From 5610145c6c2f0aebd6adee7717145ab44c29f848 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 19 Aug 2024 18:27:06 +0200
Subject: Fixes Viber false positive detection

---
 src/lib/protocols/viber.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index 00cfae96a..69741abff 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -42,6 +42,14 @@ static void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct,
   
   NDPI_LOG_DBG(ndpi_struct, "search for Viber\n");
 
+  if(packet->udp && packet->iph) {
+    /* ignore broadcast as this isn't viber */
+    if((packet->iph->saddr == 0xFFFFFFFF) || (packet->iph->daddr == 0xFFFFFFFF)) {
+      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+      return;
+    }
+  }
+
   if (packet->tcp != NULL)
   {
     NDPI_LOG_DBG2(ndpi_struct, "searching Viber over tcp\n");
@@ -76,8 +84,7 @@ static void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct,
         || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00)
         || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00)
         || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00)
-       ))
-    {
+       )) {
       viber_add_connection(ndpi_struct, flow);
       return;
     }
-- 
cgit v1.2.3