ndpi: ignore packets that have a different proto than the flow

author Jason Ish <jason.ish@oisf.net>

Thu, 27 Mar 2025 21:32:40 +0000 (15:32 -0600)

committer Victor Julien <victor@inliniac.net>

Sat, 29 Mar 2025 21:14:00 +0000 (22:14 +0100)
author Jason Ish <jason.ish@oisf.net>
Thu, 27 Mar 2025 21:32:40 +0000 (15:32 -0600)
committer Victor Julien <victor@inliniac.net>
Sat, 29 Mar 2025 21:14:00 +0000 (22:14 +0100)
diff --git a/plugins/ndpi/ndpi.c b/plugins/ndpi/ndpi.c

index 60accf457680e7d4bd3bf330652bc7d575d42870..2adddfaa1eb824e063ce7c7f9490459b28991c49 100644 (file)
--- a/plugins/ndpi/ndpi.c
+++ b/plugins/ndpi/ndpi.c
@@ -101,6 +101,12 @@ static void OnFlowUpdate(ThreadVars *tv, Flow *f, Packet *p, void *_data)
          return;
      }
  
+    /* Ignore packets that have a different protocol than the
+     * flow. This can happen with ICMP unreachable packets. */
+    if (p->proto != f->proto) {
+        return;
+    }
+
      if (PacketIsIPv4(p)) {
          const IPV4Hdr *ip4h = PacketGetIPv4(p);
          ip_len = IPV4_GET_RAW_IPLEN(ip4h);
author	Jason Ish <jason.ish@oisf.net>
	Thu, 27 Mar 2025 21:32:40 +0000 (15:32 -0600)
committer	Victor Julien <victor@inliniac.net>
	Sat, 29 Mar 2025 21:14:00 +0000 (22:14 +0100)