From 8ea8ba8e9b52620989d515f0762be3ec906d4c30 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 23 Jul 2021 08:29:36 +0200 Subject: Fixed risk mask implementation --- example/protos.txt | 3 +++ src/lib/ndpi_main.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/example/protos.txt b/example/protos.txt index de3a8f1de..b80e4cf57 100644 --- a/example/protos.txt +++ b/example/protos.txt @@ -50,4 +50,7 @@ ip:54.80.47.130@AmazonPrime # For IPs, the flow risk is put in AND (source IP mask OR destination IP mask) # For Flows with a hostname (e.g. TLS) the risk is also put in AND with the host_risk_mask ip_risk_mask:192.168.1.6=0 +ip_risk_mask:10.196.157.228=0 host_risk_mask:"api-global.netflix.com"=0 + + diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index bd76bd7c7..5fee38f15 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4742,7 +4742,7 @@ void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndpi_str, host = ndpi_get_flow_name(flow); - if(host) { + if(host && (host[0] != '\0')) { /* Check host exception */ ndpi_automa *automa = &ndpi_str->host_risk_mask_automa; @@ -5556,7 +5556,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ndpi_reconcile_protocols(ndpi_str, flow, &ret); - if((!flow->risk_checked) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) { + if((!flow->risk_checked) + && ((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)) + ) { ndpi_default_ports_tree_node_t *found; u_int16_t *default_ports, sport, dport; @@ -5613,8 +5615,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct flow->risk_checked = 1; } - // printf("===> RISK=%llu\n", flow->risk); - if(num_calls == 0) flow->fail_with_unknown = 1; -- cgit v1.2.3