diff options
| author | Luca Deri <deri@ntop.org> | 2020-05-06 01:34:55 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-05-06 01:34:55 +0200 |
| commit | 48282369e244afb91f4d322b3a9091ffec52af81 (patch) | |
| tree | 36eaeae91eae06800e2c958d21ffa4c9abd17636 /src | |
| parent | 7d63149ced191d1d646404a844c5ffd2d55dea14 (diff) | |
False positive fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 23 | ||||
| -rw-r--r-- | src/lib/protocols/h323.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/mssql_tds.c | 7 | ||||
| -rw-r--r-- | src/lib/third_party/include/ndpi_patricia.h | 3 |
4 files changed, 27 insertions, 14 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index df73918f0..681419669 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1816,8 +1816,10 @@ int ndpi_load_ipv4_ptree(struct ndpi_detection_module_struct *ndpi_str, cidr = strtok_r(NULL, "\n", &saveptr); pin.s_addr = inet_addr(addr); - if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, cidr ? atoi(cidr) : 32 /* bits */)) != NULL) - node->value.user_value = protocol_id, node->value.user_value2 = 0 /* port */, num_loaded++; + if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, cidr ? atoi(cidr) : 32 /* bits */)) != NULL) { + node->value.user_value = protocol_id; // node->value.additional_user_value = 0 /* port */; + num_loaded++; + } } } @@ -1840,8 +1842,9 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str, continue; pin.s_addr = htonl(host_list[i].network); - if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL) - node->value.user_value = host_list[i].value, node->value.user_value2 = 0; + if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL) { + node->value.user_value = host_list[i].value; // node->value.additional_user_value = 0; + } } } @@ -1880,8 +1883,9 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp inet_pton(AF_INET, value, &pin); - if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) - node->value.user_value = protocol_id, node->value.user_value2 = port; + if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) { + node->value.user_value = protocol_id; // node->value.additional_user_value = port; + } return(0); } @@ -4240,8 +4244,9 @@ int ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_str, const c return(-1); } - if((node = add_to_ptree(ndpi_str->custom_categories.ipAddresses_shadow, AF_INET, &pin, bits)) != NULL) - node->value.user_value = (u_int16_t)category, node->value.user_value2 = 0; + if((node = add_to_ptree(ndpi_str->custom_categories.ipAddresses_shadow, AF_INET, &pin, bits)) != NULL) { + node->value.user_value = (u_int16_t)category; // node->value.additional_user_value = 0; + } return(0); } @@ -6507,7 +6512,7 @@ int ndpi_ptree_insert(ndpi_ptree_t *tree, const ndpi_ip_addr_t *addr, node = ndpi_patricia_lookup(ptree, &prefix); if(node != NULL) { - node->value.user_value = user_data, node->value.user_value2 = 0; + node->value.user_value = user_data; // node->value.additional_user_value = 0; return(0); } diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 70e5a33c0..21ab1c472 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -25,7 +25,11 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_DBG(ndpi_struct, "search H323\n"); - if(packet->tcp != NULL) { + /* + The TPKT protocol is used by ISO 8072 (on port 102) + and H.323. So this check below is to avoid ambiguities + */ + if((packet->tcp != NULL) && (packet->tcp->dest != ntohs(102))) { NDPI_LOG_DBG2(ndpi_struct, "calculated dport over tcp\n"); /* H323 */ @@ -62,7 +66,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - } + } } else if(packet->udp != NULL) { sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); NDPI_LOG_DBG2(ndpi_struct, "calculated dport over udp\n"); diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 8e6b40c5b..06da37515 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -51,7 +51,12 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str NDPI_LOG_DBG(ndpi_struct, "search mssql_tds\n"); - if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { + if((packet->payload_packet_len < sizeof(struct tds_packet_header)) + /* + The TPKT protocol used by ISO 8072 (on port 102) is similar + to this potocol and it can cause false positives + */ + || (packet->tcp->dest == ntohs(102))) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h index 654869ba3..d28758e2c 100644 --- a/src/lib/third_party/include/ndpi_patricia.h +++ b/src/lib/third_party/include/ndpi_patricia.h @@ -104,8 +104,7 @@ union patricia_node_value_t { void *user_data; /* User-defined values */ - u_int16_t user_value; - u_int16_t user_value2; + u_int32_t user_value; }; typedef struct _patricia_node_t { |