diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/msn.c | 26 | ||||
| -rw-r--r-- | src/lib/protocols/vnc.c | 21 |
2 files changed, 22 insertions, 25 deletions
diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 204e2bfe6..2f5b6c468 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -448,22 +448,20 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "msn 7.\n"); - if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { - if (packet->tcp->source == htons(443) || packet->tcp->dest == htons(443)) { - if (packet->payload_packet_len > 300) { - - if (memcmp(&packet->payload[40], "INVITE MSNMSGR", 14) == 0 - || memcmp(&packet->payload[56], "INVITE MSNMSGR", 14) == 0 - || memcmp(&packet->payload[172], "INVITE MSNMSGR", 14) == 0) { - ndpi_int_msn_add_connection(ndpi_struct, flow); - - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n"); - return; - } - } + if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { + if (memcmp(&packet->payload[0], "MSG ", 4) == 0 + || memcmp(&packet->payload[0], "PNG", 3) == 0 + || memcmp(&packet->payload[0], "QNG ", 4) == 0 + || memcmp(&packet->payload[0], "OUT", 3) == 0 + || memcmp(&packet->payload[0], "RNG ", 4) == 0 + || memcmp(&packet->payload[0], "NLN ", 4) == 0 + || memcmp(&packet->payload[0], "UBX ", 4) == 0 + || memcmp(&packet->payload[0], "XFR ", 4) == 0) { + ndpi_int_msn_add_connection(ndpi_struct, flow); + + NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN detected\n"); return; } - /* For non port 443 flows exclude flow bitmask after first packet itself */ } NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp excluded.\n"); ndpi_msn_exclude: diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index 6315a2aa5..ff0f6c6fa 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -34,23 +34,22 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if(flow->l4.tcp.vnc_stage == 0) { - if(packet->payload_packet_len == 12 && - (memcmp(packet->payload, "RFB 003.003", 11) == 0 && packet->payload[11] == 0x0a) || - (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) || - (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || - (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a)) { - + if((packet->payload_packet_len == 12) && + ((memcmp(packet->payload, "RFB 003.003", 11) == 0 && packet->payload[11] == 0x0a) || + (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) || + (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || + (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a))) { NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "reached vnc stage one\n"); flow->l4.tcp.vnc_stage = 1 + packet->packet_direction; return; } } else if(flow->l4.tcp.vnc_stage == 2 - packet->packet_direction) { - if(packet->payload_packet_len == 12 && - (memcmp(packet->payload, "RFB 003.003", 11) == 0 && packet->payload[11] == 0x0a) || - (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) || - (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || - (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a)) { + if((packet->payload_packet_len == 12) && + ((memcmp(packet->payload, "RFB 003.003", 11) == 0 && packet->payload[11] == 0x0a) || + (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) || + (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || + (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a))) { NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "found vnc\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN); |