From 5a37ee99764b7d262676b0ca052075c9c559c01d Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 6 Apr 2016 09:45:38 +0200
Subject: Removed some Tor false positives (more work necessary)

---
 src/lib/protocols/tor.c | 56 ++++++++++++++++++++++++++-----------------------
 1 file changed, 30 insertions(+), 26 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c
index f53e5da66..7903bf511 100644
--- a/src/lib/protocols/tor.c
+++ b/src/lib/protocols/tor.c
@@ -19,7 +19,7 @@ static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct
 
 int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
 		    struct ndpi_flow_struct *flow, char *certificate) {
-  int prev_num = 0, numbers_found = 0, num_found = 0, i;
+  int prev_num = 0, numbers_found = 0, num_found = 0, i, len;
   char dummy[48], *dot, *name;
 
   if((certificate == NULL)
@@ -37,41 +37,45 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
   if((dot = strrchr(dummy, '.')) == NULL) return(0);
   name = &dot[1];
 
-  for(i = 0; name[i+1] != '\0'; i++) {
-    if((name[i] >= '0') && (name[i] <= '9')) {
+  len = strlen(name);
+  
+  if(len > 6) {
+    for(i = 0; name[i+1] != '\0'; i++) {
+      if((name[i] >= '0') && (name[i] <= '9')) {
 
-      if(prev_num != 1) {
-	numbers_found++;
+	if(prev_num != 1) {
+	  numbers_found++;
 
-	if(numbers_found == 2) {
-	  ndpi_int_tor_add_connection(ndpi_struct, flow);
-	  return(1);
+	  if(numbers_found == 2) {
+	    ndpi_int_tor_add_connection(ndpi_struct, flow);
+	    return(1);
+	  }
+	  prev_num = 1;
 	}
-	prev_num = 1;
-      }
-    } else
-      prev_num = 0;
+      } else
+	prev_num = 0;
 
-    if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) {
-      ndpi_int_tor_add_connection(ndpi_struct, flow);
-      return(1);
-    }
+      if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) {
+	ndpi_int_tor_add_connection(ndpi_struct, flow);
+	return(1);
+      }
 
-    if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) {
-      num_found++;
+      if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) {
+	num_found++;
+      }
     }
-  }
 
-  if(num_found == 0) {
-    ndpi_int_tor_add_connection(ndpi_struct, flow);
-    return(1);
-  } else {
-#ifdef PENDANTIC_TOR_CHECK
-    if(gethostbyname(certificate) == NULL) {
+    if(num_found == 0) {
       ndpi_int_tor_add_connection(ndpi_struct, flow);
       return(1);
-    }
+    } else {
+#ifdef PENDANTIC_TOR_CHECK
+      if(gethostbyname(certificate) == NULL) {
+	ndpi_int_tor_add_connection(ndpi_struct, flow);
+	return(1);
+      }
 #endif
+    }
   }
 
   return(0);
-- 
cgit v1.2.3