| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
This protocol is detected via HTTP Content-Type header.
Until 89d548f9, nDPI had a dedicated automa (`content_automa`) to
classify a HTTP flow according to this header. Since then, this automa has
been useless because it is always empty.
Re-enable it to match only a string seems overkilling.
Remove all `content_automa` leftovers.
|
| |
|
| |
Avoid NATS false positives
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Close #1346
|
| |
|
|
|
|
|
|
| |
Disable unit tests on CI for big-endian target. We know we have multiple
issues on big-endian architectures (see #1312) and so the unit tests
always fail there. Ignore this error for the time being and let the CI
pass if we don't have other issues.
Remove an unused automa definition
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should avoid updating any valid protocol in `ndpi_detection_giveup`; we
should try to find a proper classification only if the flow is still
completely unclassified.
For example in the attached pcap there is a valid TLS session, recognized
as such by TLS dissector. However, the `ndpi_detection_giveup`function
updates it to "HTTP/TLS" (!?) simply because the server port is 80.
Note that the real issue is not the wrong classification, but the
wrong access to `flow->protos` union. If we already set some fields of
`flow->protos` and we change the protocol in `ndpi_detection_giveup`, we
might end up freeing some invalid pointers in `ndpi_free_flow_data`
(no wonder this issue has been found while fuzzing #1354)
Fix GIT and TLS dissectors (issues found by CI fuzzer)
|
| |
|
|
|
|
|
| |
* Changed function signature of ndpi_flow2json (removed unused vlan_id; API break)
* Serialize NTP information.
* Improved QUIC serialization.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| |
|
|
| |
Revert of c3d1c697
Error reproducible with the attached pcap and valgrind
|
| | |
|
| |
|
|
|
| |
Update .gitignore file
Fix a function prototype
Close #1349
|
| |
|
|
|
|
|
|
| |
`ndpi_detection_giveup()` (and any functions called by it) can't access
`ndpi_detection_module_struct->packet` anymore since 730c236.
Sync unit tests results
Close #1348
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ndpi_finalize_initialization(). (#1334)
* fixed several memory errors (heap-overflow, unitialized memory, etc)
* ability to build fuzz_process_packet with a main()
allowing to replay crash data generated with fuzz_process_packet
by LLVMs libfuzzer
* temporarily disable fuzzing if `tests/do.sh`
executed with env FUZZY_TESTING_ENABLED=1
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Added esceptions for windows update and binary application transfer risk
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
* Add issue template.
* Add config log instruction.
|
| |
|
|
| |
for comuting the best alpha/beta values for exponential smoothing
|
| | |
|
| | |
|
| |
|
|
| |
Long standing bug: credits to @lnslbrty for digging into it and to
@aouinizied for the CI improvements
|
| |
|
|
|
|
| |
* Tor via TLS should be detectable via DGA as a risk
* protocol limitations should be part of the official documentation in `doc/`
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
prevents ndpi_config.h to be included everywhere in apps using nDPI that might leade to #define redefinitions after the latest changes
|
| |
|
|
|
| |
* configure.seed references removed
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
| |
#1324 (#1327)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
| |
* using Autotools best-practices to achieve (hopefully) the same result
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|