Teamviewer: varius fixes (#2228)

We already have a generic (and up to date) logic to handle ip addresses:
remove that stale list.

Teamviewer uses TCP and UDP, both; we can't access `flow->l4.udp`.

According to a comment, we set the flow risk
`NDPI_DESKTOP_OR_FILE_SHARING_SESSION` only for the UDP flows.

2 files changed, 9 insertions, 34 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index af13a8fa8..792aea9ee 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -849,9 +849,6 @@ struct ndpi_flow_tcp_struct {
   /* NDPI_PROTOCOL_LOTUS_NOTES */
   u_int8_t lotus_notes_packet_id;
 
-  /* NDPI_PROTOCOL_TEAMVIEWER */
-  u_int8_t teamviewer_stage;
-
   /* NDPI_PROTOCOL_ZMQ */
   u_int8_t prev_zmq_pkt_len;
   u_char prev_zmq_pkt[10];
@@ -892,9 +889,6 @@ struct ndpi_flow_udp_struct {
   /* NDPI_PROTOCOL_SKYPE */
   u_int8_t skype_crc[4];
 
-  /* NDPI_PROTOCOL_TEAMVIEWER */
-  u_int8_t teamviewer_stage;
-
   /* NDPI_PROTOCOL_EAQ */
   u_int8_t eaq_pkt_id;
   u_int32_t eaq_sequence;
@@ -1455,6 +1449,8 @@ struct ndpi_flow_struct {
   /* NDPI_PROTOCOL_OOKLA */
   u_int8_t ookla_stage : 1;
 
+  /* NDPI_PROTOCOL_TEAMVIEWER */
+  u_int8_t teamviewer_stage : 3;
 
   /* NDPI_PROTOCOL_OPENVPN */
   u_int8_t ovpn_session_id[2][8];
diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c
index 4c0df2e61..4ed7f1269 100644
--- a/src/lib/protocols/teamviewer.c
+++ b/src/lib/protocols/teamviewer.c
@@ -43,32 +43,12 @@ static void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struc
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
 
   NDPI_LOG_DBG(ndpi_struct, "search teamwiewer\n");
-  /*
-    TeamViewer
-    178.77.120.0/25
-
-    http://myip.ms/view/ip_owners/144885/Teamviewer_Gmbh.html
-  */
-  if(packet->iph) {
-    u_int32_t src = ntohl(packet->iph->saddr);
-    u_int32_t dst = ntohl(packet->iph->daddr);
-
-    /* 95.211.37.195 - 95.211.37.203 */
-    if(((src >= 1607673283) && (src <= 1607673291))
-       || ((dst >= 1607673283) && (dst <= 1607673291))
-       || ((src & 0xFFFFFF80 /* 255.255.255.128 */) == 0xB24D7800 /* 178.77.120.0 */)
-       || ((dst & 0xFFFFFF80 /* 255.255.255.128 */) == 0xB24D7800 /* 178.77.120.0 */)
-       ) {
-      ndpi_int_teamview_add_connection(ndpi_struct, flow);
-      return;
-    }
-  }
 
   if (packet->udp != NULL) {
     if (packet->payload_packet_len > 13) {
       if (packet->payload[0] == 0x00 && packet->payload[11] == 0x17 && packet->payload[12] == 0x24) { /* byte 0 is a counter/seq number, and at the start is 0 */
-	flow->l4.udp.teamviewer_stage++;
-	if (flow->l4.udp.teamviewer_stage == 4 ||
+	flow->teamviewer_stage++;
+	if (flow->teamviewer_stage == 4 ||
 	    packet->udp->dest == ntohs(5938) || packet->udp->source == ntohs(5938)) {
 	  ndpi_int_teamview_add_connection(ndpi_struct, flow);
 	  ndpi_set_risk(ndpi_struct, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION, "Found TeamViewer"); /* Remote assistance (UDP only) */
@@ -80,19 +60,18 @@ static void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struc
   else if(packet->tcp != NULL) {
     if (packet->payload_packet_len > 2) {
       if (packet->payload[0] == 0x17 && packet->payload[1] == 0x24) {
-	flow->l4.udp.teamviewer_stage++;
-	if (flow->l4.udp.teamviewer_stage == 4 ||
+	flow->teamviewer_stage++;
+	if (flow->teamviewer_stage == 4 ||
 	    packet->tcp->dest == ntohs(5938) || packet->tcp->source == ntohs(5938)) {
 	  ndpi_int_teamview_add_connection(ndpi_struct, flow);
 	}
 	return;
       }
-      else if (flow->l4.udp.teamviewer_stage) {
+      else if (flow->teamviewer_stage) {
 	if (packet->payload[0] == 0x11 && packet->payload[1] == 0x30) {
-	  flow->l4.udp.teamviewer_stage++;
-	  if (flow->l4.udp.teamviewer_stage == 4) {
+	  flow->teamviewer_stage++;
+	  if (flow->teamviewer_stage == 4) {
 	    ndpi_int_teamview_add_connection(ndpi_struct, flow);
-	    ndpi_set_risk(ndpi_struct, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION, "Found TeamViewer"); /* Remote assistance (UDP only) */
 	  }
 	}
 	return;