diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-01-08 20:40:24 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-08 20:40:24 +0100 |
| commit | bf69321a29699776f24b74e71c5dc3c80ede161b (patch) | |
| tree | 9137b93d89108ad8cfd2d4639b48a97f2af9abc9 | |
| parent | 4d27001d1dea11c759d4fa9b5a318e35b412b0c2 (diff) | |
GTP: fix some false positives (#1394)
| -rw-r--r-- | src/lib/protocols/gtp.c | 2 | ||||
| -rw-r--r-- | tests/pcap/gtp_false_positive.pcapng | bin | 1028 -> 1532 bytes | |||
| -rw-r--r-- | tests/result/gtp_false_positive.pcapng.out | 9 |
3 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 815705675..8fd85f755 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -94,7 +94,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str (gtp->message_type > 0 && gtp->message_type <= 129)) || /* Loose check based on TS 29.060 7.1 */ ((version == 2) && /* payload_len is always valid, because HEADER_LEN_GTP_C_V2 == sizeof(struct gtp_header_generic) */ - (message_len <= (payload_len - HEADER_LEN_GTP_C_V2)))) { + (message_len == (payload_len - HEADER_LEN_GTP_C_V2)))) { NDPI_LOG_INFO(ndpi_struct, "found gtp-c\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_C, NDPI_PROTOCOL_GTP); return; diff --git a/tests/pcap/gtp_false_positive.pcapng b/tests/pcap/gtp_false_positive.pcapng Binary files differindex 79ca73a38..d2147864d 100644 --- a/tests/pcap/gtp_false_positive.pcapng +++ b/tests/pcap/gtp_false_positive.pcapng diff --git a/tests/result/gtp_false_positive.pcapng.out b/tests/result/gtp_false_positive.pcapng.out index d13c6c102..aff366938 100644 --- a/tests/result/gtp_false_positive.pcapng.out +++ b/tests/result/gtp_false_positive.pcapng.out @@ -1,11 +1,12 @@ -Guessed flow protos: 2 +Guessed flow protos: 3 -DPI Packets (UDP): 6 (3.00 pkts/flow) +DPI Packets (UDP): 7 (2.33 pkts/flow) Unknown 5 428 1 -GTP 1 56 1 +GTP 2 424 2 - 1 UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][ClearText][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 119.185.190.173:2123 -> 66.86.98.114:50140 [proto: 152/GTP][ClearText][cat: Network/14][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (autoAlgo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][ClearText][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: |