diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-11-10 22:56:57 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-11-14 22:56:57 +0100 |
| commit | a87ee8e8f1a95dc7fb5a7f528426e95b9429f58c (patch) | |
| tree | 30c6145b25ffb8beefe3a87c5bb0a22f17d08fe1 /src | |
| parent | 9e73d61fb0454a143dea6faa4a665c6b7875e195 (diff) | |
Improved Teamspeak3 License/Weblist detection.improved/ts3-license-weblist
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/teamspeak.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index 6dfe89f75..1a3acdb22 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -42,6 +42,7 @@ void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, str { NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK udp\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + return; } } else if(packet->tcp != NULL) { /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */ @@ -51,12 +52,48 @@ void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, str { NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK tcp\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + return; } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ } } + if (packet->udp != NULL) + { + if (packet->payload_packet_len == 16 && + packet->payload[0] == 0x01 && packet->payload[3] == 0x02 && + get_u_int32_t(packet->payload, 11) == 0x00000000 && packet->payload[15] == 0x00) + { + goto ts3_license_weblist; + } + + if ((packet->payload_packet_len == 4 || packet->payload_packet_len == 8) && + packet->payload[0] == 0x01 && packet->payload[3] == 0x01) + { + goto ts3_license_weblist; + } + + if (packet->payload_packet_len == 5 && + packet->payload[0] == 0x01 && packet->payload[3] == 0x02 && + packet->payload[4] == 0x00) + { + goto ts3_license_weblist; + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; + +ts3_license_weblist: + if (flow->packet_counter == 3) + { + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK license/weblist\n"); + ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + return; + } + if (flow->packet_counter >= 3) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } } void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, |