diff options
| author | Luca <deri@ntop.org> | 2023-08-21 13:40:42 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2023-08-21 13:40:42 +0200 |
| commit | bd25df33346555b20918239bb0ec3ce11b6219c8 (patch) | |
| tree | dadab40963940c9d205c2bf836bfc78d1dd0d098 | |
| parent | 9e4bcc7771dff63d1210748e945a04c95e55223e (diff) | |
Improved Wireguard detection
| -rw-r--r-- | src/lib/protocols/wireguard.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/protocols/wireguard.c b/src/lib/protocols/wireguard.c index 7788b0c12..5356a3fd8 100644 --- a/src/lib/protocols/wireguard.c +++ b/src/lib/protocols/wireguard.c @@ -98,6 +98,12 @@ static void ndpi_search_wireguard(struct ndpi_detection_module_struct *ndpi_stru */ flow->l4.udp.wireguard_stage = 1 + packet->packet_direction; flow->l4.udp.wireguard_peer_index[packet->packet_direction] = sender_index; + + if(flow->num_processed_pkts > 1) { + /* This looks like a retransmission and probably this communication is blocked hence let's stop here */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; + } /* need more packets before deciding */ } else if (message_type == WG_TYPE_HANDSHAKE_RESPONSE && packet->payload_packet_len == 92) { if (flow->l4.udp.wireguard_stage == 2 - packet->packet_direction) { @@ -107,6 +113,7 @@ static void ndpi_search_wireguard(struct ndpi_detection_module_struct *ndpi_stru * matches the index in the handshake initiation. */ u_int32_t receiver_index = get_u_int32_t(payload, 8); + if (receiver_index == flow->l4.udp.wireguard_peer_index[1 - packet->packet_direction]) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { |