diff options
| author | Toni <matzeton@googlemail.com> | 2021-07-31 23:31:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-31 23:31:49 +0200 |
| commit | ad57af9f79b3c69e2312fda109b83ce132448fd7 (patch) | |
| tree | 4bab48b9376e324f369a2c6e3b4b9048a6818587 /src/lib | |
| parent | ce597b4806dd96d9b8d7d1e43560b9c85e71f80c (diff) | |
Improved RTSP detection and fixed HTTP false-positive. Fixes #1229. (#1266)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/http.c | 13 | ||||
| -rw-r--r-- | src/lib/protocols/rtsp.c | 3 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 647bd6c2b..a2dd25f3c 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -963,8 +963,17 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct NDPI_EXCLUDE_PROTO(ndpi_struct, flow); http_bitmask_exclude_other(flow); return; - } else - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_CATEGORY_WEB); + } else { + /* This check is required as RTSP is pretty similiar to HTTP (prevent false-positives). */ + if (strncmp((const char *)packet->payload + filename_start, + "rtsp://", ndpi_min(7, packet->payload_packet_len - filename_start)) == 0) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } else { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_CATEGORY_WEB); + } + } NDPI_LOG_DBG2(ndpi_struct, "Filename HTTP found: %d, we look for line info..\n", filename_start); diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 033c5c324..5a14f1d83 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -51,8 +51,8 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct { ndpi_parse_packet_line_info(ndpi_struct, flow); } + if (packet->parsed_lines > 0 && - LINE_STARTS(packet->line[0], "SETUP rtsp://") != 0 && LINE_ENDS(packet->line[0], "RTSP/1.0") != 0) { ndpi_int_rtsp_add_connection(ndpi_struct, flow); @@ -102,6 +102,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct return; } } + if (packet->udp != NULL && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && ((NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP) == 0) || (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP) == 0) |