Skype dissector gives false positive response on Omron FINS traffic

[0xA50C1A1]

Describe the bug

I'm trying to write an Omron FINS protocol dissector and for a while I couldn't figure out why it wasn't working as intended. This protocol can use either TCP or UDP, but incorrect detection only occurs when using UDP as a transport. At first I thought it was some kind of logical error in my code (I check almost all header fields to make sure there are no false positives), but then I looked into the skype dissector and saw a lot of kludges.

Expected behavior

Detection as OmronFINS if compiled with my dissector, or as Unknown if compiled without.

Obtained behavior

Invalid detection caused by this

nDPI Environment (please complete the following information):

• OS name: Ubuntu
• OS version: 23.04
• Architecture: x86_64
• nDPI version or commit hash: bdb73db1a49d271bfb958eaabcce489013d84f3c
• nDPI compilation flags used: --with-pcre2 --with-nbpf-path=~/PF_RING/userland/nbpf/

config.log

How to reproduce the reported bug

Reproducible using ndpiReader?

• [x] The reported bug is reproducible using ndpiReader.

If applicable, the used ndpiReader options:

ndpiReader -i ~/omron.pcap

If your bug is reproducible using a pcap, please attach a pcap file (or a valid link to download it)

omron.zip

Steps to reproduce the behavior:

1. Run 'ndpiReader -i omron.pcap'
2. See false-positive detection as SkypeTeams_Call

[IvanNardi]

There are some issues with the Skype code... Since it seems that Omron protocol usually uses 9600 as port, you can add a quick workaround adding a new exception around line 52 of skype.c