From 77960010fedc9b6fe4db6fa4633e01335cd0b09e Mon Sep 17 00:00:00 2001
From: Simone Mainardi <mainardi@ntop.org>
Date: Fri, 20 Dec 2019 14:56:41 +0100
Subject: [PATCH] Fixes broken DNS qry/rsp dissection

---
 src/Flow.cpp | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/Flow.cpp b/src/Flow.cpp
index 04d1614a3a..7874ed28ad 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -2901,9 +2901,17 @@ void Flow::dissectBittorrent(char *payload, u_int16_t payload_len) {
 /* *************************************** */
 
 void Flow::dissectDNS(bool src2dst_direction, char *payload, u_int16_t payload_len) {
-  if(isDNSQuery())
+  struct ndpi_dns_packet_header dns_header;
+  u_int8_t payload_offset = get_protocol() == IPPROTO_UDP ? 0 : 2;
+
+  if(payload_len + payload_offset < sizeof(dns_header))
+    return;
+
+  memcpy(&dns_header, &payload[payload_offset], sizeof(dns_header));
+
+  if((dns_header.flags & 0x8000) == 0x0000)
     stats.incDNSQuery(getLastQueryType());
-  else
+  else if((dns_header.flags & 0x8000) == 0x8000)
     stats.incDNSResp(getDNSRetCode());
 }