diff options
| author | Toni <matzeton@googlemail.com> | 2022-11-15 08:59:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-15 08:59:45 +0100 |
| commit | b5e8d86def96fa86a8495070a477ce3b5ce71b49 (patch) | |
| tree | cc858bff345698019c6b2ae7b7c296b22f23e8a2 /src/lib | |
| parent | cd41ab7c8f4c5d20efff5c39a2f805277f6d8dc3 (diff) | |
Improved Teamspeak3 License/Weblist detection. (#1802)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/teamspeak.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index 6dfe89f75..1a3acdb22 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -42,6 +42,7 @@ void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, str { NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK udp\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + return; } } else if(packet->tcp != NULL) { /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */ @@ -51,12 +52,48 @@ void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, str { NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK tcp\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + return; } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ } } + if (packet->udp != NULL) + { + if (packet->payload_packet_len == 16 && + packet->payload[0] == 0x01 && packet->payload[3] == 0x02 && + get_u_int32_t(packet->payload, 11) == 0x00000000 && packet->payload[15] == 0x00) + { + goto ts3_license_weblist; + } + + if ((packet->payload_packet_len == 4 || packet->payload_packet_len == 8) && + packet->payload[0] == 0x01 && packet->payload[3] == 0x01) + { + goto ts3_license_weblist; + } + + if (packet->payload_packet_len == 5 && + packet->payload[0] == 0x01 && packet->payload[3] == 0x02 && + packet->payload[4] == 0x00) + { + goto ts3_license_weblist; + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; + +ts3_license_weblist: + if (flow->packet_counter == 3) + { + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK license/weblist\n"); + ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + return; + } + if (flow->packet_counter >= 3) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } } void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, |