vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

DNS: fix dissection (#2726)

Browse source
This commit is contained in:
Ivan Nardi 2025-02-15 15:13:01 +01:00 committed by GitHub
parent 091e1423e2
commit 9bf513b342
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 37 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
tests/cfgs/default/pcap/dns_lots_of_answers.pcapng Normal file
View file

Binary file not shown.

4
tests/cfgs/default/result/dns_fragmented.pcap.out
View file

@ -34,8 +34,8 @@ Acceptable 59 21695 21
7 UDP 194.247.5.6:51791 <-> 193.24.227.238:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/94 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 55/97][0.01 sec][Hostname/SNI: weberlab.de][0.0.0.0][DNS Id: 0x89ce][Risk: ** Large DNS Packet (512+ bytes) **** Fragmented DNS Message **][Risk Score: 100][Risk Info: 1472 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
8 UDP 74.125.47.136:59330 <-> 193.24.227.238:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 48/97][0.00 sec][Hostname/SNI: weberlab.de][0.0.0.0][DNS Id: 0x15a8][Risk: ** Large DNS Packet (512+ bytes) **** Fragmented DNS Message **][Risk Score: 100][Risk Info: 1472 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
9 UDP 172.217.40.76:56680 <-> 193.24.227.238:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 48/97][< 1 sec][Hostname/SNI: weberlab.de][0.0.0.0][DNS Id: 0xd43f][Risk: ** Large DNS Packet (512+ bytes) **** Fragmented DNS Message **][Risk Score: 100][Risk Info: 1472 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
10 UDP [2a00:1450:400c:c00::106]:54430 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/886 bytes][Goodput ratio: 48/93][0.00 sec][Hostname/SNI: fg2.weberlab.de][0.0.0.0][DNS Id: 0xa438][Risk: ** Large DNS Packet (512+ bytes) **][Risk Score: 50][Risk Info: 824 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [2a00:1450:4013:c05::10e]:34944 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/886 bytes][Goodput ratio: 48/93][< 1 sec][Hostname/SNI: fg2.weberlab.de][0.0.0.0][DNS Id: 0x9e06][Risk: ** Large DNS Packet (512+ bytes) **][Risk Score: 50][Risk Info: 824 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP [2a00:1450:400c:c00::106]:54430 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/886 bytes][Goodput ratio: 48/93][0.00 sec][Hostname/SNI: fg2.weberlab.de][0.0.0.0][DNS Id: 0xa438][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [2a00:1450:4013:c05::10e]:34944 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/886 bytes][Goodput ratio: 48/93][< 1 sec][Hostname/SNI: fg2.weberlab.de][0.0.0.0][DNS Id: 0x9e06][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:33592 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/300 bytes][Goodput ratio: 49/79][0.01 sec][Hostname/SNI: fg2-mgmt.weberlab.de][2001:470:1f0b:16b0::1][DNS Id: 0xbda9][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:46316 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/300 bytes][Goodput ratio: 49/79][0.01 sec][Hostname/SNI: fg2-mgmt.weberlab.de][2001:470:1f0b:16b0::1][DNS Id: 0xdd84][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:46440 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/300 bytes][Goodput ratio: 49/79][0.01 sec][Hostname/SNI: fg2-mgmt.weberlab.de][2001:470:1f0b:16b0::1][DNS Id: 0xea02][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

29
tests/cfgs/default/result/dns_lots_of_answers.pcapng.out Normal file
View file

@ -0,0 +1,29 @@
DPI Packets (TCP): 9 (9.00 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 2 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 2/1/0 (insert/search/found)
Automa host: 4/4 (search/found)
Automa domain: 4/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 4/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
DNS 16 2200 2
Acceptable 16 2200 2
1 TCP 192.168.12.169:4026 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Network/14][8 pkts/586 bytes <-> 6 pkts/1118 bytes][Goodput ratio: 7/62][3.17 sec][Hostname/SNI: bstream.hzmklvdieo.com][169.197.119.239][DNS Id: 0x474c][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 443/359 1056/716 375/357][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/186 108/764 14/258][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (bstream)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:54660 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/405 bytes][Goodput ratio: 53/89][0.32 sec][Hostname/SNI: dinamicx.alibabausercontent.com][163.181.50.229][DNS Id: 0x0c54][PLAIN TEXT (dinamic)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

6
tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
View file

@ -14,8 +14,8 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/66/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/66/0 (insert/search/found)
Automa host: 237/0 (search/found)
Automa domain: 230/0 (search/found)
Automa host: 238/0 (search/found)
Automa domain: 231/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 125/0 (search/found)
Automa common alpns: 0/0 (search/found)
@ -110,7 +110,7 @@ Unrated 33 4066 33
67 UDP 192.168.1.2:2739 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x6ade][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 UDP 192.168.1.2:2743 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7cc2][DNS Ptr: local_ost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
69 UDP 192.168.1.2:2753 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.527.in-addr.arpa][0.0.0.0][DNS Id: 0x48ce][DNS Ptr: locathost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
70 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0x55f0][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
70 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x55f0][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
71 UDP 192.168.1.2:2757 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0xdff0][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
72 UDP 192.168.1.2:2761 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 11/59][0.00 sec][0.0.0.0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
73 UDP 192.168.1.2:2767 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x78fd][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]