From 2c9ed8faaa12179897c3bbe713f0f72b56d4bba3 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 21 May 2025 16:43:50 +0200
Subject: ospf, ipsec: use different ids for protocols at layer3 (#2838)

Don't use the same id for the same protocol identified via L3 info or
via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port
2604)

Before:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
 79       79 IPSec                  UDP        X        Safe         VPN                500,4500                        500
 85       85 OSPF                              X        Acceptable   Network            -                               2604
```

After:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
 79       79 IPSec                  UDP        X        Safe         VPN                500,4500                        500
 85       85 IP_OSPF                           X        Acceptable   Network            -                               -
116      116 AH                                X        Safe         VPN                -                               -
117      117 ESP                               X        Safe         VPN                -                               -
184      184 OSPF                   TCP        X        Safe         Network            -                               2604
```
---
 src/lib/protocols/non_tcp_udp.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'src/lib/protocols/non_tcp_udp.c')

diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c
index a2f8b518e..d20efdfa9 100644
--- a/src/lib/protocols/non_tcp_udp.c
+++ b/src/lib/protocols/non_tcp_udp.c
@@ -45,8 +45,11 @@ static void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct
 
   switch (flow->l4_proto) {
   case NDPI_IPSEC_PROTOCOL_ESP:
+    set_protocol_and_bmask(NDPI_PROTOCOL_IP_ESP);
+    break;
+
   case NDPI_IPSEC_PROTOCOL_AH:
-    set_protocol_and_bmask(NDPI_PROTOCOL_IPSEC);
+    set_protocol_and_bmask(NDPI_PROTOCOL_IP_AH);
     break;
 
   case NDPI_GRE_PROTOCOL_TYPE:
@@ -163,13 +166,20 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
   /* always add non tcp/udp if one protocol is compiled in */
   NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[ndpi_struct->callback_buffer_num].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
 
-  ndpi_set_bitmask_protocol_detection("IPSec", ndpi_struct,
-				      NDPI_PROTOCOL_IPSEC,
+  ndpi_set_bitmask_protocol_detection("AH", ndpi_struct,
+				      NDPI_PROTOCOL_IP_AH,
 				      ndpi_search_in_non_tcp_udp,
 				      NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
+  ndpi_set_bitmask_protocol_detection("ESP", ndpi_struct,
+                                      NDPI_PROTOCOL_IP_ESP,
+                                      ndpi_search_in_non_tcp_udp,
+                                      NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+                                      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+                                      ADD_TO_DETECTION_BITMASK);
+
   ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct,
 				      NDPI_PROTOCOL_IP_GRE,
 				      ndpi_search_in_non_tcp_udp,
-- 
cgit v1.2.3