From 1b5c90cfbee33f3b64ebd45e464a9ca314e0bd99 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Nov 2017 14:16:27 +0100 Subject: STUN improvements --- src/lib/protocols/stun.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols/stun.c') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d44d9c26e..b527678b7 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -243,10 +243,18 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return NDPI_IS_NOT_STUN; udp_stun_found: - if(can_this_be_whatsapp_voice) + if(can_this_be_whatsapp_voice) { flow->num_stun_udp_pkts++; - return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); + return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); + } else { + /* + We cannot immediately say that this is STUN as there are other protocols + like GoogleHangout that might be candidates, thus we set the + guessed protocol to STUN + */ + flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; + } } void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 8b1f8636d17973a2af57391990ff8d7563d74862 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Nov 2017 15:25:02 +0100 Subject: Further check if a STUN flow will eventually become RTP --- src/lib/protocols/stun.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/lib/protocols/stun.c') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index b527678b7..15834df0b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -297,6 +297,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } + return; } @@ -304,6 +305,11 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude stun.\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STUN); } + + if(flow->packet_counter > 0) { + /* This might be a RTP stream: let's make sure we check it */ + NDPI_CLR(&flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + } } -- cgit v1.2.3 From 8eaf0cefa1330c9b01b21b7f63f41f9ba1980eeb Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 23 Nov 2017 15:39:20 +0100 Subject: Warning fix --- src/lib/protocols/rtp.c | 2 ++ src/lib/protocols/stun.c | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'src/lib/protocols/stun.c') diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..1271510ff 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -113,6 +113,8 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; + /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */ + if((packet->udp != NULL) && (ntohs(packet->udp->source) > 1023) && (ntohs(packet->udp->dest) > 1023)) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 15834df0b..6a1d903ee 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -254,7 +254,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * guessed protocol to STUN */ flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - } + return(NDPI_IS_NOT_STUN); + } } void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -313,8 +314,8 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } -void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ +void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, -- cgit v1.2.3