From b116456fc5c10b3fe196da4b071faec4abbfec31 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sat, 11 May 2024 09:21:13 +0200
Subject: Viber: add detection of voip calls and avoid false positives (#2434)

---
 src/lib/protocols/viber.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src/lib/protocols/viber.c')

diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index ae0689ce1..3a1a57792 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -70,12 +70,13 @@ static void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct,
   if((packet->udp != NULL) && (packet->payload_packet_len > 5)) {
     NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n");
 
-    if((packet->payload[2] == 0x03 && packet->payload[3] == 0x00)
-       || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00)
-       || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00)
-       || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00)
-       || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00)
-       )
+    if((flow->l4.udp.rtp_stage == 0) && (flow->l4.udp.rtcp_stage == 0) /* Avoid collisions with RTP/RTCP */ &&
+       ((packet->payload[2] == 0x03 && packet->payload[3] == 0x00)
+        || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00)
+        || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00)
+        || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00)
+        || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00)
+       ))
     {
       viber_add_connection(ndpi_struct, flow);
       return;
-- 
cgit v1.2.3