diff options
| author | Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com> | 2024-03-20 14:13:32 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-20 12:13:32 +0100 |
| commit | 27f9ca9d045b318bb97e55a9a180ce838db9f90d (patch) | |
| tree | 03a68c6fb78168682af8550cf670ced78357b4c8 /src/lib/protocols/tencent_games.c | |
| parent | 15a80527c6392a35d5f074fbc39a1a90ee2353b6 (diff) | |
Improve TencentGames detection (#2353)
* Improve TencentGames detection
* Add more signatures
Diffstat (limited to 'src/lib/protocols/tencent_games.c')
| -rw-r--r-- | src/lib/protocols/tencent_games.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/lib/protocols/tencent_games.c b/src/lib/protocols/tencent_games.c index df40f5f8d..e10106d57 100644 --- a/src/lib/protocols/tencent_games.c +++ b/src/lib/protocols/tencent_games.c @@ -29,6 +29,14 @@ #include "ndpi_api.h" #include "ndpi_private.h" +static void ndpi_int_tencent_games_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found Tencent Games\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TENCENTGAMES, + NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); +} + static void ndpi_search_tencent_games(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -40,9 +48,29 @@ static void ndpi_search_tencent_games(struct ndpi_detection_module_struct *ndpi_ if (ntohl(get_u_int32_t(packet->payload, 0)) == 0x3366000B && ntohs(get_u_int16_t(packet->payload, 4)) == 0xB) { - NDPI_LOG_INFO(ndpi_struct, "found Tencent Games\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TENCENTGAMES, - NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); + return; + } + + if (ntohl(get_u_int32_t(packet->payload, 0)) == 0x4366AA00 && + ntohl(get_u_int32_t(packet->payload, 12)) == 0x10E68601) + { + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); + return; + } + + if (ntohl(get_u_int32_t(packet->payload, 0)) == 0xAA000000 && + ntohl(get_u_int32_t(packet->payload, 10)) == 0x10E68601) + { + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); + return; + } + + if (get_u_int16_t(packet->payload, 0) == 0 && + ntohs(get_u_int16_t(packet->payload, 2)) == (u_int16_t)(packet->payload_packet_len-4) && + ntohs(get_u_int16_t(packet->payload, 4)) == 0x7801) + { + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); return; } } |