diff options
| -rw-r--r-- | src/lib/protocols/stun.c | 17 | ||||
| -rw-r--r-- | tests/pcap/stun_facebook.pcapng | bin | 0 -> 13492 bytes | |||
| -rw-r--r-- | tests/result/stun_facebook.pcapng.out | 7 |
3 files changed, 15 insertions, 9 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index f89239f7a..2f14639c9 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -346,17 +346,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int16_t realm_len = ntohs(*((u_int16_t*)&payload[offset+2])); if(flow->host_server_name[0] == '\0') { - u_int j, i = (realm_len > sizeof(flow->host_server_name)) ? sizeof(flow->host_server_name) : realm_len; + u_int i; u_int k = offset+4; - memset(flow->host_server_name, 0, sizeof(flow->host_server_name)); - - for(j=0; j<i; j++) { - if((k+i) < payload_length) - flow->host_server_name[j] = payload[k++]; - else - break; - } + i = ndpi_min(realm_len, sizeof(flow->host_server_name) - 1); + i = ndpi_min(i, payload_length - k); + memcpy(flow->host_server_name, payload + k, i); + flow->host_server_name[i] = '\0'; #ifdef DEBUG_STUN printf("==> [%s]\n", flow->host_server_name); @@ -368,6 +364,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } else if(strstr((char*) flow->host_server_name, "whispersystems.org") != NULL) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_SIGNAL; return(NDPI_IS_STUN); + } else if(strstr((char*) flow->host_server_name, "facebook") != NULL) { + flow->guessed_host_protocol_id = NDPI_PROTOCOL_MESSENGER; + return(NDPI_IS_STUN); } } } diff --git a/tests/pcap/stun_facebook.pcapng b/tests/pcap/stun_facebook.pcapng Binary files differnew file mode 100644 index 000000000..bb789c71d --- /dev/null +++ b/tests/pcap/stun_facebook.pcapng diff --git a/tests/result/stun_facebook.pcapng.out b/tests/result/stun_facebook.pcapng.out new file mode 100644 index 000000000..bf7b1dd27 --- /dev/null +++ b/tests/result/stun_facebook.pcapng.out @@ -0,0 +1,7 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 2 (2.00 pkts/flow) + +Messenger 75 10554 1 + + 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.157/STUN.Messenger][Encrypted][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Host: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |