diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-03 18:51:16 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-03 18:51:16 +0200 |
| commit | eed47acfc8532486a830404268def82cb0794f77 (patch) | |
| tree | e179f68dd6c15b84eea70963394fa14bd9b20c1d /src | |
| parent | 77ac58e553fd4efa311522ca349f939fb1212c94 (diff) | |
Skype_Teams, Mining, SnapchatCall: fix flow category (#1624)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/skype.c | 7 |
3 files changed, 15 insertions, 0 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3ef44037b..f8764b4b0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5542,6 +5542,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_CACHE); ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; + ndpi_fill_protocol_category(ndpi_str, flow, &ret); return(ret); } } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 61e7f6880..aafeb3397 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1598,8 +1598,15 @@ static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_stru (packet->payload[1] == 201 || /* RTCP, Receiver Report */ packet->payload[1] == 200 || /* RTCP, Sender Report */ is_valid_rtp_payload_type(packet->payload[1] & 0x7F)) /* RTP */) { + ndpi_protocol proto; + NDPI_LOG_DBG(ndpi_struct, "Found RTP/RTCP over QUIC\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI); + /* In "extra_eval" data path, if we change the classification, we need to update the category, too */ + proto.master_protocol = NDPI_PROTOCOL_QUIC; + proto.app_protocol = NDPI_PROTOCOL_SNAPCHAT_CALL; + proto.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; + ndpi_fill_protocol_category(ndpi_struct, flow, &proto); } else { /* Unexpected traffic pattern: we should investigate it... */ NDPI_LOG_INFO(ndpi_struct, "To investigate...\n"); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 8fb4b195b..6fece0e63 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -54,7 +54,14 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ } if (detected) { + ndpi_protocol proto; + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + /* In "extra_eval" data path, if we change the classification, we need to update the category, too */ + proto.master_protocol = NDPI_PROTOCOL_UNKNOWN; + proto.app_protocol = NDPI_PROTOCOL_SKYPE_TEAMS; + proto.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; + ndpi_fill_protocol_category(ndpi_struct, flow, &proto); flow->extra_packets_func = NULL; /* Stop checking extra packets */ |