3 files changed, 75 insertions, 87 deletions

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 3f91e7a6d..f8956cb25 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1140,7 +1140,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
     custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323;
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STUN,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN,
 			    no_master,
 			    custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
@@ -4655,92 +4655,63 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod,
 
 /* ****************************************************** */
 
+static const char* categories[] = {
+   "Unspecified",
+   "Media",
+   "VPN",
+   "DataTransfer",
+   "Email",
+   "Download-FileTransfer-FileSharing",
+   "Web",
+   "SocialNetwork",
+   "Game",
+   "Chat",
+   "VoIP",
+   "Database",
+   "RemoteAccess",
+   "Cloud",
+   "Network",
+   "Collaborative",
+   "RPC",
+   "NetworkTool",
+   "System",
+   "SoftwareUpdate",
+   "",
+   "",
+   "",
+   "",
+   ""
+};
+
 const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod,
 				   ndpi_protocol_category_t category) {
-
   if(!ndpi_mod) return(NULL);
-  
-  switch(category) {
-  case NDPI_PROTOCOL_CATEGORY_MEDIA:
-    return("Media");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_VPN:
-    return("VPN");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER:
-    return("DataTransfer");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_MAIL:
-    return("Email");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT:
-    return("Download-FileTransfer-FileSharing");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_WEB:
-    return("Web");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK:
-    return("SocialNetwork");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_GAME:
-    return("Game");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CHAT:
-    return("Chat");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_VOIP:
-    return("VoIP");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_DATABASE:
-    return("Database");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS:
-    return("RemoteAccess");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CLOUD:
-    return("Cloud");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_NETWORK:
-    return("Network");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_COLLABORATIVE:
-    return("Collaborative");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_RPC:
-    return("RPC");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL:
-    return("NetworkTool");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_SYSTEM_OS:
-    return("System");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED:
-    return("Unspecified");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_SW_UPDATE:
-    return("SoftwareUpdate");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CUSTOM_1:
-    return(ndpi_mod->custom_category_labels[0]);
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CUSTOM_2:
-    return(ndpi_mod->custom_category_labels[1]);
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CUSTOM_3:
-    return(ndpi_mod->custom_category_labels[2]);
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CUSTOM_4:
-    return(ndpi_mod->custom_category_labels[3]);
-    break;
-  case NDPI_PROTOCOL_CATEGORY_CUSTOM_5:
-    return(ndpi_mod->custom_category_labels[4]);
-    break;
-  case NDPI_PROTOCOL_NUM_CATEGORIES:
-    return("Code should not use this internal constant");
-    break;
-  }
 
+  if(category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1)
+    return(categories[category]);
+  else {
+    switch(category) {
+    case NDPI_PROTOCOL_CATEGORY_CUSTOM_1:
+      return(ndpi_mod->custom_category_labels[0]);
+      break;
+    case NDPI_PROTOCOL_CATEGORY_CUSTOM_2:
+      return(ndpi_mod->custom_category_labels[1]);
+      break;
+    case NDPI_PROTOCOL_CATEGORY_CUSTOM_3:
+      return(ndpi_mod->custom_category_labels[2]);
+      break;
+    case NDPI_PROTOCOL_CATEGORY_CUSTOM_4:
+      return(ndpi_mod->custom_category_labels[3]);
+      break;
+    case NDPI_PROTOCOL_CATEGORY_CUSTOM_5:
+      return(ndpi_mod->custom_category_labels[4]);
+      break;
+    case NDPI_PROTOCOL_NUM_CATEGORIES:
+      return("Code should not use this internal constant");
+      break;
+    }
+  }
+  
   return("Unspecified");
 }
 
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index b9035e44a..3409c35f2 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -113,6 +113,8 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 {
   struct ndpi_packet_struct *packet = &flow->packet;
 
+  /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */
+  
   if((packet->udp != NULL)
      && (ntohs(packet->udp->source) > 1023)
      && (ntohs(packet->udp->dest) > 1023))
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index d44d9c26e..6a1d903ee 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -243,10 +243,19 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
     return NDPI_IS_NOT_STUN;
 
  udp_stun_found:
-  if(can_this_be_whatsapp_voice)
+  if(can_this_be_whatsapp_voice) {
     flow->num_stun_udp_pkts++;
 
-  return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN);
+    return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN);
+  } else {
+    /*
+      We cannot immediately say that this is STUN as there are other protocols
+      like GoogleHangout that might be candidates, thus we set the
+      guessed protocol to STUN      
+    */
+    flow->guessed_protocol_id = NDPI_PROTOCOL_STUN;
+    return(NDPI_IS_NOT_STUN);
+  }  
 }
 
 void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
@@ -289,6 +298,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n
       ndpi_int_stun_add_connection(ndpi_struct,
 				   is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow);
     }
+    
     return;
   }
 
@@ -296,11 +306,16 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n
     NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude stun.\n");
     NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STUN);
   }
+
+  if(flow->packet_counter > 0) {
+    /* This might be a RTP stream: let's make sure we check it */
+    NDPI_CLR(&flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
+  }
 }
 
 
-void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
+void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
+			 NDPI_PROTOCOL_BITMASK *detection_bitmask) {
   ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_STUN,
 				      ndpi_search_stun,