diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-04-06 09:32:57 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-06 09:32:57 +0200 |
| commit | 5c28dbbae24718aecd8ca36363059db81199b31b (patch) | |
| tree | 50b6ff636b74e6612a4c5e08ff162ea6ba89a0c6 /src/lib/protocols/h323.c | |
| parent | 25c111191189f64c4077f9d0609b0fdbdc12c4ad (diff) | |
H323: fix false positives (#1916)
Diffstat (limited to 'src/lib/protocols/h323.c')
| -rw-r--r-- | src/lib/protocols/h323.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index bb088b239..d0e4e8a20 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -68,9 +68,9 @@ static void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, s } } - flow->l4.tcp.h323_valid_packets++; + flow->h323_valid_packets++; - if(flow->l4.tcp.h323_valid_packets >= 2) { + if(flow->h323_valid_packets >= 2) { NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } @@ -103,9 +103,12 @@ static void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, s ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) { - NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - return; + /* This check is quite generic: let's check another packet...*/ + flow->h323_valid_packets++; + if(flow->h323_valid_packets >= 2) { + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + } } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; |