From 23380f7b5cf16e2546e8da46852571f968e1a2eb Mon Sep 17 00:00:00 2001
From: Vadim Vetrov <vetrovvd@gmail.com>
Date: Mon, 11 Aug 2025 22:03:35 +0300
Subject: [PATCH] STUN: Filter request-only

On transit machines it was faking the traffic in two directions
---
 src/quic.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/quic.c b/src/quic.c
index bb35f61..651a01e 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -452,7 +452,20 @@ int is_stun_message(const uint8_t *data, size_t dlen) {
 	message_type = ntohs(message_type);
 	message_length = ntohs(message_length);
 
-	return (left_len == message_length);
+	if (left_len != message_length) {
+		return 0;
+	}
+
+	if ((message_type & (1 << 15)) || (message_type & (1 << 14))) {
+		return 0;
+	}
+
+	// Filter request only
+	if ((message_type & (1 << 4)) || (message_type & (1 << 8))) {
+		return 0;
+	}
+
+	return 1;
 }
 
 int detect_udp_filtered(const struct section_config_t *section,