RTP/STUN: look for STUN packets after RTP/RTCP classification (#2465)

After a flow has been classified as RTP or RTCP, nDPI might analyse more packets to look for STUN/DTLS packets, i.e. to try to tell if this flow is a "pure" RTP/RTCP flow or if the RTP/RTCP packets are multiplexed with STUN/DTLS. Useful for proper (sub)classification when the beginning of the flows are not captured or if there are lost packets in the the captured traffic. Disabled by default
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2024-06-07 13:12:04 +0200
committer: GitHub <noreply@github.com> 2024-06-07 13:12:04 +0200
commit: b90d39c4ac039464798a323ef96dc92262504852 (patch)
tree: 9e027c4631b2aa5cacf9447a6626b86b569675fc /src/include
parent: 070a0908b30c055bf0590fb0d10557c1acf70401 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index 36af7b277..a236c59ca 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -259,6 +259,8 @@ struct ndpi_detection_module_config_struct {
 
   int zoom_max_packets_extra_dissection;
 
+  int rtp_search_for_stun;
+
   NDPI_PROTOCOL_BITMASK debug_bitmask;
   NDPI_PROTOCOL_BITMASK ip_list_bitmask;
 
@@ -666,6 +668,7 @@ int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct
 int is_stun(struct ndpi_detection_module_struct *ndpi_struct,
             struct ndpi_flow_struct *flow,
             u_int16_t *app_proto);
+void switch_extra_dissection_to_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 
 /* TPKT */
 int tpkt_verify_hdr(const struct ndpi_packet_struct * const packet);
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2024-06-07 13:12:04 +0200
committer	GitHub <noreply@github.com>	2024-06-07 13:12:04 +0200
commit	b90d39c4ac039464798a323ef96dc92262504852 (patch)
tree	9e027c4631b2aa5cacf9447a6626b86b569675fc /src/include
parent	070a0908b30c055bf0590fb0d10557c1acf70401 (diff)