From d4650f0f817c8d1663284b7dd225df802104a60b Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 9 May 2024 21:18:18 +0200
Subject: Raknet/RTP: avoid Raknet false positives and harden RTP heuristic
 (#2427)

There is some overlap between RTP and Raknet detection: give precedence
to RTP logic.
Consequences:
* Raknet might require a little bit more packets for some flows (not a
big issue)
* some very small (1-2 pkts) Raknet flows are not classified (not sure
what do do about that..)
---
 src/lib/protocols/stun.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/stun.c')

diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 0cc0d1d80..d12a51843 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -789,7 +789,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
     NDPI_LOG_DBG(ndpi_struct, "QUIC range. Unexpected\n");
   } else if(first_byte <= 191) {
 
-    rtp_rtcp = is_rtp_or_rtcp(ndpi_struct);
+    rtp_rtcp = is_rtp_or_rtcp(ndpi_struct, NULL);
     if(rtp_rtcp == IS_RTP) {
       NDPI_LOG_DBG(ndpi_struct, "RTP (dir %d)\n", packet->packet_direction);
       NDPI_LOG_INFO(ndpi_struct, "Found RTP over STUN\n");
-- 
cgit v1.2.3