From 3577072b12438bf2706789fbaf1bd1868d60fe94 Mon Sep 17 00:00:00 2001
From: Darryl Sokoloski <dsokoloski@clearfoundation.com>
Date: Thu, 30 Nov 2017 14:54:23 -0500
Subject: Return before calling ndpi_match_host_subprotocol when
 dns_dissect_response enabled.

Otherwise responses will never be seen if a host sub-protocol matched.
---
 src/lib/protocols/dns.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 5358cc8b7..2d11554f1 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -197,6 +197,9 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	off++;
       }
 
+	if(is_query && ndpi_struct->dns_dissect_response)
+	  return; /* The response will set the verdict */
+
       flow->host_server_name[j] = '\0';
 
       flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries,
@@ -217,9 +220,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 #endif
     
       if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-	if(is_query && ndpi_struct->dns_dissect_response)
-	  return; /* The response will set the verdict */
-	
 	/**
 	   Do not set the protocol with DNS if ndpi_match_host_subprotocol() has
 	   matched a subprotocol
-- 
cgit v1.2.3