diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-07-13 13:47:17 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-07-13 14:22:28 +0200 |
| commit | b833b1f16fca513a36e22720553ccd9679773911 (patch) | |
| tree | 52516639956d30eff17ff3c0a7b5e903ee89524e /src/lib/protocols/skype.c | |
| parent | cccf794265dee24f25e16f21753972b20f7593c5 (diff) | |
Improved dnscrypt midstream detection.improved/dnscrypt
* fixed skype false-positive detection of dnscrypt traffic
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/protocols/skype.c')
| -rw-r--r-- | src/lib/protocols/skype.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 0c2c0f675..9e17f32a1 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -35,6 +35,15 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ const uint8_t crc_len = sizeof(flow->l4.udp.skype_crc); const uint8_t crc_offset = id_flags_iv_crc_len - crc_len; + if (flow->packet_counter > 2) + { + /* + * Process only one packet after the initial packet received. + * This is required to prevent fals-positives with other protocols e.g. dnscrypt. + */ + return 0; + } + if ((payload_len >= id_flags_iv_crc_len) && (packet->payload[2] == 0x02 /* Payload flag */ )) { u_int8_t detected = 1; |