From 6f297332623cb3e377901160a388b9bd1165715e Mon Sep 17 00:00:00 2001 From: Toni Date: Tue, 6 Jul 2021 18:57:04 +0200 Subject: Improved RTSP via HTTP detection. (#1232) Signed-off-by: Toni Uhlig --- src/lib/ndpi_main.c | 1 + src/lib/protocols/rtsp.c | 9 +++++++++ tests/pcap/rtsp_setup_http.pcapng | Bin 0 -> 708 bytes tests/result/rtsp_setup_http.pcapng.out | 3 +++ 4 files changed, 13 insertions(+) create mode 100644 tests/pcap/rtsp_setup_http.pcapng create mode 100644 tests/result/rtsp_setup_http.pcapng.out diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d014da328..66102fbf2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -876,6 +876,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_HTTP, + NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_AIMINI, NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_GNUTELLA, NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_WORLDOFWARCRAFT, diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 2fcfffc61..435d09db5 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -47,6 +47,15 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); + if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP && + packet->parsed_lines > 0 && + LINE_STARTS(packet->line[0], "SETUP rtsp://") != 0 && + LINE_ENDS(packet->line[0], "RTSP/1.0") != 0) + { + ndpi_int_rtsp_add_connection(ndpi_struct, flow); + return; + } + if (flow->rtsprdt_stage == 0 && !(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTCP) ) { diff --git a/tests/pcap/rtsp_setup_http.pcapng b/tests/pcap/rtsp_setup_http.pcapng new file mode 100644 index 000000000..ba4a983df Binary files /dev/null and b/tests/pcap/rtsp_setup_http.pcapng differ diff --git a/tests/result/rtsp_setup_http.pcapng.out b/tests/result/rtsp_setup_http.pcapng.out new file mode 100644 index 000000000..06004c88e --- /dev/null +++ b/tests/result/rtsp_setup_http.pcapng.out @@ -0,0 +1,3 @@ +HTTP 1 233 1 + + 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50.7/RTSP.HTTP][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] -- cgit v1.2.3