diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-03 18:51:16 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-03 18:51:16 +0200 |
| commit | eed47acfc8532486a830404268def82cb0794f77 (patch) | |
| tree | e179f68dd6c15b84eea70963394fa14bd9b20c1d | |
| parent | 77ac58e553fd4efa311522ca349f939fb1212c94 (diff) | |
Skype_Teams, Mining, SnapchatCall: fix flow category (#1624)
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/skype.c | 7 | ||||
| -rw-r--r-- | tests/result/skype_udp.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/snapchat_call.pcapng.out | 2 |
5 files changed, 17 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3ef44037b..f8764b4b0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5542,6 +5542,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_CACHE); ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + ndpi_fill_protocol_category(ndpi_str, flow, &ret); return(ret); } } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 61e7f6880..aafeb3397 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1598,8 +1598,15 @@ static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_stru (packet->payload[1] == 201 || /* RTCP, Receiver Report */ packet->payload[1] == 200 || /* RTCP, Sender Report */ is_valid_rtp_payload_type(packet->payload[1] & 0x7F)) /* RTP */) { + ndpi_protocol proto; + NDPI_LOG_DBG(ndpi_struct, "Found RTP/RTCP over QUIC\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI); + /* In "extra_eval" data path, if we change the classification, we need to update the category, too */ + proto.master_protocol = NDPI_PROTOCOL_QUIC; + proto.app_protocol = NDPI_PROTOCOL_SNAPCHAT_CALL; + proto.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; + ndpi_fill_protocol_category(ndpi_struct, flow, &proto); } else { /* Unexpected traffic pattern: we should investigate it... */ NDPI_LOG_INFO(ndpi_struct, "To investigate...\n"); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 8fb4b195b..6fece0e63 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -54,7 +54,14 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ } if (detected) { + ndpi_protocol proto; + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + /* In "extra_eval" data path, if we change the classification, we need to update the category, too */ + proto.master_protocol = NDPI_PROTOCOL_UNKNOWN; + proto.app_protocol = NDPI_PROTOCOL_SKYPE_TEAMS; + proto.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; + ndpi_fill_protocol_category(ndpi_struct, flow, &proto); flow->extra_packets_func = NULL; /* Stop checking extra packets */ diff --git a/tests/result/skype_udp.pcap.out b/tests/result/skype_udp.pcap.out index d6fd242c3..3d05083b6 100644 --- a/tests/result/skype_udp.pcap.out +++ b/tests/result/skype_udp.pcap.out @@ -5,4 +5,4 @@ Confidence DPI : 1 (flows) Skype_Teams 5 339 1 - 1 UDP 192.168.1.2:35990 <-> 24.224.190.149:39262 [proto: 125/Skype_Teams][Encrypted][Confidence: DPI][4 pkts/279 bytes <-> 1 pkts/60 bytes][Goodput ratio: 40/30][72.51 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.2:35990 <-> 24.224.190.149:39262 [proto: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: VoIP/10][4 pkts/279 bytes <-> 1 pkts/60 bytes][Goodput ratio: 40/30][72.51 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/snapchat_call.pcapng.out b/tests/result/snapchat_call.pcapng.out index 78a43a46c..cca502171 100644 --- a/tests/result/snapchat_call.pcapng.out +++ b/tests/result/snapchat_call.pcapng.out @@ -5,4 +5,4 @@ Confidence DPI : 1 (flows) SnapchatCall 50 12772 1 - 1 UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][Encrypted][Confidence: DPI][cat: Cloud/13][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] + 1 UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][Encrypted][Confidence: DPI][cat: VoIP/10][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] |