Fixes Viber false positive detection

author: Luca Deri <deri@ntop.org> 2024-08-19 18:27:06 +0200
committer: Luca Deri <deri@ntop.org> 2024-08-19 18:27:06 +0200
commit: 5610145c6c2f0aebd6adee7717145ab44c29f848 (patch)
tree: 7e28b5af41df3be6a7451082ccde6ca5e7a7fb93 /src/lib
parent: 5d33312be7352e005f5f91491d3bb1e8feaea52b (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index 00cfae96a..69741abff 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -42,6 +42,14 @@ static void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct,
   
   NDPI_LOG_DBG(ndpi_struct, "search for Viber\n");
 
+  if(packet->udp && packet->iph) {
+    /* ignore broadcast as this isn't viber */
+    if((packet->iph->saddr == 0xFFFFFFFF) || (packet->iph->daddr == 0xFFFFFFFF)) {
+      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+      return;
+    }
+  }
+
   if (packet->tcp != NULL)
   {
     NDPI_LOG_DBG2(ndpi_struct, "searching Viber over tcp\n");
@@ -76,8 +84,7 @@ static void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct,
         || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00)
         || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00)
         || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00)
-       ))
-    {
+       )) {
       viber_add_connection(ndpi_struct, flow);
       return;
     }
author	Luca Deri <deri@ntop.org>	2024-08-19 18:27:06 +0200
committer	Luca Deri <deri@ntop.org>	2024-08-19 18:27:06 +0200
commit	5610145c6c2f0aebd6adee7717145ab44c29f848 (patch)
tree	7e28b5af41df3be6a7451082ccde6ca5e7a7fb93 /src/lib
parent	5d33312be7352e005f5f91491d3bb1e8feaea52b (diff)