diff options
| -rw-r--r-- | src/lib/protocols/stun.c | 14 | ||||
| -rw-r--r-- | tests/result/stun_dtls.pcapng.out | 4 |
2 files changed, 12 insertions, 6 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index f6e6f0592..e6526e144 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -49,9 +49,9 @@ u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev) { /* ************************************************************ */ -void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int proto, u_int app_proto) { +static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int proto, u_int app_proto) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; ndpi_confidence_t confidence = NDPI_CONFIDENCE_DPI; @@ -531,6 +531,12 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, packet->payload_packet_len) == NDPI_IS_STUN) { udp_stun_match: + + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE) + flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; + else if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_FACEBOOK) + flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; + if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; @@ -538,7 +544,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n flow->guessed_host_protocol_id = flow->guessed_protocol_id; flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; } - + ndpi_int_stun_add_connection(ndpi_struct, flow, flow->guessed_protocol_id, flow->guessed_host_protocol_id); diff --git a/tests/result/stun_dtls.pcapng.out b/tests/result/stun_dtls.pcapng.out index 18641645a..3b56eeda5 100644 --- a/tests/result/stun_dtls.pcapng.out +++ b/tests/result/stun_dtls.pcapng.out @@ -4,6 +4,6 @@ DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 134 (134.00 diss/flow) -Google 33 6292 1 +GoogleHangoutDuo 33 6292 1 - 1 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 78.126/STUN.Google][ClearText][Confidence: DPI][cat: Web/5][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 78.201/STUN.GoogleHangoutDuo][ClearText][Confidence: DPI][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] |