From ec83a592b8b946c8035919fdfc066af4bf6f0e4f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 27 Jan 2024 20:46:00 +0100 Subject: Check DGA on domain name (as it should be) rather than on the host name --- src/lib/ndpi_main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b70ebdb73..df70e26ab 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -10061,6 +10061,10 @@ static int ndpi_is_vowel(char c) { int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, char *name, u_int8_t is_hostname, u_int8_t check_subproto) { + + /* Get domain name if ndpi_load_domain_suffixes(..) has been called */ + name = (char*)ndpi_get_host_domain(ndpi_str, name); + if(ndpi_dga_function != NULL) { /* A custom DGA function is defined */ int rc = ndpi_dga_function(name, is_hostname); -- cgit v1.2.3