vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-03 01:10:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Avoid useless host automa lookup (#1724)

Browse source 
The host automa is used for two tasks:
* protocol sub-classification (obviously);
* DGA evaluation: the idea is that if a domain is present in this
automa, it can't be a DGA, regardless of its format/name.

In most dissectors both checks are executed, i.e. the code is something
like:

```
ndpi_match_host_subprotocol(..., flow->host_server_name, ...);
ndpi_check_dga_name(..., flow->host_server_name,...);

```

In that common case, we can perform only one automa lookup: if we check the
sub-classification before the DGA, we can avoid the second lookup in
the DGA function itself.
This commit is contained in:
Ivan Nardi 2022-09-05 13:59:51 +02:00 committed by GitHub
parent 01028ee779
commit 0a47f745cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
120 changed files with 127 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/result/WebattackRCE.pcap.out
View file

@ -10,7 +10,7 @@ LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 1554/0 (search/found)
Automa host: 777/0 (search/found)
Automa domain: 777/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 777/0 (search/found)