diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dropbox.c | 26 | ||||
| -rw-r--r-- | src/lib/protocols/eaq.c | 10 | ||||
| -rw-r--r-- | src/lib/protocols/skype.c | 17 |
3 files changed, 38 insertions, 15 deletions
diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d981c76b3..39bb96ff2 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -48,14 +48,24 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if(packet->udp != NULL) { u_int16_t dropbox_port = htons(DB_LSP_PORT); - if((packet->udp->source == dropbox_port) - && (packet->udp->dest == dropbox_port)) { - if(payload_len > 2) { - if(strstr((const char *)packet->payload, "\"host_int\"") != NULL) { - - NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); - ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); - return; + if(packet->udp->dest == dropbox_port) { + if(packet->udp->source == dropbox_port) { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } + } + } else { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } } } } diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 2082b5263..8768cac6f 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -53,12 +53,15 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(packet->udp != NULL) { u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; - + if(flow->l4.udp.eaq_pkt_id == 0) flow->l4.udp.eaq_sequence = seq; else { if( (flow->l4.udp.eaq_sequence != seq) && - ((flow->l4.udp.eaq_sequence+1) != seq)) break; + ((flow->l4.udp.eaq_sequence+1) != seq)) + break; + else + flow->l4.udp.eaq_sequence = seq; } if(++flow->l4.udp.eaq_pkt_id == 4) { @@ -66,7 +69,8 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd NDPI_LOG_INFO(ndpi_struct, "found eaq\n"); ndpi_int_eaq_add_connection(ndpi_struct, flow); return; - } + } else + return; } } while(0); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index e544724a5..8a4eafca4 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -31,13 +31,16 @@ static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } - + +static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { + return(((a == c) || (b == c)) ? 1 : 0); +} + static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(flow->host_server_name[0] != '\0') return; @@ -46,10 +49,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s flow->l4.udp.skype_packet_id++; if(flow->l4.udp.skype_packet_id < 5) { + u_int16_t sport = ntohs(packet->udp->source); u_int16_t dport = ntohs(packet->udp->dest); /* skype-to-skype */ - if(dport != 1119) /* It can be confused with battle.net */ { + if(is_port(sport, dport, 1119) /* It can be confused with battle.net */ + || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */ + ) { + ; + } else { if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ @@ -57,11 +65,12 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ndpi_skype_report_protocol(ndpi_struct, flow); } } + return; } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; - // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; |