diff options
| author | valentina <valentina@ntop.org> | 2015-09-20 23:22:48 +0200 |
|---|---|---|
| committer | valentina <valentina@ntop.org> | 2015-09-20 23:22:48 +0200 |
| commit | b383475282c4566d33e516bdfeead2244cf3c1a1 (patch) | |
| tree | 9f9e670a9b11ca3f10398fe7b2fa567f307587c3 /src/lib/protocols/dcerpc.c | |
| parent | ce7866a6a69ca0219ce79e4c130e6784da21b323 (diff) | |
Fixed DCE_RPC protocol when the port is different to default port (135)
Diffstat (limited to 'src/lib/protocols/dcerpc.c')
| -rw-r--r-- | src/lib/protocols/dcerpc.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index 2537afd56..ec96d1287 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -18,7 +18,7 @@ * * You should have received a copy of the GNU Lesser General Public License * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * + * */ @@ -35,20 +35,23 @@ static void ndpi_int_dcerpc_add_connection(struct ndpi_detection_module_struct void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - if((packet->tcp != NULL) - && (packet->payload_packet_len > 64) - && ((ntohs(packet->tcp->source) == 135) || (ntohs(packet->tcp->dest) == 135)) + u_int16_t len_packet = (packet->payload[9]<<8) | packet->payload[8]; + + if((packet->tcp != NULL) + && (packet->payload_packet_len >= 64) && (packet->payload[0] == 0x05) /* version 5 */ && (packet->payload[2] < 16) /* Packet type */ - ) { - NDPI_LOG(NDPI_PROTOCOL_DCERPC, ndpi_struct, NDPI_LOG_DEBUG, "DCERPC match\n"); + && (len_packet == packet->payload_packet_len) /* Packet Length */ + ) { + NDPI_LOG(NDPI_PROTOCOL_DCERPC, ndpi_struct, NDPI_LOG_DEBUG, "DCERPC match\n"); ndpi_int_dcerpc_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC); + if(packet->payload_packet_len>1){ + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC); + } } |