From 688a197b85545b056e3afa8338719154ebc865c7 Mon Sep 17 00:00:00 2001
From: Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com>
Date: Mon, 27 Nov 2023 23:46:14 +0300
Subject: Fix FINS false positives (#2176)

* Fix FINS false positives

* Add rsv (reserved) field check
---
 src/lib/protocols/fins.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/protocols/fins.c b/src/lib/protocols/fins.c
index 980697e33..8fd16f562 100644
--- a/src/lib/protocols/fins.c
+++ b/src/lib/protocols/fins.c
@@ -82,7 +82,9 @@ static void ndpi_search_fins(struct ndpi_detection_module_struct *ndpi_struct,
       goto not_fins;
     }
     
-    if ((fins->dna > 0x7F) || (fins->sna > 0x7F)) {
+    if ((fins->dna > 0x7F)  || (fins->sna > 0x7F) ||
+        (fins->gct != 0x02) || (fins->rsv != 0)) 
+    {
       goto not_fins;
     }
 
-- 
cgit v1.2.3