From 61fc5be202f05113de07c063fa3fc9ccc47625d8 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Fri, 23 Jul 2021 17:26:56 +0200
Subject: Reworked flow risk implementation

---
 src/lib/protocols/rtp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols/rtp.c')

diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index b2998bb2a..111c57737 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -77,10 +77,15 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
 			    struct ndpi_flow_struct *flow,
 			    const u_int8_t * payload, const u_int16_t payload_len) {
   u_int8_t payloadType, payload_type;
-
+  u_int16_t d_port = ntohs(flow->packet.udp->dest);
+  
   NDPI_LOG_DBG(ndpi_struct, "search RTP\n");
 
-  if((payload_len < 2) || flow->protos.tls_quic_stun.stun.num_binding_requests) {
+  if((payload_len < 2)
+     || (d_port == 5355 /* LLMNR_PORT */)
+     || (d_port == 5353 /* MDNS_PORT */)     
+     || flow->protos.tls_quic_stun.stun.num_binding_requests
+     ) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;
   }
-- 
cgit v1.2.3