diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-05-11 09:21:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-11 09:21:13 +0200 |
| commit | b116456fc5c10b3fe196da4b071faec4abbfec31 (patch) | |
| tree | a49c77aaa586782b62b20ac1fbebcd968169e549 /src/lib | |
| parent | a813121e0a7021cdbfd64630960b330a23b1a4d2 (diff) | |
Viber: add detection of voip calls and avoid false positives (#2434)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/viber.c | 13 |
3 files changed, 13 insertions, 6 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2752aa55f..e85f07718 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2304,6 +2304,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "iQIYI", NDPI_PROTOCOL_CATEGORY_STREAMING, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER_VOIP, + "ViberVoip", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d12a51843..d6e7090d3 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -511,6 +511,8 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, *app_proto = NDPI_PROTOCOL_ADULT_CONTENT; } else if(strstr(flow->host_server_name, "telegram") != NULL) { *app_proto = NDPI_PROTOCOL_TELEGRAM_VOIP; + } else if(strstr(flow->host_server_name, "viber") != NULL) { + *app_proto = NDPI_PROTOCOL_VIBER_VOIP; } } else flow->host_server_name[0] = '\0'; diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index ae0689ce1..3a1a57792 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -70,12 +70,13 @@ static void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, if((packet->udp != NULL) && (packet->payload_packet_len > 5)) { NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); - if((packet->payload[2] == 0x03 && packet->payload[3] == 0x00) - || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00) - || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00) - || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00) - || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00) - ) + if((flow->l4.udp.rtp_stage == 0) && (flow->l4.udp.rtcp_stage == 0) /* Avoid collisions with RTP/RTCP */ && + ((packet->payload[2] == 0x03 && packet->payload[3] == 0x00) + || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00) + || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00) + || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00) + || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00) + )) { viber_add_connection(ndpi_struct, flow); return; |