diff options
| author | Luca Deri <deri@ntop.org> | 2024-12-13 23:32:16 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-12-13 23:32:16 +0100 |
| commit | 4d17dc635cac296ae2f526c1d56a90c6d60170d8 (patch) | |
| tree | b1507e2aea07802a2caeda90069b3cfd378125e2 /src/lib | |
| parent | 21493d5654484f6dd3427228832d02688789e47c (diff) | |
Telegram STUN improvement
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_utils.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 21 |
2 files changed, 23 insertions, 4 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 10634f9a0..70dea04ee 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1653,8 +1653,14 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, break; case NDPI_PROTOCOL_TLS: + ndpi_tls2json(serializer, flow); + break; + case NDPI_PROTOCOL_DTLS: ndpi_tls2json(serializer, flow); +#ifdef CUSTOM_NDPI_PROTOCOLS +#include "../../../nDPI-custom/ndpi_utils_dpi2json_dtls.c" +#endif break; #ifdef CUSTOM_NDPI_PROTOCOLS diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index ff4fe8805..515a4ba8c 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -675,12 +675,11 @@ static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struc /* We want extra dissection for: * sub-classification * metadata extraction (*-ADDRESS) or looking for RTP - At the moment: + * At the moment: * it seems ZOOM doens't have any meaningful attributes * we want (all) XOR-PEER-ADDRESS only for Telegram. * for the other protocols, we stop after we have all metadata (if enabled) - * for some specific protocol, we might know that some attributes - are never used + * for some specific protocol, we might know that some attributes are never used * if monitoring is enabled, keep looking for (S)RTP anyway **After** extra dissection is ended, we might move to monitoring. Note that: @@ -698,7 +697,21 @@ static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struc if(flow->stun.num_non_stun_pkt == 2) printf("%d %d\n", flow->stun.non_stun_pkt_len[0], flow->stun.non_stun_pkt_len[1]); #endif - } + } + } + + if(packet->payload_packet_len > 699) { + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) { + if((packet->payload[0] == 0x16) && (packet->payload[1] == 0xfe) + && ((packet->payload[2] == 0xff) /* DTLS 1.0 */ + || (packet->payload[2] == 0xfd) /* DTLS 1.2 */ )) + ; /* Skip DTLS */ + else { + /* STUN or RTP */ + /* This packet is too big to be audio: add video */ + flow->flow_multimedia_types |= ndpi_multimedia_video_flow; + } + } } if(flow->monitoring) |