Remove some useless checks (#1993)

In the main dissector callbacks the flow protocols are (almost) always unknown. Only two exceptions: * extra dissection data path * HTTP sub-protocols
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-05-28 12:59:18 +0200
committer: GitHub <noreply@github.com> 2023-05-28 12:59:18 +0200
commit: 7ce14da0c8c06967013503187081fa3a146ab8bb (patch)
tree: 0bd13c3aa54abf10d3901ef2f9f8d1435b912d88 /src/lib/protocols
parent: 6da3474203fc2ff5981f6c73f7ad02fa81138166 (diff)
18 files changed, 150 insertions, 214 deletions
diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c
index 49e1cf2ef..62bcd834a 100644
--- a/src/lib/protocols/amazon_video.c
+++ b/src/lib/protocols/amazon_video.c
@@ -60,9 +60,7 @@ static void ndpi_search_amazon_video(struct ndpi_detection_module_struct *ndpi_s
 			      struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search amazon_video\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_AMAZON_VIDEO)
-    ndpi_check_amazon_video(ndpi_struct, flow);
+  ndpi_check_amazon_video(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c
index 7f1916251..f44d457b4 100644
--- a/src/lib/protocols/apple_push.c
+++ b/src/lib/protocols/apple_push.c
@@ -89,9 +89,7 @@ static void ndpi_search_apple_push(struct ndpi_detection_module_struct *ndpi_str
 {
   NDPI_LOG_DBG(ndpi_struct, "search apple_push\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_APPLE_PUSH)
-    ndpi_check_apple_push(ndpi_struct, flow);
+  ndpi_check_apple_push(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c
index 66cd2fdd6..97370ca92 100644
--- a/src/lib/protocols/bjnp.c
+++ b/src/lib/protocols/bjnp.c
@@ -17,17 +17,15 @@ static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, st
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
 
-  if(packet->udp != NULL) {
-    if(payload_len > 4) {
-      if((memcmp((const char *)packet->payload, "BJNP", 4) == 0)
-	 || (memcmp((const char *)packet->payload, "BNJB", 4) == 0)
-	 || (memcmp((const char *)packet->payload, "BJNB", 4) == 0)
-	 || (memcmp((const char *)packet->payload, "MFNP", 4) == 0)
-	 ) {
-	    NDPI_LOG_INFO(ndpi_struct, "found bjnp\n");
-	    ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0);
-	    return;
-	  }
+  if(payload_len > 4) {
+    if((memcmp((const char *)packet->payload, "BJNP", 4) == 0)
+       || (memcmp((const char *)packet->payload, "BNJB", 4) == 0)
+       || (memcmp((const char *)packet->payload, "BJNB", 4) == 0)
+       || (memcmp((const char *)packet->payload, "MFNP", 4) == 0)
+      ) {
+      NDPI_LOG_INFO(ndpi_struct, "found bjnp\n");
+      ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0);
+      return;
     }
   }
 
@@ -38,10 +36,7 @@ static void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   NDPI_LOG_DBG(ndpi_struct, "search bjnp\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_BJNP) {
-    ndpi_check_bjnp(ndpi_struct, flow);
-  }
+  ndpi_check_bjnp(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c
index ccb3af0d7..9bfe58e63 100644
--- a/src/lib/protocols/citrix.c
+++ b/src/lib/protocols/citrix.c
@@ -61,9 +61,7 @@ static void ndpi_search_citrix(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search citrix\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_CITRIX)
-    ndpi_check_citrix(ndpi_struct, flow);
+  ndpi_check_citrix(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c
index af4bc819c..27d2daf8b 100644
--- a/src/lib/protocols/dropbox.c
+++ b/src/lib/protocols/dropbox.c
@@ -40,28 +40,24 @@ static void ndpi_int_dropbox_add_connection(struct ndpi_detection_module_struct
 static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-  // const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
+  u_int16_t dropbox_port = htons(DB_LSP_PORT);
 
