RTP: improve detection of multimedia type for Signal calls (#2697)

author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2025-01-24 14:13:51 +0100
committer: GitHub <noreply@github.com> 2025-01-24 14:13:51 +0100
commit: 819b00670cf255003d07e33e0efa0e22144b29ff (patch)
tree: 6c640db95fa359de842279921d4bc9ee9595c8d2
parent: d4fb7b0aa193f9a328e403b37fb3baa0759fdab3 (diff)
5 files changed, 56 insertions, 0 deletions
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index 290f950ff..2dc653dfb 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -186,6 +186,7 @@ u_int8_t rtp_get_stream_type(u_int8_t payloadType, u_int8_t *s_type, u_int16_t s
       *s_type |= ndpi_multimedia_audio_flow;
       return(1);
 
+    case 108:
     case 120:
       *s_type |= ndpi_multimedia_video_flow;
       return(1);
diff --git a/tests/cfgs/default/pcap/signal_videocall_multiparty.pcapng b/tests/cfgs/default/pcap/signal_videocall_multiparty.pcapng
new file mode 100644
index 000000000..7e1b59ba4
--- /dev/null
+++ b/tests/cfgs/default/pcap/signal_videocall_multiparty.pcapng
diff --git a/tests/cfgs/default/result/signal_videocall_multiparty.pcapng.out b/tests/cfgs/default/result/signal_videocall_multiparty.pcapng.out
new file mode 100644
index 000000000..c127fa720
--- /dev/null
+++ b/tests/cfgs/default/result/signal_videocall_multiparty.pcapng.out
@@ -0,0 +1,27 @@
+DPI Packets (UDP):	7	(7.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 7 (7.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       2/8/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip	260	96919	1
+
+Acceptable                     260 96919         1            
+
+	1	UDP 192.168.1.117:59446 <-> 35.207.67.68:10000 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][192 pkts/75765 bytes <-> 68 pkts/21154 bytes][Goodput ratio: 89/86][17.98 sec][bytes ratio: 0.563 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/273 1011/1358 238/433][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 395/311 1253/1226 355/365][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BvkPzIMF7)][Plen Bins: 1,40,2,9,0,1,0,2,1,15,1,0,5,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,3,0,2,2,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/pcap/signal_videocall_multiparty.pcapng b/tests/cfgs/monitoring/pcap/signal_videocall_multiparty.pcapng
new file mode 120000
index 000000000..79d69ecdf
--- /dev/null
+++ b/tests/cfgs/monitoring/pcap/signal_videocall_multiparty.pcapng
@@ -0,0 +1 @@
+../../default/pcap/signal_videocall_multiparty.pcapng
+\ No newline at end of file
diff --git a/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out b/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out
new file mode 100644
index 000000000..a1a9748c3
--- /dev/null
+++ b/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out
@@ -0,0 +1,27 @@
+DPI Packets (UDP):	260	(260.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 7 (7.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       4/8/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip	260	96919	1
+
+Acceptable                     260 96919         1            
+
+	1	UDP 192.168.1.117:59446 <-> 35.207.67.68:10000 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 260][DPI packets before monitoring: 33][cat: VoIP/10][192 pkts/75765 bytes <-> 68 pkts/21154 bytes][Goodput ratio: 89/86][17.98 sec][bytes ratio: 0.563 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/273 1011/1358 238/433][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 395/311 1253/1226 355/365][RTP packets: 154/46][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BvkPzIMF7)][Plen Bins: 1,40,2,9,0,1,0,2,1,15,1,0,5,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,3,0,2,2,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2025-01-24 14:13:51 +0100
committer	GitHub <noreply@github.com>	2025-01-24 14:13:51 +0100
commit	819b00670cf255003d07e33e0efa0e22144b29ff (patch)
tree	6c640db95fa359de842279921d4bc9ee9595c8d2
parent	d4fb7b0aa193f9a328e403b37fb3baa0759fdab3 (diff)