From c83698c957b3ebc21d9e5bc78928e5140f79c0f1 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 19 Jan 2024 08:57:39 +0100
Subject: STUN: fix flow risks when DTLS packets are found (#2266)

When switching to (D)TLS dissector from the STUN one, we need to clear
any flow risks set from the latter (because we don't have anymore
`NDPI_PROTOCOL_STUN` in the classification results)
---
 src/lib/protocols/stun.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index ddb42c980..b68740c04 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -440,6 +440,8 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
             /* TODO: right way? It is a bit scary... do we need to reset something else too? */
             reset_detected_protocol(ndpi_struct, flow);
             change_category(ndpi_struct, flow, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED);
+	    /* STUN often triggers this risk; clear it. TODO: clear other risks? */
+	    ndpi_unset_risk(ndpi_struct, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
 
             /* Give room for DTLS handshake, where we might have
                retransmissions and fragments */
-- 
cgit v1.2.3