-  if(packet->udp != NULL) {
-    u_int16_t dropbox_port = htons(DB_LSP_PORT);
-
-    if(packet->udp->dest == dropbox_port) {    
-      if(packet->udp->source == dropbox_port) {	
-	if(payload_len > 10) {
-	  if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) {	    
-	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
-	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
-	    return;
-	  }
+  if(packet->udp->dest == dropbox_port) {    
+    if(packet->udp->source == dropbox_port) {	
+      if(payload_len > 10) {
+        if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) {	    
+          NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+          ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+          return;
 	}
-      } else {
-	if(payload_len > 10) {
-	  if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) {	    
-	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
-	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
-	    return;
-	  }
+      }
+    } else {
+      if(payload_len > 10) {
+        if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) {	    
+          NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+          ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+          return;
 	}
       }
     }
@@ -74,10 +70,7 @@ static void ndpi_search_dropbox(struct ndpi_detection_module_struct *ndpi_struct
 {
   NDPI_LOG_DBG(ndpi_struct, "search dropbox\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_DROPBOX) {
-    ndpi_check_dropbox(ndpi_struct, flow);
-  }
+  ndpi_check_dropbox(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c
index 4dcc85ec9..bd870afb3 100644
--- a/src/lib/protocols/edonkey.c
+++ b/src/lib/protocols/edonkey.c
@@ -201,10 +201,7 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct,
 static void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search EDONKEY\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) {
-    ndpi_check_edonkey(ndpi_struct, flow);
-  }
+  ndpi_check_edonkey(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 34c37ddf0..86e6491c2 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -589,80 +589,76 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str
 				   struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
-
-  /* Check connection over TCP */
-  if(packet->tcp) {
-    u_int16_t twentyfive = htons(25);
+  u_int16_t twentyfive = htons(25);
     
-    /* Exclude SMTP, which uses similar commands. */
-    if(packet->tcp->dest == twentyfive || packet->tcp->source == twentyfive) {
-      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-      return;
-    }
-
-    /* Break after 8 packets. */
-    if(flow->packet_counter > 8) {
-      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-      return;
-    }
+  /* Exclude SMTP, which uses similar commands. */
+  if(packet->tcp->dest == twentyfive || packet->tcp->source == twentyfive) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
 
-    /* Check if we so far detected the protocol in the request or not. */
-    if(flow->ftp_control_stage == 0) {
-      NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n");
+  /* Break after 8 packets. */
+  if(flow->packet_counter > 8) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
 
-      if((payload_len > 0) && ndpi_ftp_control_check_request(ndpi_struct,
-							     flow, packet->payload, payload_len)) {
-	NDPI_LOG_DBG2(ndpi_struct,
-		      "Possible FTP_CONTROL request detected, we will look further for the response..\n");
+  /* Check if we so far detected the protocol in the request or not. */
+  if(flow->ftp_control_stage == 0) {
+    NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n");
 
-	/* 
-	   Encode the direction of the packet in the stage, so we will know when we need
-	   to look for the response packet. 
-	*/
-	flow->ftp_control_stage = packet->packet_direction + 1;
-      }
-    } else {
-      NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage);
+    if((payload_len > 0) && ndpi_ftp_control_check_request(ndpi_struct,
+							   flow, packet->payload, payload_len)) {
+      NDPI_LOG_DBG2(ndpi_struct,
+		    "Possible FTP_CONTROL request detected, we will look further for the response..\n");
 
-      /*
-	At first check, if this is for sure a response packet (in another direction.
-	If not, do nothing now and return. 
+      /* 
+	Encode the direction of the packet in the stage, so we will know when we need
+	to look for the response packet. 
       */
-      if((flow->ftp_control_stage - packet->packet_direction) == 1) {
-	return;
-      }
+      flow->ftp_control_stage = packet->packet_direction + 1;
+    }
+  } else {
+    NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage);
+
+    /*
+      At first check, if this is for sure a response packet (in another direction.
+      If not, do nothing now and return. 
+    */
+    if((flow->ftp_control_stage - packet->packet_direction) == 1) {
+      return;
+    }
       
-      /* This is a packet in another direction. Check if we find the proper response. */
-      if((payload_len > 0) && ndpi_ftp_control_check_response(flow, packet->payload, payload_len)) {
-	NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n");
+    /* This is a packet in another direction. Check if we find the proper response. */
+    if((payload_len > 0) && ndpi_ftp_control_check_response(flow, packet->payload, payload_len)) {
+      NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n");
 
 #ifdef FTP_DEBUG
-	printf("%s() [user: %s][pwd: %s]\n", __FUNCTION__,
-	       flow->l4.tcp.ftp_imap_pop_smtp.username, flow->l4.tcp.ftp_imap_pop_smtp.password);
+      printf("%s() [user: %s][pwd: %s]\n", __FUNCTION__,
+             flow->l4.tcp.ftp_imap_pop_smtp.username, flow->l4.tcp.ftp_imap_pop_smtp.password);
 #endif
 
