aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Improved STUN and RTP detectionLuca Deri2021-10-27
|
* Detect invalid characters in text and set a risk. Fixes #1347. (#1363)Toni2021-10-26
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed Git protocol dissection (#1355)Luca Deri2021-10-25
|
* Fixed cleartext protocol assignment (#1357)Ivan Nardi2021-10-25
|
* TLS: fix a heap-buffer-overflow (#1356)Ivan Nardi2021-10-22
| | | | Revert of c3d1c697 Error reproducible with the attached pcap and valgrind
* Fixed heap-buffer-overflow in TLS dissectorLuca Deri2021-10-20
|
* Fix QUIC log and remove SoulSeek leftovers after b97dc6ba (#1351)Ivan Nardi2021-10-19
| | | | | Update .gitignore file Fix a function prototype Close #1349
* Fix some invalid memory reads (#1350)Ivan Nardi2021-10-19
| | | | | | | | `ndpi_detection_giveup()` (and any functions called by it) can't access `ndpi_detection_module_struct->packet` anymore since 730c236. Sync unit tests results Close #1348
* Added clertext alert with telnetLuca Deri2021-10-19
|
* Fix broken fuzz_process_packet fuzzer by adding a call to ↵Toni2021-10-18
| | | | | | | | | | | | ndpi_finalize_initialization(). (#1334) * fixed several memory errors (heap-overflow, unitialized memory, etc) * ability to build fuzz_process_packet with a main() allowing to replay crash data generated with fuzz_process_packet by LLVMs libfuzzer * temporarily disable fuzzing if `tests/do.sh` executed with env FUZZY_TESTING_ENABLED=1 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Implemented RDP over UDP dissectionLuca Deri2021-10-18
|
* Refreshed results listLuca Deri2021-10-16
|
* Fixed cleartext protocol assignmentLuca Deri2021-10-16
|
* Updated test results after latest commitLuca Deri2021-10-16
|
* Reworked flow risks asignmentLuca Deri2021-10-16
| | | | Added esceptions for windows update and binary application transfer risk
* Removed outdated (and broken) soulseek dissectorLuca Deri2021-10-15
|
* Updated test resultsLuca Deri2021-10-14
|
* Added missing call to ndpi_reconcile_protocols() with protocol guessLuca Deri2021-10-14
|
* Fixed issue on DGA numeric IP detectionLuca Deri2021-10-13
|
* IndemtLuca Deri2021-10-13
|
* Add issue templates. (#1340)Zied Aouini2021-10-13
| | | | * Add issue template. * Add config log instruction.
* Implemented ndpi_ses_fitting() and ndpi_des_fitting()Luca Deri2021-10-12
| | | | for comuting the best alpha/beta values for exponential smoothing
* Return 0 on ndpi_init_serializer_ll success for consistencyAlfredo Cardigliano2021-10-12
|
* Fixed DES initialisationLuca Deri2021-10-12
|
* QUIC: fix an integer overflow (#1337)Ivan Nardi2021-10-11
| | | | Long standing bug: credits to @lnslbrty for digging into it and to @aouinizied for the CI improvements
* Removed README.protocols because: (#1333)Toni2021-10-11
| | | | | | * Tor via TLS should be detectable via DGA as a risk * protocol limitations should be part of the official documentation in `doc/` Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Win fixLuca Deri2021-10-11
|
* Fix FuzzCI. (#1338)Zied Aouini2021-10-11
|
* Enable sanitizers on CIFuzz. (#1336)Zied Aouini2021-10-11
|
* Cleaned up code moving specific includes in files their are using it. Thi ↵Luca Deri2021-10-11
| | | | prevents ndpi_config.h to be included everywhere in apps using nDPI that might leade to #define redefinitions after the latest changes
* Additional fix related to cf931fda6bfb3925555c7bd11d950a886676bcb3. (#1332)Toni2021-10-10
| | | | | * configure.seed references removed Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix `make dist` and add it to the CI along with `make -C doc text`. Fixes ↵Toni2021-10-10
| | | | | #1324 (#1327) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Get rid of `configure.seed` as it comes with some disadvantages. (#1328)Toni2021-10-10
| | | | | * using Autotools best-practices to achieve (hopefully) the same result Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add more WindowsUpdate URLs as requested in #698. (#1329)Toni2021-10-08
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added extra checkLuca Deri2021-10-07
|
* Fix compilation with clang-13 or if some debug macros are enabled (#1326)Ivan Nardi2021-10-06
|
* Added checkLuca Deri2021-10-06
|
* Compilation fix for old Linux distributionsLuca Deri2021-10-06
|
* Test updateLuca Deri2021-10-06
|
* Compilation fixLuca Deri2021-10-05
|
* Numeric IPs are not considered for DGA checksLuca Deri2021-10-05
|
* Improved DGA detection for skipping potential DGAs of known/popular domain namesLuca Deri2021-10-05
|
* TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)Luca Deri2021-10-05
|
* Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)Ivan Nardi2021-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet") in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid saving dissection information of "current packet" into the "flow" state, i.e. in the flow management table. The nDPI detection module processes only one packet at the time, so it is safe to save packet dissection information in `struct ndpi_detection_module_struct`, reusing always the same "packet" instance and saving a huge amount of memory. Bottom line: we need only one copy of "packet" (for detection module), not one for each "flow". It is not clear how/why "packet" ended up in "flow" in the first place. It has been there since the beginning of the GIT history, but in the original OpenDPI code `struct ipoque_packet_struct` was embedded in `struct ipoque_detection_module_struct`, i.e. there was the same exact situation this commit wants to achieve. Most of the changes in this PR are some boilerplate to update something like "flow->packet" into something like "module->packet" throughout the code. Some attention has been paid to update `ndpi_init_packet()` since we need to reset some "packet" fields before starting to process another packet. There has been one important change, though, in ndpi_detection_giveup(). Nothing changed for the applications/users, but this function can't access "packet" anymore. The reason is that this function can be called "asynchronously" with respect to the data processing, i.e in context where there is no valid notion of "current packet"; for example ndpiReader calls it after having processed all the traffic, iterating the entire session table. Mining LRU stuff seems a bit odd (even before this patch): probably we need to rethink it, as a follow-up.
* Update unit tests results after da8eed5a (#1323)Ivan Nardi2021-10-05
|
* Updated descriptionLuca Deri2021-10-05
|
* WHOIS: enhance detection, avoiding false positives (#1320)Ivan Nardi2021-10-05
| | | We are interested only in the domain name required, not in the long reply.
* Added -a <num> to ndpiReader for generating OPNsense configurationLuca Deri2021-10-04
| | | | See https://github.com/ntop/opnsense
* Removed traceLuca Deri2021-10-03
|
* Fix how some protocols handle tcp retransmissions (#1321)Ivan Nardi2021-10-03
| | | | | | | Most (all?) protocols don't care about (tcp) retransmissions. If a protocol registers itself with a NDPI_SELECTION_BITMASK_PROTOCOL_*_WITHOUT_RETRANSMISSION value, its callback is never triggered with a retransmitted packet.
Powered by cgit, Themed by Ted Yin.