diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-12-11 23:07:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-11 23:07:35 +0100 |
| commit | 5704e4c1425ae86f38f8eed9342ad98a58ff6665 (patch) | |
| tree | 49d813e28b532eedc28439aa2129ffb6527783c1 /src/lib/protocols/stun.c | |
| parent | 2edbe3c11f4435716eccd709c845bbc286cc2bd0 (diff) | |
STUN: add detection of ZOOM peer-to-peer flows (#1825)
See: "Enabling Passive Measurement of Zoom Performance in Production Networks"
https://dl.acm.org/doi/pdf/10.1145/3517745.3561414
Diffstat (limited to 'src/lib/protocols/stun.c')
| -rw-r--r-- | src/lib/protocols/stun.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index a06612b28..28f740180 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -31,6 +31,7 @@ // #define DEBUG_STUN 1 // #define DEBUG_LRU 1 +// #define DEBUG_ZOOM_LRU 1 #define STUN_HDR_LEN 20 /* STUN message header length, Classic-STUN (RFC 3489) and STUN (RFC 8489) both */ @@ -52,6 +53,36 @@ u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { /* ************************************************************ */ +int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + u_int16_t when; + u_int32_t key; + + if(ndpi_struct->stun_zoom_cache && + flow->l4_proto == IPPROTO_UDP) { + key = get_stun_lru_key(flow, 0); /* Src */ +#ifdef DEBUG_ZOOM_LRU + printf("[LRU ZOOM] Search %u [src_port %u]\n", key, ntohs(flow->c_port)); +#endif + + if(ndpi_lru_find_cache(ndpi_struct->stun_zoom_cache, key, + &when, 0 /* Don't remove it as it can be used for other connections */)) { + u_int16_t tdiff = ((flow->last_packet_time_ms /1000) & 0xFFFF) - when; + +#ifdef DEBUG_ZOOM_LRU + printf("[LRU ZOOM] Found, diff %d\n", tdiff); +#endif + + if(tdiff < 60 /* sec */) + return 1; + } + } + return 0; +} + +/* ************************************************************ */ + static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int app_proto) { @@ -107,6 +138,18 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd } } + /* TODO: extend to other protocols? */ + if(ndpi_struct->stun_zoom_cache && + app_proto == NDPI_PROTOCOL_ZOOM && + flow->l4_proto == IPPROTO_UDP) { + u_int32_t key = get_stun_lru_key(flow, 0); /* Src */ +#ifdef DEBUG_ZOOM_LRU + printf("[LRU ZOOM] ADDING %u [src_port %u]\n", key, ntohs(flow->c_port)); +#endif + ndpi_lru_add_to_cache(ndpi_struct->stun_zoom_cache, key, + (flow->last_packet_time_ms / 1000) & 0xFFFF /* 16 bit */); + } + ndpi_set_detected_protocol(ndpi_struct, flow, app_proto, NDPI_PROTOCOL_STUN, confidence); } @@ -278,6 +321,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #endif switch(attribute) { + case 0x0101: case 0x0103: *app_proto = NDPI_PROTOCOL_ZOOM; return(NDPI_IS_STUN); |