libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Fix ndpi_serialize_string_int64	Alfredo Cardigliano	2022-01-21
\|
*	Add unit test for ndpi_serialize_string_int64	Alfredo Cardigliano	2022-01-21
\|
*	Fix Grease values parsing (#1416)	havsah	2022-01-21
\| \| \| \| \| \| \| \| \| \| \|	The check for grease was too broad and filtered some valid values. In particular, the value 257 was skipped because it matched the previous check. This has been discovered while parsing tests/pcap/443-firefox.pcap expected ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256-257,0 previously generated ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256,0 Signed-off-by: Patrick Havelange <patrick.havelange_ext@softathome.com>
*	Added JA3 in risj exceptions	Luca Deri	2022-01-20
\|
*	Fixed certificate mismatch check	Luca Deri	2022-01-19
\|
*	Fixed an issue on CentOS 7 introduced by	Luca Deri	2022-01-19
\| \| \| \|	https://github.com/ntop/nDPI/commit/c2b7d77784beeae5f86f19e33ba3da5ddce55898
*	Updated confidence type	Luca Deri	2022-01-18
\|
*	TLS, H323, examples: fix some memory errors (#1414)	Ivan Nardi	2022-01-18
\| \| \| \| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26880 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26906 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43782 https://oss-fuzz.com/testcase-detail/6334089358082048
*	Netbios, CSGO: fix two memory errors (#1413)	Ivan Nardi	2022-01-18
\| \| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43754 https://oss-fuzz.com/testcase-detail/5329842395021312
*	build: respect environment options more (#1392)	Sam James	2022-01-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* build: update m4/ax_pthread.m4 from serial 23 -> serial 31 Update ax_pthread.m4 to the latest version from the autoconf-archive project. Signed-off-by: Sam James <sam@gentoo.org> * build: properly detect AR, CC, RANLIB It's necessary to be able to override choice of AR/CC/RANLIB and other toolchain variables/tools for cross-compilation, testing with other toolchains, and to ensure the compiler chosen by the user is actually used for the build. Previously, GNU_PREFIX was kind-of used for this but this isn't a standard variable (at all) and it wasn't applied consistently anyway. We now use the standard autoconf mechanisms for finding these tools. (RANLIB is already covered by LT_INIT.) Signed-off-by: Sam James <sam@gentoo.org> * build: use $(MAKE) This ensures that parallel make works correctly, as otherwise, a fresh make job will be started without the jobserver fd, and hence not know about its parent, forcing -j1. * build: respect CPPFLAGS, LDFLAGS - CPPFLAGS is for the C preprocessor (usually for setting defines) - LDFLAGS should be placed before objects for certain flags to work (e.g. -Wl,--as-needed) Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
*	H323: fix a use-after-poison error (#1412)	Ivan Nardi	2022-01-17
\| \| \| \| \| \| \|	Detected by oss-fuzz See: https://oss-fuzz.com/testcase-detail/6730505580576768 Fix a function prototype Update a unit test results
*	Improved Badoo detection (missing mobile app domain)	Luca Deri	2022-01-17
\|
*	Added Badoo detection	Luca Deri	2022-01-17
\|
*	Adds some risk exceptions for popular services and domain names	Luca	2022-01-17
\| \| \| \|	via a new (internal) function named ndpi_add_domain_risk_exceptions()
*	TLS: fix a use-of-uninitialized-value error (#1411)	Ivan Nardi	2022-01-16
\| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43705
*	Zattoo: fix Null-dereference READ with ipv6 traffic (#1410)	Ivan Nardi	2022-01-16
\| \| \| \| \|	Fix: 20b5f6d7 Detected by oss-fux: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43700
*	XBox, Diameter: fix dissectors initialization (#1405)	Ivan Nardi	2022-01-16
\| \| \| \| \| \| \| \|	These dissectors have never been triggered because their registration functions use the wrong parameter/bitmask. Diameter code is buggy since the origianl commit (1d108234), while XBox code since 5266c726. Fix some false positives in Xbox code.
