diff options
| author | Luca Deri <deri@ntop.org> | 2018-08-16 15:23:30 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2018-08-16 15:23:30 +0200 |
| commit | 3091dc3c4880d3d51cc5a0df6004e941c24f9e28 (patch) | |
| tree | c13122dd112c4fd284c57cfc0e282fa360364585 /src | |
| parent | 01bf295a19c19dc4f521ee40f0c478c794e1b5e4 (diff) | |
Fix for #400
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 3 | ||||
| -rw-r--r-- | src/lib/protocols/directconnect.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/whatsapp.c | 23 |
3 files changed, 24 insertions, 5 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3d0eccab7..1a9924d36 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -475,6 +475,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_QQ */ u_int16_t qq_nxt_len; + /* NDPI_PROTOCOL_WHATSAPP */ + u_int8_t wa_matched_so_far; + /* NDPI_PROTOCOL_TDS */ u_int8_t tds_login_version; diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 6072c3697..5088685e4 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -78,8 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s const u_int8_t connection_type) { - struct ndpi_packet_struct *packet = &flow->packet; - + struct ndpi_packet_struct *packet = &flow->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index 6a98eac6b..6964a8e0e 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -33,12 +33,30 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search WhatsApp\n"); + if(flow->l4.tcp.wa_matched_so_far == 0) { + if(memcmp(packet->payload, whatsapp_sequence, packet->payload_packet_len)) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } else + flow->l4.tcp.wa_matched_so_far = packet->payload_packet_len; + + return; + } else { + if(memcmp(packet->payload, &whatsapp_sequence[flow->l4.tcp.wa_matched_so_far], + sizeof(whatsapp_sequence)-flow->l4.tcp.wa_matched_so_far)) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + else + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + + return; + } + if((packet->payload_packet_len > 240) && (memcmp(packet->payload, whatsapp_sequence, sizeof(whatsapp_sequence)) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found WhatsApp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); - } else - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -53,4 +71,3 @@ void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - |