From 787be6ec081227665f3803b46bebf9496b5a5f23 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Tue, 31 May 2016 12:32:47 +0200
Subject: Improved teredo detection by discarding packets sent towards
 multicast addresses

---
 src/lib/protocols/teredo.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c
index 9fb2c6483..762aac7de 100644
--- a/src/lib/protocols/teredo.c
+++ b/src/lib/protocols/teredo.c
@@ -29,6 +29,8 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct
   struct ndpi_packet_struct *packet = &flow->packet;
 
   if(packet->udp
+     && packet->iph
+     && ((ntohl(packet->iph->daddr) & 0xF0000000) != 0xE0000000 /* Not a multicast address */)
      && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544))
      && (packet->payload_packet_len >= 40 /* IPv6 header */))
     ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN);
-- 
cgit v1.2.3