Add Meraki Cloud protocol and improve other protocols (#1854)

Avoid some LineCall and Jabber false positives. Detect Discord mid flows. Fix Bittorrent detection.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-01-17 11:38:39 +0100
committer: GitHub <noreply@github.com> 2023-01-17 11:38:39 +0100
commit: 470eaa6ff388435d7233ff2680e3ea013068d1fe (patch)
tree: 1351de4b75ed046ae3a136a1870fdf2a6fd983d0 /src/lib/protocols/line.c
parent: 29be01ef3a111fe467eb59876864574c168560df (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/protocols/line.c b/src/lib/protocols/line.c
index 64cb7253b..e7e7f422b 100644
--- a/src/lib/protocols/line.c
+++ b/src/lib/protocols/line.c
@@ -65,8 +65,13 @@ void ndpi_search_line(struct ndpi_detection_module_struct *ndpi_struct,
         if((u_int8_t)(flow->l4.udp.line_base_cnt[packet->packet_direction] +
                       flow->l4.udp.line_pkts[packet->packet_direction]) == packet->payload[3]) {
           flow->l4.udp.line_pkts[packet->packet_direction] += 1;
-          if(flow->l4.udp.line_pkts[0] >= 4 && flow->l4.udp.line_pkts[1] >= 4)
-            ndpi_int_line_add_connection(ndpi_struct, flow);
+          if(flow->l4.udp.line_pkts[0] >= 4 && flow->l4.udp.line_pkts[1] >= 4) {
+            /* To avoid false positives: usually "base pkt numbers" per-direction are different */
+            if(flow->l4.udp.line_base_cnt[0] != flow->l4.udp.line_base_cnt[1])
+              ndpi_int_line_add_connection(ndpi_struct, flow);
+            else
+              NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+	  }
           return;
         }
       }
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-01-17 11:38:39 +0100
committer	GitHub <noreply@github.com>	2023-01-17 11:38:39 +0100
commit	470eaa6ff388435d7233ff2680e3ea013068d1fe (patch)
tree	1351de4b75ed046ae3a136a1870fdf2a6fd983d0 /src/lib/protocols/line.c
parent	29be01ef3a111fe467eb59876864574c168560df (diff)