From 45781827eb7bca61599e534591cd4616e312457c Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 18 Oct 2023 22:50:05 +0200
Subject: [PATCH] Fix for handling TLS host labelling

---
 src/Flow.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/Flow.cpp b/src/Flow.cpp
index eda736605d..b47f6a0b17 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -607,8 +607,9 @@ void Flow::processDetectedProtocolData() {
     case NDPI_PROTOCOL_TLS:
     case NDPI_PROTOCOL_QUIC:
       if (ndpiFlow->host_server_name[0] != '\0') {
-        if (ndpiDetectedProtocol.app_protocol != NDPI_PROTOCOL_DOH_DOT &&
-            cli_h && cli_h->isLocalHost())
+        if ((ndpiDetectedProtocol.app_protocol != NDPI_PROTOCOL_DOH_DOT)
+	    && cli_h
+	    && cli_h->isLocalHost())
           cli_h->incrVisitedWebSite(ndpiFlow->host_server_name);
 
         if (cli_h) cli_h->incContactedService(ndpiFlow->host_server_name);
@@ -2215,7 +2216,7 @@ void Flow::hosts_periodic_stats_update(NetworkInterface *iface, Host *cli_host,
     else if((protos.tls.client_requested_server_name != NULL)
 	    && (!hasRisk(NDPI_TLS_CERTIFICATE_MISMATCH))
 	    && (!Utils::isIPAddress(protos.tls.client_requested_server_name))
-	    && (get_packets() >= 20) /*
+	    && (get_packets() >= 16) /*
 				       Avoid micro-flows that might be an indication that
 				       the response page is too short and thus that
 				       it might be a denied page or similar