Various MDNS flow risks fixes

ntop · Dec 21, 2023 · 41aa2f9 · 41aa2f9
1 parent 28b1ce4
commit 41aa2f9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
@@ -805,6 +805,8 @@ int ndpi_init_empty_app_protocol(ndpi_protocol_match const * const hostname_list
   return 0;
 }
 
+/* ******************************************************************** */
+
 int ndpi_init_app_protocol(struct ndpi_detection_module_struct *ndpi_str,
                            ndpi_protocol_match const * const match) {
   ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
@@ -6987,6 +6989,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
     break;
 
   case NDPI_PROTOCOL_SYSLOG:
+  case NDPI_PROTOCOL_MDNS:
     if(flow->l4_proto == IPPROTO_UDP)
       ndpi_unset_risk(ndpi_str, flow, NDPI_UNIDIRECTIONAL_TRAFFIC);
     break;

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
@@ -773,7 +773,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
     if(dot) {
       uintptr_t first_element_len = dot - _hostname;
 
-      if(first_element_len > 32) {
+      if((first_element_len > 32) && (!is_mdns)) {
 	/*
 	  The lenght of the first element in the query is very long
 	  and this might be an issue or indicate an exfiltration