diff options
Diffstat (limited to 'src/lib/protocols/stun.c')
| -rw-r--r-- | src/lib/protocols/stun.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d6e7090d3..4d4fec6db 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -311,6 +311,9 @@ static void parse_xor_ip_port_attribute(struct ndpi_detection_module_struct *ndp } } } + +/* ***************************************************** */ + int is_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t *app_proto) @@ -325,9 +328,8 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t magic_cookie; u_int32_t transaction_id[3]; - if(payload_length < STUN_HDR_LEN) { - return 0; - } + if(payload_length < STUN_HDR_LEN) + return(-1); /* Some really old/legacy stuff */ if(strncmp((const char *)payload, "RSP/", 4) == 0 && @@ -365,20 +367,21 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp) { if(msg_len + STUN_HDR_LEN > payload_length) return 0; + payload_length = msg_len + STUN_HDR_LEN; } if(msg_type == 0 || (msg_len + STUN_HDR_LEN != payload_length)) { NDPI_LOG_DBG(ndpi_struct, "Invalid msg_type = %04X or len %d %d\n", msg_type, msg_len, payload_length); - return 0; + return -1; } /* https://www.iana.org/assignments/stun-parameters/stun-parameters.xhtml */ if(((msg_type & 0x3EEF) > 0x000B) && msg_type != 0x0800 && msg_type != 0x0801 && msg_type != 0x0802) { NDPI_LOG_DBG(ndpi_struct, "Invalid msg_type = %04X\n", msg_type); - return 0; + return -1; } if(magic_cookie != 0x2112A442) { @@ -582,6 +585,8 @@ int is_stun(struct ndpi_detection_module_struct *ndpi_struct, return 1; } +/* ***************************************************** */ + static int keep_extra_dissection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -965,7 +970,8 @@ static void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, s { struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t app_proto; - + int rc; + NDPI_LOG_DBG(ndpi_struct, "search stun\n"); app_proto = NDPI_PROTOCOL_UNKNOWN; @@ -977,13 +983,15 @@ static void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, s return; } - if(is_stun(ndpi_struct, flow, &app_proto)) { + rc = is_stun(ndpi_struct, flow, &app_proto); + + if(rc == 1) { ndpi_int_stun_add_connection(ndpi_struct, flow, app_proto, __get_master(flow)); return; } /* TODO: can we stop earlier? */ - if(flow->packet_counter > 10) + if((rc == -1) || (flow->packet_counter > 8)) NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } |