len = name_len - 1; else @@ -8455,14 +8480,17 @@ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struc static inline int ndpi_match_xgram(unsigned int *map,unsigned int l,const char *str) { unsigned int i,c; + for(i=0,c=0; *str && i < l; i++) { unsigned char a = (unsigned char)(*str++); if(a < 'a' || a > 'z') return 0; c *= XGRAMS_C; c += a-'a'; } + return (map[c >> 5] & (1u << (c & 0x1f))) != 0; } + int ndpi_match_bigram(const char *str) { return ndpi_match_xgram(bigrams_bitmap, 2, str); } @@ -8477,7 +8505,6 @@ int ndpi_match_trigram(const char *str) { return ndpi_match_xgram(trigrams_bitmap, 3, str); } - /* ****************************************************** */ void ndpi_free_flow(struct ndpi_flow_struct *flow) { diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 79138b8e2..5976de3d4 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2416,6 +2416,23 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp if(host && (host[0] != '\0')) { /* Check host exception */ ndpi_check_hostname_risk_exception(ndpi_str, flow, host); + + if(flow->risk_mask == 0) { + u_int i; + + /* + Might be that the exception applied when some risks + were already triggered: we need to clean them up + */ + for(i=0; i<flow->num_risk_infos; i++) { + if(flow->risk_infos[i].info != NULL) { + free(flow->risk_infos[i].info); + flow->risk_infos[i].info = NULL; + } + } + + flow->num_risk_infos = 0; + } /* Used to avoid double checks (e.g. in DNS req/rsp) */ flow->host_risk_mask_evaluated = 1; @@ -2449,14 +2466,16 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str, ndpi_handle_risk_exceptions(ndpi_str, flow); - if(risk_message != NULL) { - if(flow->num_risk_infos < MAX_NUM_RISK_INFOS) { - char *s = ndpi_strdup(risk_message); + if(flow->risk != 0 /* check if it has been masked */) { + if(risk_message != NULL) { + if(flow->num_risk_infos < MAX_NUM_RISK_INFOS) { + char *s = ndpi_strdup(risk_message); - if(s != NULL) { - flow->risk_infos[flow->num_risk_infos].id = r; - flow->risk_infos[flow->num_risk_infos].info = s; - flow->num_risk_infos++; + if(s != NULL) { + flow->risk_infos[flow->num_risk_infos].id = r; + flow->risk_infos[flow->num_risk_infos].info = s; + flow->num_risk_infos++; + } } } } |