diff options
Diffstat (limited to 'src/lib/protocols/nats.c')
| -rw-r--r-- | src/lib/protocols/nats.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/protocols/nats.c b/src/lib/protocols/nats.c index a036303e8..d93c11b76 100644 --- a/src/lib/protocols/nats.c +++ b/src/lib/protocols/nats.c @@ -51,10 +51,15 @@ void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct, for(i=0; commands[i] != NULL; i++) { char *match = ndpi_strnstr((const char *)packet->payload, commands[i], - packet->payload_packet_len); + ndpi_min(strlen(commands[i]), packet->payload_packet_len)); if(!match) continue; + /* These commands are used by POP3 too. To avoid false positives, look for the other ones */ + if((strcmp(commands[i], "+OK") == 0) || (strcmp(commands[i], "-ERR") == 0)) { + return; + } + if(ndpi_strnstr((const char *)match, "\r\n", packet->payload_packet_len - ((size_t)match - (size_t)packet->payload)) != NULL) { NDPI_LOG_INFO(ndpi_struct, "found NATS\n"); |