STUN: fix flow risks when DTLS packets are found (#2266)

When switching to (D)TLS dissector from the STUN one, we need to clear any flow risks set from the latter (because we don't have anymore `NDPI_PROTOCOL_STUN` in the classification results)
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2024-01-19 08:57:39 +0100
committer: GitHub <noreply@github.com> 2024-01-19 08:57:39 +0100
commit: c83698c957b3ebc21d9e5bc78928e5140f79c0f1 (patch)
tree: 43fd655023621979a7f2dde1b8f2fbb6a59d31a5 /src
parent: 6ac2ce84f8737bf4b22167cce9313cee3efff5c1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index ddb42c980..b68740c04 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -440,6 +440,8 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
             /* TODO: right way? It is a bit scary... do we need to reset something else too? */
             reset_detected_protocol(ndpi_struct, flow);
             change_category(ndpi_struct, flow, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED);
+	    /* STUN often triggers this risk; clear it. TODO: clear other risks? */
+	    ndpi_unset_risk(ndpi_struct, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
 
             /* Give room for DTLS handshake, where we might have
                retransmissions and fragments */
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2024-01-19 08:57:39 +0100
committer	GitHub <noreply@github.com>	2024-01-19 08:57:39 +0100
commit	c83698c957b3ebc21d9e5bc78928e5140f79c0f1 (patch)
tree	43fd655023621979a7f2dde1b8f2fbb6a59d31a5 /src
parent	6ac2ce84f8737bf4b22167cce9313cee3efff5c1 (diff)