From 434c38c74d20571437d92c0c06874ff4aa443c16 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 4 May 2022 16:27:36 +0200
Subject: Added extra check to make sure that the guessed protocol is the one
 we expect and not another one

---
 src/lib/ndpi_main.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 8fa10edc8..9d155cf02 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6096,10 +6096,11 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
 	} /* for */
 
 	if(!found) {
-	  ndpi_default_ports_tree_node_t *ret = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
+	  ndpi_default_ports_tree_node_t *r = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
 									     sport, dport);
 
-	  if(ret == NULL)
+	if((r == NULL)
+	   || ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol)))	  
 	    ndpi_set_risk(ndpi_str, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
 	}
       }
@@ -6125,10 +6126,11 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
       }
 
       if(!found) {
-	ndpi_default_ports_tree_node_t *ret = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
+	ndpi_default_ports_tree_node_t *r = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
 									   sport, dport);
 	
-	if(ret == NULL)
+	if((r == NULL)
+	   || ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol)))	  
 	  ndpi_set_risk(ndpi_str, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
       }
     }
-- 
cgit v1.2.3