Improed Steam detection by adding Steamdiscover patterns.improved/steam-by-adding-steamdiscover

Signed-off-by: lns <matzeton@googlemail.com>

2 files changed, 15 insertions, 2 deletions

diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index b4ef20f5f..c76a31d11 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -130,7 +130,7 @@ extern "C" {
 					     const char **file, const char **func, u_int32_t * line);
 #endif
 
-  /** Checks when the @p payload starts with the string literal @p str.
+  /** Checks when the @payload starts with the string literal @p str.
    * When the string is larger than the payload, check fails.
    * @return non-zero if check succeeded
    */
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c
index 682628bab..60477866d 100644
--- a/src/lib/protocols/steam.c
+++ b/src/lib/protocols/steam.c
@@ -103,6 +103,18 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc
   }
 }
 
+static void ndpi_check_steamdiscover(struct ndpi_detection_module_struct *ndpi_struct,
+                                     struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+
+  if (ndpi_match_strprefix(packet->payload, packet->payload_packet_len,
+                           "\xff\xff\xff\xff\x21\x4c\x5f\xa0"))
+  {
+    ndpi_int_steam_add_connection(ndpi_struct, flow);
+  }
+}
+
 static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
@@ -262,7 +274,8 @@ static void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct,
       NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
       return;
     }
-    
+
+    ndpi_check_steamdiscover(ndpi_struct, flow);
     ndpi_check_steam_udp1(ndpi_struct, flow);
 	
     if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM)