From 9a899c54c927bb6012ed39e42c9be9cd9c4c7151 Mon Sep 17 00:00:00 2001
From: Yağmur Oymak <yagmur.oymak@gmail.com>
Date: Wed, 24 Jul 2019 18:41:24 +0300
Subject: Harden WireGuard detection

Exploit the fixed size handshake messages and sender/receiver indices.
---
 src/include/ndpi_typedefs.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/include')

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 135d97574..f576834cc 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -662,6 +662,10 @@ struct ndpi_flow_udp_struct {
 
   /* NDPI_PROTOCOL_MEMCACHED */
   u_int8_t memcached_matches;
+
+  /* NDPI_PROTOCOL_WIREGUARD */
+  u_int8_t wireguard_stage;
+  u_int32_t wireguard_peer_index[2];
 }
 #ifndef WIN32
   __attribute__ ((__packed__))
-- 
cgit v1.2.3