From da3e6bd61b7eaf54cad432bd737d5d894e6c9bf9 Mon Sep 17 00:00:00 2001
From: Toni <matzeton@googlemail.com>
Date: Tue, 27 Apr 2021 07:22:04 +0200
Subject: Check for common ALPNs and set a flow risk if not known. (#1175)

* Increased risk bitmask to 64bit (instead of 32bit).
 * Removed annoying "Unknown datalink" error message for fuzzers.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/ndpi_utils.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/lib/ndpi_utils.c')

diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 262cb2d72..05e7b086b 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1776,7 +1776,10 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
 
   case NDPI_DESKTOP_OR_FILE_SHARING_SESSION:
     return("Desktop/File Sharing Session");
-    
+
+  case NDPI_TLS_UNCOMMON_ALPN:
+    return("Uncommon TLS ALPN");
+
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
@@ -2460,7 +2463,7 @@ int ndpi_hash_add_entry(ndpi_str_hash *h, char *key, u_int8_t key_len, u_int8_t
 /* ******************************************************************** */
 
 void ndpi_set_risk(struct ndpi_flow_struct *flow, ndpi_risk_enum r) {
-  u_int32_t v = 1 << r;
+  ndpi_risk v = 1ull << r;
   
   // NDPI_SET_BIT(flow->risk, (u_int32_t)r);
   flow->risk |= v;
-- 
cgit v1.2.3