diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-09-09 21:57:31 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-09-09 21:57:31 +0200 |
| commit | 8ca13bc46aa14a108290e887d7c0930422bca009 (patch) | |
| tree | b4b3befbc76e09d6dba0f990ca9cf338a740aabe /src/lib | |
| parent | 601928cc8ee1788098ea3dcdc4180b75b380bc84 (diff) | |
Improved Teamspeak(3) protocol detection.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/teamspeak.c | 68 |
1 files changed, 25 insertions, 43 deletions
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index 0fb538e36..a2a1002ff 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -24,7 +24,7 @@ #include "ndpi_api.h" static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) + *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMSPEAK, NDPI_PROTOCOL_UNKNOWN); } @@ -36,56 +36,38 @@ void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, str NDPI_LOG_DBG(ndpi_struct, "search teamspeak\n"); - -#ifdef WEAK_DETECTION_CODE_DISABLED - if(packet->udp != NULL) { - u_int16_t udport, usport; - - usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); - - /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ - if(((usport == 9987 || udport == 9987) || (usport == 8767 || udport == 8767)) && packet->payload_packet_len >= 20) { - NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK udp\n"); - ndpi_int_teamspeak_add_connection(ndpi_struct, flow); - } - } - else -#endif - - if(packet->tcp != NULL) { -#if WEAK_DETECTION_CODE_DISABLED - u_int16_t tdport, tsport; - tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); -#endif - /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */ - if(packet->payload_packet_len >= 20) { - if(((memcmp(packet->payload, "\xf4\xbe\x03\x00", 4) == 0)) || - ((memcmp(packet->payload, "\xf4\xbe\x02\x00", 4) == 0)) || - ((memcmp(packet->payload, "\xf4\xbe\x01\x00", 4) == 0))) { - NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK tcp\n"); - ndpi_int_teamspeak_add_connection(ndpi_struct, flow); - } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ + if (packet->payload_packet_len >= 20) { + if (packet->udp != NULL) { + if (memcmp(packet->payload, "TS3INIT1", strlen("TS3INIT1")) == 0) + { + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK udp\n"); + ndpi_int_teamspeak_add_connection(ndpi_struct, flow); } -#if WEAK_DETECTION_CODE_DISABLED - else if((tsport == 14534 || tdport == 14534) || (tsport == 51234 || tdport == 51234)) { - NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK\n"); - ndpi_int_teamspeak_add_connection(ndpi_struct, flow); - } -#endif + } else if(packet->tcp != NULL) { + /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */ + if(((memcmp(packet->payload, "\xf4\xbe\x03\x00", 4) == 0)) || + ((memcmp(packet->payload, "\xf4\xbe\x02\x00", 4) == 0)) || + ((memcmp(packet->payload, "\xf4\xbe\x01\x00", 4) == 0))) + { + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK tcp\n"); + ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ } - + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } -void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("TeamSpeak", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_TEAMSPEAK, - ndpi_search_teamspeak, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); + NDPI_PROTOCOL_TEAMSPEAK, + ndpi_search_teamspeak, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); *id += 1; } |