diff options
| author | Luca Deri <deri@ntop.org> | 2023-06-12 23:29:20 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2023-06-12 23:29:20 +0200 |
| commit | b02adcc38105b83ce3e1a15096de4724920b9f50 (patch) | |
| tree | c2edd87ee9370f9324b6fa6740a0858376253d90 /src/lib/protocols | |
| parent | 4e284b5e40f08e708af9ddeb9ca04d9642636dcd (diff) | |
Added check to avoid skype heuristic false positives
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/skype.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index bec650f25..cfe102f99 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -78,7 +78,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s const uint8_t id_flags_iv_crc_len = 11; const uint8_t crc_len = sizeof(flow->l4.udp.skype_crc); const uint8_t crc_offset = id_flags_iv_crc_len - crc_len; - + /* Look for two pkts with the same crc */ if((payload_len >= id_flags_iv_crc_len) && (packet->payload[2] == 0x02 /* Payload flag */ )) { @@ -87,8 +87,13 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s } else { if(memcmp(flow->l4.udp.skype_crc, &packet->payload[crc_offset], crc_len) == 0) { NDPI_LOG_INFO(ndpi_struct, "found SKYPE_TEAMS\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - return; + + /* As there is some heuristic we need to double check before detecting the protocol */ + if((flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_MICROSOFT_AZURE) + || (flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_SKYPE_TEAMS)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; + } } } /* No idea if the two pkts need to be consecutive; in doubt wait for some more pkts */ |