*	Added performance tests tools	Luca Deri	2022-01-16
\|
*	Minor cosmetic changes	Luca Deri	2022-01-16
\|
*	Reduced Patricia tree bucket memory footprint	Luca Deri	2022-01-16
\|
*	Kerberos: fix use-of-uninitialized-value error (#1409)	Ivan Nardi	2022-01-15
\| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43677
*	TLS: fix heap-buffer-overflow error (#1408)	Ivan Nardi	2022-01-15
\| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43664
*	STUN: fix "confidence" value for some classifications (#1407)	Ivan Nardi	2022-01-15
\|
*	Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)	Ivan Nardi	2022-01-15
\| \| \|	Follow-up of 7cba34a1
*	Restore a unit test result (#1403)	Ivan Nardi	2022-01-13
\| \| \| \| \|	Deleted, probably by mistake, in 406ac7e8 Fix Makefile and add compilation of `rrdtool` in CI tests
*	FreeBSD fixes	Luca Deri	2022-01-13
\|
*	Added the ability to specify trusted issueDN often used in companies to ↵	Luca Deri	2022-01-13
\| \| \| \| \| \| \| \| \| \| \|	self-signed certificates This allows to avoid triggering alerts for trusted albeit private certificate issuers. Extended the example/protos.txt with the new syntax for specifying trusted issueDN. Example: trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US"
*	fix ahocorasick on big-endian machines (#1401)	Vinicius Silva Nogueira	2022-01-13
\|
*	Improved MicrosoftAzure detection	Luca Deri	2022-01-12
\|
*	Added EthernetIP dissector	Luca Deri	2022-01-12
\|
*	Run fuzzing tests also on push event (like the CI tests) (#1400)	Ivan Nardi	2022-01-12
\|
*	Fix DGA false positive (#1399)	Ivan Nardi	2022-01-12
\| \| \|	Close #1397
*	Fix two use-of-uninitialized-value errors (#1398)	Ivan Nardi	2022-01-12
\| \| \| \| \| \| \|	Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40269 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41432 Fix fuzz compilation (follow-up of f5545a80)
*	Removed outdated comment	Luca Deri	2022-01-11
\|
*	Removed legacy code	Luca Deri	2022-01-11
\|
*	QUIC: fix an integer overflow (#1396)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Reported by oss-fuzz: ``` ==685288==ERROR: AddressSanitizer: SEGV on unknown address 0x61a100000687 (pc 0x0000005aba64 bp 0x7ffe3f29f510 sp 0x7ffe3f29f400 T0) ==685288==The signal is caused by a READ memory access. SCARINESS: 20 (wild-addr-read) #0 0x5aba64 in quic_len ndpi/src/lib/protocols/quic.c:203:12 #1 0x5aba64 in decrypt_initial_packet ndpi/src/lib/protocols/quic.c:993:16 #2 0x5aba64 in get_clear_payload ndpi/src/lib/protocols/quic.c:1302:21 #3 0x5aba64 in ndpi_search_quic ndpi/src/lib/protocols/quic.c:1658:19 #4 0x579f00 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:4683:6 #5 0x57abe6 in ndpi_check_flow_func ndpi/src/lib/ndpi_main.c:0 #6 0x583b2c in ndpi_detection_process_packet ndpi/src/lib/ndpi_main.c:5545:15 #7 0x55e75e in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_process_packet.c:30:3 [...] ```
*	Add a "confidence" field about the reliability of the classification. (#1395)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \|	As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
*	Readme for using fuzzer with nDPI	Luca Deri	2022-01-11
\|
*	Updated result	Luca Deri	2022-01-09
\|
*	Improved user agent analysis	Luca Deri	2022-01-09
\|
*	GTP: fix some false positives (#1394)	Ivan Nardi	2022-01-08
\|
*	Remove some unused fields (#1393)	Ivan Nardi	2022-01-08
\|
*	Improved bittorrent detection	Luca Deri	2022-01-06
\|
*	Invalid check	Luca Deri	2022-01-06
\|
*	Added missing dependency	Luca Deri	2022-01-05
\|
*	Update issue tempalte	Alfredo Cardigliano	2022-01-03
\|
*	Update copyright	Alfredo Cardigliano	2022-01-03
\|
*	Improved BitTorrent guess	Luca Deri	2021-12-26
\|
*	Added support for Log4J/Log4Shell detection in nDPI via a new flow risk ↵	Luca Deri	2021-12-23
\| \| \| \|	named NDPI_POSSIBLE_EXPLOIT
*	Add support for ICloud Private Relay (#1390)	Ivan Nardi	2021-12-22
\| \| \| \| \| \| \|	See: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF TODO: an up-to-date list of egress IP ranges is publicly available. Can we use it somehow?