Improved WeChat support

Removed Musical.ly protocol as the service has been merged with another one and thus it is no longer used Improved guess for UDP protocols
author: Luca Deri <deri@ntop.org> 2018-11-19 18:24:33 +0100
committer: Luca Deri <deri@ntop.org> 2018-11-19 18:24:33 +0100
commit: 582da8d4bb00ed6be656451fbd6ebde6719c5ce2 (patch)
tree: 78b76dbeae19d5d686e7d112e1cd5a405353048d /src/lib/protocols
parent: 153766917891cd0d4abebc9035bbb427d3a9fbc1 (diff)
3 files changed, 38 insertions, 15 deletions
diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c
index d981c76b3..39bb96ff2 100644
--- a/src/lib/protocols/dropbox.c
+++ b/src/lib/protocols/dropbox.c
@@ -48,14 +48,24 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct,
   if(packet->udp != NULL) {
     u_int16_t dropbox_port = htons(DB_LSP_PORT);
 
-    if((packet->udp->source == dropbox_port)
-       && (packet->udp->dest == dropbox_port)) {
-      if(payload_len > 2) {
-	if(strstr((const char *)packet->payload, "\"host_int\"") != NULL) {
-	  
-	  NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
-	  ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
-	  return;
+    if(packet->udp->dest == dropbox_port) {    
+      if(packet->udp->source == dropbox_port) {	
+	if(payload_len > 10) {
+	  if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) {
+	    
+	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+	    return;
+	  }
+	}
+      } else {
+	if(payload_len > 10) {
+	  if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) {
+	    
+	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+	    return;
+	  }
 	}
       }
     }
diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c
index 2082b5263..8768cac6f 100644
--- a/src/lib/protocols/eaq.c
+++ b/src/lib/protocols/eaq.c
@@ -53,12 +53,15 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
       
     if(packet->udp != NULL) {
       u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3];
-      
+
       if(flow->l4.udp.eaq_pkt_id == 0)
         flow->l4.udp.eaq_sequence = seq;
       else {
         if( (flow->l4.udp.eaq_sequence != seq) &&
-	    ((flow->l4.udp.eaq_sequence+1) != seq)) break;
+	    ((flow->l4.udp.eaq_sequence+1) != seq))
+	  break;
+	else
+	  flow->l4.udp.eaq_sequence = seq;
       }
 
       if(++flow->l4.udp.eaq_pkt_id == 4) {
@@ -66,7 +69,8 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
         NDPI_LOG_INFO(ndpi_struct, "found eaq\n");
         ndpi_int_eaq_add_connection(ndpi_struct, flow);
         return;
-      }
+      } else
+	return;
     }
   } while(0);
 
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index e544724a5..8a4eafca4 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -31,13 +31,16 @@ static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi
   NDPI_LOG_INFO(ndpi_struct, "found skype\n");
   ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE);
 }
-    
+
+static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) {
+  return(((a == c) || (b == c)) ? 1 : 0);
+}
+
 static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &flow->packet;
   // const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
 
-
   if(flow->host_server_name[0] != '\0')
     return;
 
@@ -46,10 +49,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
     flow->l4.udp.skype_packet_id++;
 
     if(flow->l4.udp.skype_packet_id < 5) {
+      u_int16_t sport = ntohs(packet->udp->source);
       u_int16_t dport = ntohs(packet->udp->dest);
 
       /* skype-to-skype */
-      if(dport != 1119) /* It can be confused with battle.net */ {
+      if(is_port(sport, dport, 1119) /* It can be confused with battle.net */
+	 || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */
+	 ) {
+	;
+      } else {
 	if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) ||
 	   ((payload_len >= 16)
 	    && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
@@ -57,11 +65,12 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
 	  ndpi_skype_report_protocol(ndpi_struct, flow);
 	}
       }
+      
       return;
     }
+    
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;
-
     // TCP check
   } else if(packet->tcp != NULL) {
     flow->l4.tcp.skype_packet_id++;
author	Luca Deri <deri@ntop.org>	2018-11-19 18:24:33 +0100
committer	Luca Deri <deri@ntop.org>	2018-11-19 18:24:33 +0100
commit	582da8d4bb00ed6be656451fbd6ebde6719c5ce2 (patch)
tree	78b76dbeae19d5d686e7d112e1cd5a405353048d /src/lib/protocols
parent	153766917891cd0d4abebc9035bbb427d3a9fbc1 (diff)