-	if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' &&
-	   flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0 &&
-	   flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) {
-	  flow->ftp_control_stage = 0;
-	} else if (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 &&
-		   ndpi_struct->opportunistic_tls_ftp_enabled) {
-	  flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */
-	  /* Switch classification to FTPS */
-	  ndpi_set_detected_protocol(ndpi_struct, flow,
-				     NDPI_PROTOCOL_FTPS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	  NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
-		       flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
-	  /* We are done (in FTP dissector): delegating TLS... */
-	  switch_extra_dissection_to_tls(ndpi_struct, flow);
-	} else {
-	  ndpi_int_ftp_control_add_connection(ndpi_struct, flow);
-	}
-      } else {
-	NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, "
-		      "resetting the stage to 0\n");
+      if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' &&
+	 flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0 &&
+	 flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) {
 	flow->ftp_control_stage = 0;
+      } else if (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 &&
+		 ndpi_struct->opportunistic_tls_ftp_enabled) {
+	flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */
+	/* Switch classification to FTPS */
+	ndpi_set_detected_protocol(ndpi_struct, flow,
+				   NDPI_PROTOCOL_FTPS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+	NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
+		     flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
+	/* We are done (in FTP dissector): delegating TLS... */
+	switch_extra_dissection_to_tls(ndpi_struct, flow);
+      } else {
+	ndpi_int_ftp_control_add_connection(ndpi_struct, flow);
       }
+    } else {
+      NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, "
+		    "resetting the stage to 0\n");
+      flow->ftp_control_stage = 0;
     }
   }
 }
@@ -673,10 +669,7 @@ static void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_st
 				    struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search FTP_CONTROL\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_FTP_CONTROL) {
-    ndpi_check_ftp_control(ndpi_struct, flow);
-  }
+  ndpi_check_ftp_control(ndpi_struct, flow);
 }
 
 /* *************************************************************** */
diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c
index a0c461774..a226d9ebf 100644
--- a/src/lib/protocols/gtp.c
+++ b/src/lib/protocols/gtp.c
@@ -67,7 +67,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int32_t payload_len = packet->payload_packet_len;
 
-  if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) {
+  if(payload_len > sizeof(struct gtp_header_generic)) {
     u_int32_t gtp_u  = ntohs(2152);
     u_int32_t gtp_c  = ntohs(2123);
     u_int32_t gtp_prime = ntohs(3386);
@@ -122,9 +122,7 @@ static void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, st
 {
   NDPI_LOG_DBG(ndpi_struct, "search gtp\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_GTP)
-    ndpi_check_gtp(ndpi_struct, flow);
+  ndpi_check_gtp(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c
index 0c4180be4..780a9cd9c 100644
--- a/src/lib/protocols/lisp.c
+++ b/src/lib/protocols/lisp.c
@@ -76,12 +76,7 @@ static void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   NDPI_LOG_DBG(ndpi_struct, "search lisp\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) {
- 
-      ndpi_check_lisp(ndpi_struct, flow);
-   
-  }
+  ndpi_check_lisp(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c
index 77e84e731..0c48bb19c 100644
--- a/src/lib/protocols/radius.c
+++ b/src/lib/protocols/radius.c
@@ -41,8 +41,7 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct,
   // const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
 
-  if(packet->udp != NULL &&
-     (packet->udp->dest == htons(RADIUS_PORT) || packet->udp->source == htons(RADIUS_PORT) ||
+  if((packet->udp->dest == htons(RADIUS_PORT) || packet->udp->source == htons(RADIUS_PORT) ||
       packet->udp->dest == htons(RADIUS_PORT_ACC) || packet->udp->source == htons(RADIUS_PORT_ACC) ||
       packet->udp->dest == htons(RADIUS_PORT_ACC_ALTERNATIVE) || packet->udp->source == htons(RADIUS_PORT_ACC_ALTERNATIVE))) {
     struct radius_header *h = (struct radius_header*)packet->payload;
@@ -69,9 +68,7 @@ static void ndpi_search_radius(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search radius\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RADIUS)
-    ndpi_check_radius(ndpi_struct, flow);
+  ndpi_check_radius(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c
index 1891d86d9..17c43db04 100644
--- a/src/lib/protocols/redis_net.c
+++ b/src/lib/protocols/redis_net.c
@@ -76,10 +76,7 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s
 static void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search Redis\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_REDIS) {
-    ndpi_check_redis(ndpi_struct, flow);
-  }
+  ndpi_check_redis(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c
index db0c7bcaf..914e1bef8 100644
--- a/src/lib/protocols/rtmp.c
+++ b/src/lib/protocols/rtmp.c
@@ -83,10 +83,7 @@ static void ndpi_search_rtmp(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   NDPI_LOG_DBG(ndpi_struct, "search RTMP\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RTMP) {
-    ndpi_check_rtmp(ndpi_struct, flow);
-  }
+  ndpi_check_rtmp(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index d0d3c8060..bec650f25 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -43,59 +43,56 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
   if(flow->host_server_name[0] != '\0')
     return;
   
