diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-10-15 12:05:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-15 12:05:22 +0200 |
| commit | 8299f5abab3aed58e7f85080f235c2767a87ac22 (patch) | |
| tree | 116164be0819154e2c5ee6581d9890919f364264 /src | |
| parent | 521d0ca7a0196889f5452a2e725f8e01ddf79efb (diff) | |
STUN: fix monitoring of Whatsapp and Zoom flows (#2590)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/stun.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 7207c1b9f..cbb5eb1f0 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -625,9 +625,6 @@ static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struc if(flow->monitoring) return 1; - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_ZOOM) - return 0; - if(flow->num_extra_packets_checked + 1 == flow->max_extra_packets_to_check) { if(is_monitoring_enabled(ndpi_struct, NDPI_PROTOCOL_STUN)) { NDPI_LOG_DBG(ndpi_struct, "Enabling monitoring (end extra dissection)\n"); @@ -657,8 +654,9 @@ static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struc return 0; } - /* Exception WA: only relayed and mapped address attributes */ + /* Exception WA: only relayed and mapped address attributes but we keep looking for RTP packets */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_WHATSAPP_CALL && + flow->detected_protocol_stack[1] == NDPI_PROTOCOL_SRTP && (flow->stun.mapped_address.port || !ndpi_struct->cfg.stun_mapped_address_enabled) && (flow->stun.relayed_address.port || !ndpi_struct->cfg.stun_relayed_address_enabled)) { if(is_monitoring_enabled(ndpi_struct, NDPI_PROTOCOL_STUN)) { @@ -669,6 +667,16 @@ static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struc return 0; } + /* Exception Zoom: no metadata */ + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_ZOOM) { + if(is_monitoring_enabled(ndpi_struct, NDPI_PROTOCOL_STUN)) { + NDPI_LOG_DBG(ndpi_struct, "Enabling monitor (zoom case)\n"); + flow->monitoring = 1; + return 1; + } + return 0; + } + return 1; } @@ -702,7 +710,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct, * same msg split across multiple segments */ if(packet->payload_packet_len == 0) - return 1; + return keep_extra_dissection(ndpi_struct, flow); first_byte = packet->payload[0]; |