aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add GearUP Booster protocol dissector (heuristic based).add/gearup_booster-protocol-dissectorToni Uhlig2025-03-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add GearUP Booster application protocol. (#2764)Toni2025-03-06
| | | | | protocol dissector will follow Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Autonomous System Organization to geoip (#2763)Leonardo Teixeira Alves2025-03-06
| | | Co-authored-by: Leonardo Teixeira Alves <leonardo.alves@zerum.com>
* Add configuration parameter to enable/disable export of flow risk info (#2761)Ivan Nardi2025-03-05
| | | | For the most common protocols, avoid creating the string message if we are not going to use it
* Fix function checking if a packet is multicastIvan Nardi2025-03-04
|
* custom rules: try to have a coherent behaviourIvan Nardi2025-03-04
| | | | | | | | | | | | | Custom rules with *new* protocols are checked "first": if there is a match, the first packet of the flow provides a complete and final classification. The same logic should apply to custom rules with "existing" protocols: if there is match, nDPI shouldn't do anything else. Remove the `tcp:3000@ntop` custom rule. Fix the default port for ElasticSearch (in the protocol file)
* Flow risk infos are always exported "in order" (by flow risk id)Ivan Nardi2025-03-04
| | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order.
* Address cache: fix a use-of-uninitialized-value error on cache restoreIvan Nardi2025-03-03
| | | | | | | | | | | | ``` ==29602==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x563af77d47ac in ndpi_address_cache_restore /home/ivan/svnrepos/nDPI/src/lib/ndpi_cache.c:450:8 #1 0x563af77d6b52 in ndpi_cache_address_restore /home/ivan/svnrepos/nDPI/src/lib/ndpi_cache.c:518:10 #2 0x563af77c73e5 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ds_address_cache.cpp:100:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/6653546833707008
* DNS: remove never-trigger checkIvan Nardi2025-03-03
| | | | This `if` check is always false
* Flute: fix heap-buffer-overflowIvan Nardi2025-03-02
| | | | | | | | | | | | | | | | ``` ==13852==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5150000027da at pc 0x5fa4b65d08ac bp 0x7ffc4c57ed60 sp 0x7ffc4c57e508 READ of size 4 at 0x5150000027da thread T0 #0 0x5fa4b65d08ab in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_pl7m_64k+0x78c8ab) (BuildId: 15b63a623e404a4a0be658cae7336391fc8353db) #1 0x5fa4b65d0d80 in memcmp (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_pl7m_64k+0x78cd80) (BuildId: 15b63a623e404a4a0be658cae7336391fc8353db) #2 0x5fa4b68bfe7e in ndpi_search_flute /home/ivan/svnrepos/nDPI/src/lib/protocols/flute.c:52:9 #3 0x5fa4b6764406 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7571:6 #4 0x5fa4b67bf703 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7606:10 ``` Found by oss-fuzz See: https://oss-fuzz.com/testcase-detail/5261204335689728
* Address cache: fix some bugs on cache traversalIvan Nardi2025-03-01
| | | | Add a new fuzzer to test it
* ndpiReader: remove redundant checksIvan Nardi2025-02-28
|
* ICMP: move all the logic to the proper dissector fileIvan Nardi2025-02-28
| | | | | | | There are no reasons to keep entropy calculation and sanity checks code on the "guessing" algorithm. BTW, this change also fix the entropy calculation for non TCP/UDP/ICMP flows
* fuzz: extend fuzzing coverage (#2750)Ivan Nardi2025-02-28
|
* Added valid TLS extensions that used to trigger invalid risksLuca Deri2025-02-27
|
* Fix a crash reported by fuzzing (#2749)Ivan Nardi2025-02-27
| | | | | | | | | | | | | ``` ==17==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8d7c8bc915 bp 0x7ffd25039910 sp 0x7ffd250390c8 T0) ==17==The signal is caused by a READ memory access. ==17==Hint: address points to the zero page. SCARINESS: 10 (null-deref) #0 0x7f8d7c8bc915 (/lib/x86_64-linux-gnu/libc.so.6+0x188915) (BuildId: 0323ab4806bee6f846d9ad4bccfc29afdca49a58) #1 0x55f437be04a3 in strlen /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc #2 0x55f437cfa3cb in ndpi_get_host_domain /src/ndpi/src/lib/ndpi_domains.c:144:9 #3 0x55f437caf21e in LLVMFuzzerTestOneInput /src/ndpi/fuzz/fuzz_config.cpp:703:3 ```
* TOR: fix ip lists (#2748)Ivan Nardi2025-02-27
| | | | One list is from ingress nodes (used for protocol classification) and the second one is from exit nodes (used for flow risk check)
* Fix csv serializationAlfredo Cardigliano2025-02-26
|
* Add a basic example to show how to use geo API (#2747)Ivan Nardi2025-02-25
| | | Credits to @LTxAlves
* Improved Tor detectionLuca Deri2025-02-24
|
* Sync unit tests resultsIvan Nardi2025-02-24
|
* Improved Tor exit node download and added IPv6 supportLuca Deri2025-02-24
|
* Add city as a geoip possibility (#2746)Leonardo Teixeira Alves2025-02-24
|
* Improved Google PlayStore detectionLuca Deri2025-02-24
|
* UBNTAC2: rework detection (#2744)Ivan Nardi2025-02-23
|
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Update the capture length of the ssdp example (#2741)Ivan Nardi2025-02-21
| | | | | | | | Some old libpcap versions don't handle pcap files with capture length bigger than 262144 bytes ``` ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144 ```
* Create a new protocol id to handle Mozilla/Firefox generic traffic (#2740)Ivan Nardi2025-02-21
| | | Close #2738
* Move `rtp` info out of `flow->protos` (#2739)Ivan Nardi2025-02-21
| | | | | Thiw way, the code is ready to handle rtp info from STUN flows too. And, most important, this change works as workaround to fix some crashes reported by oss-fuzz
* Fix build error due to an unused static function in the p17m fuzzer. (#2737)Toni2025-02-21
| | | | | * fixed buffer overflow in RTP dissector Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added checkLuca2025-02-21
|
* Updated test resultLuca2025-02-21
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Updated test rsults after RTP payload extractionLuca Deri2025-02-19
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* Further domain checksLuca Deri2025-02-19
|
* Fixed bug in domain name computationLuca Deri2025-02-17
|
* SSDP: add configuration for disabling metadata extraction (#2736)Ivan Nardi2025-02-17
|
* DNS: rework "extra-dissection" code (#2735)Ivan Nardi2025-02-17
|
* added metadata fields for M-NOTIFY (#2733)Ivan Kapranov2025-02-17
|
* Fix/restore some public defines (#2734)Ivan Nardi2025-02-17
| | | See 6899f6c17 and 9bf513b34
* Added definesLuca Deri2025-02-16
|
* Reworked memory allocationLuca Deri2025-02-16
|
* DNS: fix message parsing (#2732)Ivan Nardi2025-02-16
|
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* DNS: fix parsing of hostname for empty response messages (#2731)Ivan Nardi2025-02-16
|
* DNS: rework adding entries to the FPC-DNS cache (#2730)Ivan Nardi2025-02-16
| | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support
* DNS: improved detection and handling of TCP packets (#2728)Ivan Nardi2025-02-15
|
* DNS: rework code (#2727)Ivan Nardi2025-02-15
|
Powered by cgit, Themed by Ted Yin.