From 269be6c7ef038d2de377546813fbb2bacf80e510 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 8 Mar 2022 00:21:51 +0100
Subject: Some small fixes (#1481)

FTP: if the authentication fails, stop analyzing the flow
WSD: call the initialization routine; the dissector code has never been
triggered
MINING: fix dissection
---
 src/lib/ndpi_main.c             | 3 +++
 src/lib/protocols/ftp_control.c | 2 ++
 src/lib/protocols/mining.c      | 3 ++-
 3 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index c1fb6fc1d..187081c1d 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4280,6 +4280,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* EthernetIP */
   init_ethernet_ip_dissector(ndpi_str, &a, detection_bitmask);
 
+  /* WSD */
+  init_wsd_dissector(ndpi_str, &a, detection_bitmask);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 04a5d2e96..6cc5c612a 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -570,6 +570,7 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow,
   case '4':
   case '5':
     flow->l4.tcp.ftp_imap_pop_smtp.auth_failed = 1;
+    flow->l4.tcp.ftp_imap_pop_smtp.auth_done = 1;
     return(1);
     break;
   }
@@ -636,6 +637,7 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str
 #endif
 
 	if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' &&
+	   flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0 &&
 	   flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0) /* TODO: any values on dissecting TLS handshake? */
 	  flow->ftp_control_stage = 0;
 	else
diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c
index 7d1f32e67..f9e260689 100644
--- a/src/lib/protocols/mining.c
+++ b/src/lib/protocols/mining.c
@@ -87,7 +87,8 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 
   /* Check connection over TCP */
   if(packet->tcp && (packet->payload_packet_len > 10)) {
-    if(packet->tcp->source == htons(8333)) {
+    if(packet->tcp->source == htons(8333) ||
+       packet->tcp->dest == htons(8333)) {
       /*
 	Bitcoin
 	
-- 
cgit v1.2.3