1 files changed, 39 insertions, 18 deletions

diff --git a/src/lib/protocols/ethereum.c b/src/lib/protocols/ethereum.c
index bf9da6bfb..5aaafc641 100644
--- a/src/lib/protocols/ethereum.c
+++ b/src/lib/protocols/ethereum.c
@@ -25,6 +25,14 @@
 #include "ndpi_api.h"
 #include "ndpi_private.h"
 
+enum ether_disc_packet_type {
+  DISC_PING = 0x01,
+  DISC_PONG = 0x02,
+  DISC_FINDNODE = 0x03,
+  DISC_NEIGHBOURS = 0x04,
+  DISC_ENRREQUEST = 0x05,
+  DISC_ENRRESPONSE = 0x06
+};
 
 /* ************************************************************************** */
 
@@ -50,34 +58,47 @@ static void ndpi_ether_cache_connection(struct ndpi_detection_module_struct *ndp
 
 /* ************************************************************************** */
 
+/*
+* https://github.com/ethereum/devp2p/blob/master/discv4.md
+*/
+static bool ndpi_ether_is_discv4(const struct ndpi_packet_struct *packet) {
+  u_int16_t source = ntohs(packet->udp->source);
+  u_int16_t dest = ntohs(packet->udp->dest);
+  if((packet->payload_packet_len > 98)
+   && (packet->payload_packet_len < 1280)
+   && ((source == 30303) || (dest == 30303)) /*one way to remove default port is to compute packet hash and use it for verification*/
+   ) {
+    uint8_t packet_type = packet->payload[97];
+    switch(packet_type) {
+    case DISC_PING:
+    case DISC_PONG:
+    case DISC_FINDNODE:
+    case DISC_NEIGHBOURS:
+    case DISC_ENRREQUEST:
+    case DISC_ENRRESPONSE:
+      return true;
+    default:
+      return false;
+    }
+  }
+  return false;
+}
+
+/* ************************************************************************** */
+
 static void ndpi_search_ethereum_udp(struct ndpi_detection_module_struct *ndpi_struct,
 				   struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-  u_int16_t source = ntohs(packet->udp->source);
-  u_int16_t dest = ntohs(packet->udp->dest);
 
   NDPI_LOG_DBG(ndpi_struct, "search ETHEREUM UDP\n");
-
-  /* 
-     Ethereum P2P Discovery Protocol
-     https://github.com/ConsenSys/ethereum-dissectors/blob/master/packet-ethereum-disc.c
-  */
-  if((packet->payload_packet_len > 98)
-     && (packet->payload_packet_len < 1280)
-     && ((source == 30303) || (dest == 30303))
-     && (packet->payload[97] <= 0x04 /* NODES */)
-     ) {
-    if((packet->iph) && ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0xFF000000))
-      ;
-    else if(packet->iphv6 && ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000)
-      ;
-    else {
+  if((packet->iph && ((ntohl(packet->iph->daddr) & 0xFF000000) != 0xFF000000 /* 255.0.0.0 */))
+      ||(packet->iphv6 && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) != 0xFF020000 /* ff02:: */))) {
+    if(ndpi_ether_is_discv4(packet) /*|| ndpi_is_discv5(packet)*/) { 
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ETHEREUM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
       ndpi_ether_cache_connection(ndpi_struct, flow);
       return;
     }
   }
-  
   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }