From 5d8edccef8adcbf05bb5b01bd78b44ed2e80694e Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Mon, 5 Aug 2024 11:26:08 +0200
Subject: Bittorrent: improve detection of UTPv1 and avoid false positives

---
 src/lib/protocols/bittorrent.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index c0f5955c9..01080906f 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -104,6 +104,8 @@ static u_int8_t is_utpv1_pkt(const u_int8_t *payload, u_int payload_len) {
   if(h->next_extension > 2)         return(0);
   if(h->h_type == 4 /* SYN */ && (h->tdiff_usec != 0 ||
      payload_len != (u_int)h_length)) return(0);
+  if(h->h_type == 2 /* STATE */ &&
+     payload_len != (u_int)h_length) return(0);
   if(h->h_type == 0 /* DATA */ &&
      payload_len == (u_int)h_length) return(0);
   if(h->connection_id == 0) return(0);
-- 
cgit v1.2.3