aboutsummaryrefslogtreecommitdiff
path: root/.gitignore
Commit message (Collapse)AuthorAge
* Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678)Ivan Nardi2025-01-14
| | | | | | | | | It might be usefull to be able to match traffic against a list of suspicious JA4C fingerprints Use the same code/logic/infrastructure used for JA3C (note that we are going to remove JA3C...) See: #2551
* fuzz: add 2 new fuzzers for KD-trees and Ball-trees (#2670)Ivan Nardi2025-01-13
|
* fuzz: improve coverage (#2612)Ivan Nardi2024-11-01
| | | Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()`
* .gitignore: reformatted, added patterns for IDEs, for deb packages and for ↵Petr2024-07-16
| | | | test results (#2503)
* fuzzing: improve coverage (#2495)Ivan Nardi2024-07-12
| | | | | | | | | | | | | | Fix detection of WebDAV and Gnutella (over HTTP) Fix detection of z3950 Add two fuzzers to test `ndpi_memmem()` and `ndpi_strnstr()` Remove some dead code: * RTP: the same exact check is performed at the very beginning of the function * MQTT: use a better helper to exclude the protocol * Colletd: `ndpi_hostname_sni_set()` never fails Update pl7m code (fix a Use-of-uninitialized-value error)
* fuzz: pl7m: add a custom mutator for better fuzzing of pcap files (#2483)Ivan Nardi2024-06-27
| | | | | | | | | | | Pl7m is a custom mutator (used for structure aware fuzzing) for network traffic packet captures (i.e. pcap files). The output of the mutator is always a valid pcap file, containing the same flows/sessions of the input file. That's it: the mutator only changes the packet payload after the TCP/UDP header, keeping all the original L2/L3 information (IP addresses and L4 ports). See: https://github.com/IvanNardi/pl7m
* fuzz: improvements (#2400)Ivan Nardi2024-04-20
| | | | | Create the zip file with all the traces only once. Add a new fuzzer to test "shoco" compression algorithm
* Fix a warning and restore a unit test result (#2379)Ivan Nardi2024-04-10
|
* fuzz: improve fuzzing coverage (#2309)Ivan Nardi2024-02-09
|
* fuzz: extend fuzzing coverage (#2281)Ivan Nardi2024-01-24
|
* config: follow-up (#2268)Ivan Nardi2024-01-20
| | | | | | Some changes in the parameters names. Add a fuzzer to fuzz the configuration file format. Add the infrastructure to configuratin callbacks. Add an helper to map LRU cache indexes to names.
* New API for library configurationNardi Ivan2024-01-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first step into providing (more) configuration options in nDPI. The idea is to have a simple way to configure (most of) nDPI: only one function (`ndpi_set_config()`) to set any configuration parameters (in the present or on in the future) and we try to keep this function prototype as agnostic as possible. You can configure the library: * via API, using `ndpi_set_config()` * via a configuration file, in a text format This way, anytime we need to add a new configuration parameter: * we don't need to add two public functions (a getter and a setter) * we don't break API/ABI compatibility of the library; even changing the parameter type (from integer to a list of integer, for example) doesn't break the compatibility. The complete list of configuration options is provided in `doc/configuration_parameters.md`. As a first example, two configuration knobs are provided: * the ability to enable/disable the extraction of the sha1 fingerprint of the TLS certificates. * the upper limit on the number of packets per flow that will be subject to inspection
* fuzz: improve fuzzing coverage (#2239)Ivan Nardi2024-01-02
|
* fuzz: extend fuzzing coverage (#2208)Ivan Nardi2023-12-11
|
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* fuzz: extend fuzzing coverageNardi Ivan2023-10-15
|
* fuzz: extend fuzzing coverageNardi Ivan2023-10-07
|
* fuzz: extend fuzzing coverageNardi Ivan2023-09-16
|
* fuzz: add fuzzers to test bitmap64 and domain_classify data structures (#2082)Ivan Nardi2023-09-10
|
* fuzz: add fuzzers to test reader_util code (#2080)Ivan Nardi2023-09-10
|
* fuzz: extend coverage (#2073)Ivan Nardi2023-08-20
|
* fuzz: extend fuzzing coverage (#2052)Ivan Nardi2023-07-18
| | | | Added/merged some traces. Improved Socks identification
* fuzz: add fuzzer for DGA detection code (#2042)Ivan Nardi2023-07-13
|
* fuzz: extend fuzzing coverage (#2040)Ivan Nardi2023-07-11
| | | | | | | | | Some notes: * libinjection: according to https://github.com/libinjection/libinjection/issues/44, it seems NULL characters are valid in the input string; * RTP: `rtp_get_stream_type()` is called only for RTP packets; if you want to tell RTP from RTCP you should use `is_rtp_or_rtcp()`; * TLS: unnecessary check; we already make the same check just above, at the beginning of the `while` loop
* fuzz: extend fuzzers coverage (#1952)Ivan Nardi2023-04-25
|
* fuzz: add fuzzer to test internal gcrypt code (#1920)Ivan Nardi2023-04-04
|
* fuzz: add a new fuzzer to test TLS certificates (#1901)Ivan Nardi2023-03-20
|
* fuzz: extend fuzz coverage (#1888)Ivan Nardi2023-02-16
|
* fuzz: some improvements and add two new fuzzers (#1881)Ivan Nardi2023-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from `fuzz/Makefile.am`; it is already included by the main configure script (when fuzzing). Add a knob to force disabling of AESNI optimizations: this way we can fuzz also no-aesni crypto code. Move CRC32 algorithm into the library. Add some fake traces to extend fuzzing coverage. Note that these traces are hand-made (via scapy/curl) and must not be used as "proof" that the dissectors are really able to identify this kind of traffic. Some small updates to some dissectors: CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting with "VS01" will be classified as STEAM (see steam.c around line 111). Googling it, it seems right so. XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore that condition is false. RTP, STUN: removed useless "break"s Zattoo: `flow->zattoo_stage` is never set to any values greater or equal to 5, so these checks are never true. PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it. TeamSpeak: we check for `flow->packet_counter == 3` just above, so the following check `flow->packet_counter >= 3` is always false.
