diff options
| author | Toni <matzeton@googlemail.com> | 2021-07-06 18:57:04 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-06 18:57:04 +0200 |
| commit | 6f297332623cb3e377901160a388b9bd1165715e (patch) | |
| tree | 6edbde552495b866a61a6232e16510e9af811230 | |
| parent | 58665e93a98d014b53d131b2481ccab074efc9ff (diff) | |
Improved RTSP via HTTP detection. (#1232)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/rtsp.c | 9 | ||||
| -rw-r--r-- | tests/pcap/rtsp_setup_http.pcapng | bin | 0 -> 708 bytes | |||
| -rw-r--r-- | tests/result/rtsp_setup_http.pcapng.out | 3 |
4 files changed, 13 insertions, 0 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d014da328..66102fbf2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -876,6 +876,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_HTTP, + NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_AIMINI, NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_GNUTELLA, NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_WORLDOFWARCRAFT, diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 2fcfffc61..435d09db5 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -47,6 +47,15 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); + if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP && + packet->parsed_lines > 0 && + LINE_STARTS(packet->line[0], "SETUP rtsp://") != 0 && + LINE_ENDS(packet->line[0], "RTSP/1.0") != 0) + { + ndpi_int_rtsp_add_connection(ndpi_struct, flow); + return; + } + if (flow->rtsprdt_stage == 0 && !(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTCP) ) { diff --git a/tests/pcap/rtsp_setup_http.pcapng b/tests/pcap/rtsp_setup_http.pcapng Binary files differnew file mode 100644 index 000000000..ba4a983df --- /dev/null +++ b/tests/pcap/rtsp_setup_http.pcapng diff --git a/tests/result/rtsp_setup_http.pcapng.out b/tests/result/rtsp_setup_http.pcapng.out new file mode 100644 index 000000000..06004c88e --- /dev/null +++ b/tests/result/rtsp_setup_http.pcapng.out @@ -0,0 +1,3 @@ +HTTP 1 233 1 + + 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50.7/RTSP.HTTP][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |