From 31d23aee5662c8a0b69770cf96960c1db68e647c Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 10 May 2023 12:50:24 +0200
Subject: All protocols should be excluded sooner or later (#1969)

For a lot of protocols, reduce the number of packets after which the
protocols dissector gives up.
The values are quite arbitary, tring to not impact on classification
---
 src/lib/protocols/rsync.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols/rsync.c')

diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c
index 580276e9c..0daf25510 100644
--- a/src/lib/protocols/rsync.c
+++ b/src/lib/protocols/rsync.c
@@ -40,17 +40,20 @@ static void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct,
   if(packet->tcp) {
     NDPI_LOG_DBG2(ndpi_struct, "calculating RSYNC over tcp\n");
     /*
-     * Should match: memcmp(packet->payload, "@RSYNCD: 28", 14) == 0)
+     * Should match: memcmp(packet->payload, "@RSYNCD:", 8) == 0)
      */
-    if (packet->payload_packet_len == 12 && packet->payload[0] == 0x40 &&
+    if (packet->payload_packet_len >= 8 && packet->payload[0] == 0x40 &&
 	packet->payload[1] == 0x52 && packet->payload[2] == 0x53 &&
 	packet->payload[3] == 0x59 && packet->payload[4] == 0x4e &&
 	packet->payload[5] == 0x43 && packet->payload[6] == 0x44 &&
 	packet->payload[7] == 0x3a ) {
       NDPI_LOG_INFO(ndpi_struct, "found rsync\n");
       ndpi_int_rsync_add_connection(ndpi_struct, flow);
+      return;
     }
   }
+  if(flow->packet_counter > 5)
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
 
-- 
cgit v1.2.3