-  if(packet->udp != NULL) {    
-
-    if(flow->packet_counter < 5) {
-      u_int16_t sport = ntohs(packet->udp->source);
-      u_int16_t dport = ntohs(packet->udp->dest);
-
-      /* skype-to-skype */
-      if(is_port(sport, dport, 1119) /* It can be confused with battle.net */
-	 || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */
-	 ) {
-	;
-      } else {
-	/* Too many false positives */
-	if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d))
-	   ||
-	   ((payload_len >= 16)
-	    && (((packet->payload[0] & 0xC0) >> 6) == 0x02 /* RTPv2 */
-		|| (((packet->payload[0] & 0xF0) >> 4) == 0 /* Zoom */)
-		|| (((packet->payload[0] & 0xF0) >> 4) == 0x07 /* Skype */)
-		)
-	    && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
-	    && (packet->payload[0] != 0x00) /* Avoid invalid CAPWAP detection */
-	    && (packet->payload[2] == 0x02))) {
-
-	  if(is_port(sport, dport, 8801)) {
-	    NDPI_LOG_INFO(ndpi_struct, "found ZOOM (in SKYPE_TEAMS code)\n");
-	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZOOM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	  } else if (payload_len >= 16 && packet->payload[0] != 0x01) /* Avoid invalid Cisco HSRP detection / RADIUS */ {
-	    NDPI_LOG_INFO(ndpi_struct, "found SKYPE_TEAMS\n");
-	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS_CALL, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_CONFIDENCE_DPI);
-	  }
+  if(flow->packet_counter < 5) {
+    u_int16_t sport = ntohs(packet->udp->source);
+    u_int16_t dport = ntohs(packet->udp->dest);
+
+    /* skype-to-skype */
+    if(is_port(sport, dport, 1119) /* It can be confused with battle.net */
+       || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */
+      ) {
+      ;
+    } else {
+      /* Too many false positives */
+      if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d))
+	 ||
+	 ((payload_len >= 16)
+	  && (((packet->payload[0] & 0xC0) >> 6) == 0x02 /* RTPv2 */
+	      || (((packet->payload[0] & 0xF0) >> 4) == 0 /* Zoom */)
+	      || (((packet->payload[0] & 0xF0) >> 4) == 0x07 /* Skype */)
+	     )
+	  && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
+	  && (packet->payload[0] != 0x00) /* Avoid invalid CAPWAP detection */
+	  && (packet->payload[2] == 0x02))) {
+
+	if(is_port(sport, dport, 8801)) {
+	  NDPI_LOG_INFO(ndpi_struct, "found ZOOM (in SKYPE_TEAMS code)\n");
+	  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZOOM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+	} else if (payload_len >= 16 && packet->payload[0] != 0x01) /* Avoid invalid Cisco HSRP detection / RADIUS */ {
+	  NDPI_LOG_INFO(ndpi_struct, "found SKYPE_TEAMS\n");
+	  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS_CALL, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_CONFIDENCE_DPI);
 	}
+      }
 
-        if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-          const uint8_t id_flags_iv_crc_len = 11;
-          const uint8_t crc_len = sizeof(flow->l4.udp.skype_crc);
-          const uint8_t crc_offset = id_flags_iv_crc_len - crc_len;
-
-          /* Look for two pkts with the same crc */
-          if((payload_len >= id_flags_iv_crc_len) &&
-             (packet->payload[2] == 0x02 /* Payload flag */ )) {
-            if(flow->packet_counter == 1) {
-              memcpy(flow->l4.udp.skype_crc, &packet->payload[crc_offset], crc_len);
-            } else {
-              if(memcmp(flow->l4.udp.skype_crc, &packet->payload[crc_offset], crc_len) == 0) {
-                NDPI_LOG_INFO(ndpi_struct, "found SKYPE_TEAMS\n");
-                ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-                return;
-              }
+      if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+        const uint8_t id_flags_iv_crc_len = 11;
+        const uint8_t crc_len = sizeof(flow->l4.udp.skype_crc);
+        const uint8_t crc_offset = id_flags_iv_crc_len - crc_len;
+
+        /* Look for two pkts with the same crc */
+        if((payload_len >= id_flags_iv_crc_len) &&
+           (packet->payload[2] == 0x02 /* Payload flag */ )) {
+          if(flow->packet_counter == 1) {
+            memcpy(flow->l4.udp.skype_crc, &packet->payload[crc_offset], crc_len);
+          } else {
+            if(memcmp(flow->l4.udp.skype_crc, &packet->payload[crc_offset], crc_len) == 0) {
+              NDPI_LOG_INFO(ndpi_struct, "found SKYPE_TEAMS\n");
+              ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+              return;
             }
-            /* No idea if the two pkts need to be consecutive; in doubt wait for some more pkts */
-            return;
           }
+          /* No idea if the two pkts need to be consecutive; in doubt wait for some more pkts */
+          return;
         }
       }
     }
@@ -109,9 +106,7 @@ static void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search skype\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SKYPE_TEAMS)
-    ndpi_check_skype(ndpi_struct, flow);
+  ndpi_check_skype(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c
index 7bc73af2e..6845ecaf2 100644
--- a/src/lib/protocols/socks45.c
+++ b/src/lib/protocols/socks45.c
@@ -121,13 +121,10 @@ static void ndpi_search_socks(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search SOCKS\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS) {
-    ndpi_check_socks4(ndpi_struct, flow);
+  ndpi_check_socks4(ndpi_struct, flow);
 
