diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-04-25 19:25:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-25 19:25:07 +0200 |
| commit | 8934f7b45f1fde715ecd0d4c5fa8b2301ce5e647 (patch) | |
| tree | d2a54f93000a1b5d857c3313e6c72118a18c99fd /example/ndpiReader.c | |
| parent | 40b6d5a2e193322e6e93b2eeb087c51d8eb6faad (diff) | |
Add an heuristic to detect/ignore some anomalous TCP ACK packets (#1948)
In some networks, there are some anomalous TCP flows where the smallest
ACK packets have some kind of zero padding.
It looks like the IP and TCP headers in those frames wrongly consider the
0x00 Ethernet padding bytes as part of the TCP payload.
While this kind of packets is perfectly valid per-se, in some conditions
they might be treated by the TCP reassembler logic as (partial) overlaps,
deceiving the classification engine.
Add an heuristic to detect these packets and to ignore them, allowing
correct detection/classification.
This heuristic is configurable. Default value:
* in the library, it is disabled
* in `ndpiReader` and in the fuzzers, it is enabled (to ease testing)
Credit to @vel21ripn for the initial patch.
Close #1946
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 72408409e..768ec4354 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -98,7 +98,7 @@ char *_debug_protocols = NULL; char *_disabled_protocols = NULL; int aggressiveness[NDPI_MAX_SUPPORTED_PROTOCOLS]; static u_int8_t stats_flag = 0; -ndpi_init_prefs init_prefs = ndpi_no_prefs; +ndpi_init_prefs init_prefs = ndpi_no_prefs | ndpi_enable_tcp_ack_payload_heuristic; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 24 /* 8 is enough for most protocols, Signal and SnapchatCall require more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; static u_int32_t pcap_analysis_duration = (u_int32_t)-1; |