From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 7 Sep 2022 22:46:20 +0000 (-0600)
Subject: bittorrent-dht: only attempt to parse dht messages
X-Git-Tag: suricata-7.0.0-rc1~433
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a30ee77a1fa591133e85e6eb20df5e5e57648f8;p=thirdparty%2Fsuricata.git

bittorrent-dht: only attempt to parse dht messages

The bittorrent flow is shared with transport messages as well as dht
messages. Only attempt to parse dht message as dht, ignore the rest.
---

diff --git a/rust/src/bittorrent_dht/bittorrent_dht.rs b/rust/src/bittorrent_dht/bittorrent_dht.rs
index 346635714f..0e0d77fd87 100644
--- a/rust/src/bittorrent_dht/bittorrent_dht.rs
+++ b/rust/src/bittorrent_dht/bittorrent_dht.rs
@@ -92,7 +92,21 @@ impl BitTorrentDHTState {
         return tx;
     }
 
+    fn is_dht(input: &[u8]) -> bool {
+        if input.len() > 5 {
+            match &input[0..5] {
+                b"d1:ad" | b"d1:rd" | b"d2:ip" | b"d1:el" => true,
+                _ => false,
+            }
+        } else {
+            false
+        }
+    }
+
     pub fn parse(&mut self, input: &[u8]) -> bool {
+        if !Self::is_dht(input) {
+            return true;
+        }
         let mut tx = self.new_tx();
         let mut status = true;