diff options
| author | Toni <matzeton@googlemail.com> | 2023-10-17 22:13:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-17 22:13:02 +0200 |
| commit | 01f384f7ff3a989c7765b880cdd8456a682bfb7c (patch) | |
| tree | 061d46aa199a85360192daf80856d1fbf2acb9d8 /src | |
| parent | 32b0aeea59dd5a7425b28ae50fd890ae852a0a97 (diff) | |
Improved Steam detection by adding steamdiscover pattern. (#2105)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/steam.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 682628bab..f58238479 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -254,6 +254,21 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru } } +static void ndpi_check_steamdiscover(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + const u_int32_t payload_len = packet->payload_packet_len; + const u_int64_t signature = ndpi_ntohll(0xffffffff214c5fa0); + + if (payload_len < 8) + return; + + if (get_u_int64_t(packet->payload, 0) != signature) + return; + + NDPI_LOG_INFO(ndpi_struct, "found STEAM (steamdiscover)\n"); + ndpi_int_steam_add_connection(ndpi_struct, flow); +} + static void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; @@ -274,6 +289,8 @@ static void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, return; ndpi_check_steam_udp3(ndpi_struct, flow); + + ndpi_check_steamdiscover(ndpi_struct, flow); } else { /* Break after 10 packets. */ if(flow->packet_counter > 10) { |