From cc582052b384f7e7e40dc1193683fcb353864d16 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 21 Jun 2023 14:25:34 +0200
Subject: Gnutella: improve detection (#2019)

---
 src/lib/protocols/gnutella.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c
index 09190b53b..65415fcbb 100644
--- a/src/lib/protocols/gnutella.c
+++ b/src/lib/protocols/gnutella.c
@@ -271,6 +271,11 @@ static void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struc
 	return;
       }
     }
+    if (packet->payload_packet_len >= 4 && memcmp(packet->payload, "GND\x10", 4) == 0) {
+      NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, GND (2)\n");
+      ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI);
+      return;
+    }
 
     if ((packet->payload_packet_len == 32)
 	&& memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00", 7) == 0) {
-- 
cgit v1.2.3