-    if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS)
-      ndpi_check_socks5(ndpi_struct, flow);
-  }
+  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS)
+    ndpi_check_socks5(ndpi_struct, flow);
 }
 
 void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c
index 6dd63a868..b27394245 100644
--- a/src/lib/protocols/spotify.c
+++ b/src/lib/protocols/spotify.c
@@ -72,10 +72,7 @@ static void ndpi_search_spotify(struct ndpi_detection_module_struct *ndpi_struct
 {
   NDPI_LOG_DBG(ndpi_struct, "search spotify\n");
 
-  /* skip marked packets */
-  if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_SPOTIFY) {
-    ndpi_check_spotify(ndpi_struct, flow);
-  }
+  ndpi_check_spotify(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c
index 6b0e29276..e37bbb021 100644
--- a/src/lib/protocols/vhua.c
+++ b/src/lib/protocols/vhua.c
@@ -43,7 +43,6 @@ static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, st
 
   /* Break after 3 packets. */
   if((flow->packet_counter > 3)
-     || (packet->udp == NULL)
      || (packet->payload_packet_len < sizeof(p0))) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
   } else if(memcmp(packet->payload, p0, sizeof(p0)) == 0) {
@@ -54,10 +53,7 @@ static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, st
 static void ndpi_search_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search VHUA\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_VHUA) {
-    ndpi_check_vhua(ndpi_struct, flow);
-  }
+  ndpi_check_vhua(ndpi_struct, flow);
 }
 
 
diff --git a/src/lib/protocols/vxlan.c b/src/lib/protocols/vxlan.c
index fef0f539a..413030812 100644
--- a/src/lib/protocols/vxlan.c
+++ b/src/lib/protocols/vxlan.c
@@ -30,7 +30,7 @@ static void ndpi_check_vxlan(struct ndpi_detection_module_struct *ndpi_struct, s
 {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
 
-  if((packet->udp != NULL) && (packet->payload_packet_len >= sizeof(struct ndpi_vxlanhdr))) {
+  if(packet->payload_packet_len >= sizeof(struct ndpi_vxlanhdr)) {
 
     /*
     *rfc-7348 vxlan header
@@ -60,9 +60,7 @@ static void ndpi_search_vxlan(struct ndpi_detection_module_struct *ndpi_struct,
 {
   NDPI_LOG_DBG(ndpi_struct, "search vxlan\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_VXLAN)
-    ndpi_check_vxlan(ndpi_struct, flow);
+  ndpi_check_vxlan(ndpi_struct, flow);
 }
 
 void init_vxlan_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c
index 6f86b856c..124bd4cc7 100644
--- a/src/lib/protocols/zeromq.c
+++ b/src/lib/protocols/zeromq.c
@@ -84,10 +84,7 @@ static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, str
 static void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   NDPI_LOG_DBG(ndpi_struct, "search ZMQ\n");
 
-  /* skip marked packets */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_ZMQ) {
-    ndpi_check_zmq(ndpi_struct, flow);
-  }
+  ndpi_check_zmq(ndpi_struct, flow);
 }
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-05-28 12:59:18 +0200
committer	GitHub <noreply@github.com>	2023-05-28 12:59:18 +0200
commit	7ce14da0c8c06967013503187081fa3a146ab8bb (patch)
tree	0bd13c3aa54abf10d3901ef2f9f8d1435b912d88 /src/lib/protocols
parent	6da3474203fc2ff5981f6c73f7ad02fa81138166 (diff)