Extend protocols support (#1422)

Add detection of AccuWeather site/app and Google Classroom.
Improve detection of Azure, Zattoo, Whatsapp, MQTT and LDAP.

Fix some RX false positives.

Fix some "Uncommon TLS ALPN"-risk false positives.

Fix "confidence" value for some Zoom/Torrent classifications.

Minor fix in Lua script for Wireshark extcap.

Update .gitignore file.

Let GitHub correctly detect the language type of *.inc files.

Zattoo example has been provided by @subhajit-cdot in #1148.

1 files changed, 10 insertions, 1 deletions

diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c
index ae58fd71e..3462d07b8 100644
--- a/src/lib/protocols/ldap.c
+++ b/src/lib/protocols/ldap.c
@@ -62,7 +62,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n
 			}
 		}
 		// normal type
-		if (packet->payload[1] == 0x84 && packet->payload_packet_len >= 0x84 &&
+		if (packet->payload[1] == 0x84 &&
 			packet->payload[2] == 0x00 && packet->payload[3] == 0x00 && packet->payload[6] == 0x02) {
 
 			if (packet->payload[7] == 0x01 &&
@@ -82,6 +82,15 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n
 				ndpi_int_ldap_add_connection(ndpi_struct, flow);
 				return;
 			}
+
+			if (packet->payload[7] == 0x03 &&
+				(packet->payload[11] == 0x60 || packet->payload[11] == 0x61 || packet->payload[11] == 0x63 ||
+				 packet->payload[11] == 0x64 || packet->payload[11] == 0x65) && packet->payload[12] == 0x84) {
+
+				NDPI_LOG_INFO(ndpi_struct, "found ldap type 3\n");
+				ndpi_int_ldap_add_connection(ndpi_struct, flow);
+				return;
+			}
 		}
 	}