diff options
| author | Luca Deri <deri@ntop.org> | 2024-04-03 23:03:46 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-04-03 23:03:46 +0200 |
| commit | 9185c2ccc402d3368fc28ac90ab281b4f951719e (patch) | |
| tree | a687c66cdd24f6b8ebe52791c88faa1677cea1d5 /src | |
| parent | aacbc9e91868082f7751ddb79b4683efde6e0723 (diff) | |
Added support for STUN Mapped IP address
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 4 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 20 |
2 files changed, 23 insertions, 1 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 52645553e..935debb74 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1280,6 +1280,10 @@ struct ndpi_flow_struct { struct { u_int8_t maybe_dtls : 1, is_turn : 1, pad : 6; + struct { + u_int32_t ipv4; + u_int16_t port; + } mapped_address; } stun; struct { diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 4f25420a7..d0397a590 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -344,6 +344,8 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, case 0x4007: /* These are the only messages apparently whatsapp voice can use */ *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL; + flow->max_extra_packets_to_check = ndpi_struct->cfg.stun_max_packets_extra_dissection; + flow->extra_packets_func = stun_search_again; return 1; case 0x0014: /* Realm */ @@ -403,7 +405,22 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, packet->payload = orig_payload; packet->payload_packet_len = orig_payload_length; } + break; + + case 0x0020: /* XOR-MAPPED-ADDRESS */ + if(real_len <= payload_length - off - 12) { + u_int8_t protocol_family = payload[off+5]; + if(protocol_family == 0x01 /* IPv4 */) { + u_int16_t xored_port = ntohs(*((u_int16_t*)&payload[off+6])); + u_int32_t xored_ip = ntohl(*((u_int32_t*)&payload[off+8])); + u_int16_t port_xor = (magic_cookie >> 16) & 0xFFFF; + + flow->stun.mapped_address.port = xored_port ^ port_xor; + flow->stun.mapped_address.ipv4 = xored_ip ^ magic_cookie; + flow->extra_packets_func = NULL; /* We're good now */ + } + } break; default: @@ -428,7 +445,8 @@ static int keep_extra_dissection(struct ndpi_flow_struct *flow) return 0; /* Looking for XOR-PEER-ADDRESS metadata; TODO: other protocols? */ - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TELEGRAM_VOIP) + || (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_WHATSAPP_CALL)) return 1; return 0; } |