* fuzz: add a new fuzzer to test serialization/deserialization code (#1876)Ivan Nardi2023-01-27
| | | | | | | | | | Autodetecting the needed buffer size is quite complex (especially with float/double values) so it is mandatory to properly check for `ndpi_snprintf` truncation. These issues have been undetected so far probably because the default buffer is big enough for all common cases. Add an example of usage of `ndpi_deserialize_clone_all()` (taken from `ntopng`)
* Add some fuzzers to test other data structures. (#1870)Ivan Nardi2023-01-25
| | | | | | | Start using a dictionary for fuzzing (see: https://llvm.org/docs/LibFuzzer.html#dictionaries). Remove some dead code. Fuzzing with debug enabled is not usually a great idea (from performance POV). Keep the code since it might be useful while debugging.
* fuzz: fix memory allocation failure logic (#1867)Ivan Nardi2023-01-20
| | | | | We *do* want to have some allocation errors. Fix some related bugs Fix: 29be01ef
* Add some fuzzers to test algorithms and data structures (#1852)Ivan Nardi2023-01-17
| | | Fix some issues found with these new fuzzers
* fuzz: add a new fuzzer testing memory allocation failures (#1818)Ivan Nardi2022-12-06
| | | | | | | | | Try to fuzz error paths triggered by allocation errors. Fix some errors already found by this new fuzzer. Basic idea taken from: https://github.com/harfbuzz/harfbuzz/pull/2566/files `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` is a standard define used to (not)compile specific code in fuzzing builds. See: https://llvm.org/docs/LibFuzzer.html
* Remove some useless fuzzing target (#1813)Ivan Nardi2022-12-01
| | | | | We don't need specific targets to reproduce fuzzing issues. After all, calling `./fuzz/fuzz_process_packet_with_main $ARTIFACT_FILE` is equivalento to `./fuzz/fuzz_process_packet $ARTIFACT_FILE`
* Add a new fuzzer for QUIC (#1800)Ivan Nardi2022-12-01
| | | | | | | | | | | | QUIC packets are encrypted/obfuscated; that means that we need to decrypt them before parsing the real (TLS) message. Fuzzing is not effective here, since a random buffer is hardly a valid encrypted QUIC packet. Add a new fuzzer, testing *decrypted* QUIC packets. Add a basic corpus. Fix a few bugs already found by this fuzzer.
* Build ndpiReader and run regression tests.Toni Uhlig2022-09-21
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed VS2019 build.segfault2022-09-21
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Moved `NDPI_API_VERSION` to `src/include/ndpi_define.h.in` where it belongs.Toni Uhlig2022-09-21
| | | | | | | That way, we can make `src/include/ndpi_api.h` independent of autoconf. MSBuild will like that. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add proj and sln for compile of dynamic x64 lib under Visual Studio 2019.mark andrews2022-09-21
| | | | | | * add CI support via MSBuild Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Discord dissector. (#1694)Toni2022-08-03
| | | | | * fixed RiotGames false positive Signed-off-by: lns <matzeton@googlemail.com>
* Dazn: add support for Dazn streaming service (#1559)Ivan Nardi2022-05-29
| | | Update .gitignore file
* Fixed msys2 build warnings and re-activated CI Mingw64 build.fix/windows-msys2Toni Uhlig2022-04-14
| | | | | | | * Removed Visual Studio leftovers. Maintaining an autotools project with VS integration requires some additional overhead. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: lns <matzeton@googlemail.com>
* Complete rework of nDPI Python bindings (cffi API, automatic generation, ↵aouinizied2022-03-22
| | | | packaging and CI integration)
* Extend protocols support (#1422)Ivan Nardi2022-01-29
| | | | | | | | | | | | | | | | | | Add detection of AccuWeather site/app and Google Classroom. Improve detection of Azure, Zattoo, Whatsapp, MQTT and LDAP. Fix some RX false positives. Fix some "Uncommon TLS ALPN"-risk false positives. Fix "confidence" value for some Zoom/Torrent classifications. Minor fix in Lua script for Wireshark extcap. Update .gitignore file. Let GitHub correctly detect the language type of *.inc files. Zattoo example has been provided by @subhajit-cdot in #1148.
* Fix configure script (after fb85dac9) (#1381)Ivan Nardi2021-12-04
| | | Fix/disable some LGTM warnings
* Fix QUIC log and remove SoulSeek leftovers after b97dc6ba (#1351)Ivan Nardi2021-10-19
| | | | | Update .gitignore file Fix a function prototype Close #1349
* Get rid of `configure.seed` as it comes with some disadvantages. (#1328)Toni2021-10-10
| | | | | * using Autotools best-practices to achieve (hopefully) the same result Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* gitignore: ignore dpdk artifacts.Vitaliy Ivanov2018-11-28
| | | | | | Also similarly to shared libraries do not hide static lib. Signed-off-by: Vitaliy Ivanov <vitaliyi@interfacemasters.com>
Powered by cgit, Themed by Ted Yin.