From ca8ac946f48ab853f47b557ae643d36045d7ae95 Mon Sep 17 00:00:00 2001 From: lns Date: Sat, 4 Jun 2022 21:03:17 +0200 Subject: Fixed syslog false negatives. - RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns --- src/lib/ndpi_main.c | 2 +- src/lib/protocols/syslog.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 88730350a..9be024642 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1032,7 +1032,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, - ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index 866e0a0c0..1b072de07 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -73,7 +73,8 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct if (ndpi_isalnum(packet->payload[i]) == 0) { if (packet->payload[i] == ' ' || packet->payload[i] == ':' || - packet->payload[i] == '=') + packet->payload[i] == '=' || packet->payload[i] == '[' || + packet->payload[i] == '-') { break; } -- cgit v1.2.3