aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fixed heap-overflow if compiled with `--enable-tls-sigs`.fix/tls-sig-heap-overflowToni Uhlig2023-07-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fix Stack overflow caused by invalid write in ndpi_automa_match_strin… ↵Ivan Kapranov2023-07-06
| | | | | | | | | | | | | | | | | (#2035) * minor fixes fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq * fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol * fix compile errors * fix --------- Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* STUN: fix detection of Google Voip apps (#2031)Ivan Nardi2023-07-05
| | | Fix: 2c7fb9179
* fixed numeric truncation error in diameter.c (#2034)headshog2023-07-05
|
* fixed numeric truncation error in rtcp.c (#2033)headshog2023-07-05
|
* fixed numeric truncation error in kerberos.c (#2032)headshog2023-07-05
|
* STUN: avoid FacebookVoip false positives (#2029)Ivan Nardi2023-07-03
| | | | Attribute 0xC057 is defined in the Google public implementation of webrtc (which is used by Google products but also by other applications)
* STUN: fix Skype/MsTeams detection and monitoring logic (#2028)Ivan Nardi2023-07-03
|
* STUN: tell RTP from RTCP while in monitoring state (#2027)Ivan Nardi2023-06-27
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* Simplify the report of streaming multimedia info (#2026)Ivan Nardi2023-06-26
| | | | | The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are pretty much identical: rename the former in `flow->flow_multimedia_type` and remove the latter.
* Thrift: fix heap-buffer-overflow (#2024)Ivan Nardi2023-06-26
|
* Optimizes and fixes possible out0of0boundary write in ndpi_fill_prefix_v4()Luca Deri2023-06-23
|
* RTP: rework code (#2021)Ivan Nardi2023-06-23
| | | | | | | Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
* minor fixes (#2023)Ivan Kapranov2023-06-22
| | | | | fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* removed useless call of ndpi_set_risk func (#2022)Ivan Kapranov2023-06-22
|
* Compilation fixLuca Deri2023-06-22
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Waring fixLuca Deri2023-06-21
|
* Gnutella: improve detection (#2019)Ivan Nardi2023-06-21
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
| | | | TCP framing is optional
* STUN: improve WhatsappCall detectionNardi Ivan2023-06-21
|
* Line: fix heap-buffer-overflow error (#2015)Ivan Nardi2023-06-21
|
* STUN: keep monitoring/processing STUN flows (#2012)Ivan Nardi2023-06-21
| | | | Look for RTP packets in the STUN sessions. TODO: tell RTP from RTCP
* Fix access to packet/flow information (#2013)Ivan Nardi2023-06-17
| | | We can't access to `ndpi_str->packet` from `ndpi_detection_giveup()`
* Added hyperlinkLuca Deri2023-06-16
|
* Reworked teams handlingLuca Deri2023-06-15
|
* Fix compilation (#2011)Ivan Nardi2023-06-15
|
* Implemented Zoom/Teams stream type detectionLuca Deri2023-06-14
|
* Improved line protocol dissection with heuristicLuca Deri2023-06-13
|
* Updated line test resultLuca Deri2023-06-13
|
* Refreshed ASN listsLuca Deri2023-06-13
| | | | Enhanced the Line IP list with https://ipinfo.io/AS23576/125.209.252.0/24 used by line
* Added check to avoid skype heuristic false positivesLuca Deri2023-06-12
|
* Set _DEFAULT_SOURCE and _GNU_SOURCE globally. (#2010)Toni2023-06-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix missing u_char, u_short and u_int typedefs for some platforms e.g.: (#2009)Toni2023-06-12
| | | | | | | | | | In file included from ../include/ndpi_main.h:34, from ../include/ndpi_api.h:28, from protocols/activision.c:26: ../include/ndpi_typedefs.h:294:3: error: unknown type name 'u_char' 294 | u_char h_dest[6]; /* destination eth addr */ | ^~~~~~ Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* oss-fuzz: sync build script with upstreamNardi Ivan2023-06-12
| | | | | | | | | | | | File copied from https://github.com/google/oss-fuzz/blob/master/projects/ndpi/build.sh The general idea is to keep the build script in our repository and use it from oss-fuzz builder: updating it from our side is easier and faster then passing via an oss-fuzz PR. The original idea is from @utoni in 3068306b60. Once this change has been merged, we can update the code in oss-fuzz.
* Added vlan_id in ndpi_flow2json() prototypeLuca Deri2023-06-09
|
* QUIC: fix dissection of packets forcing VNNardi Ivan2023-06-08
|
* QUIC: fix a memory access errorNardi Ivan2023-06-08
| | | | Found while fuzzing
* QUIC: add support for QUIC version 2Nardi Ivan2023-06-08
| | | | | | See: https://www.rfc-editor.org/rfc/rfc9369.txt Old v2-01 version has been removed, since it has never been really used.
* ndpiReader: allow to configure LRU caches TTL and size (#2004)Ivan Nardi2023-06-08
|
* ProtonVPN: add basic detection (#2006)Ivan Nardi2023-06-08
|
* Numeric truncation at `tls.c:1010` (#2005)headshog2023-06-08
| | | | | * fixed numtrunc error in protocols/tls.c * fixed build error for tls.c
* added new domain names (#2002)zehraIn2023-06-01
| | | | | | | | | * added new domain names * Sync unit tests results --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* tests: add an option to force the overwrite of the unit tests results (#2001)Ivan Nardi2023-05-31
| | | Usage: `FORCE_UPDATING_UTESTS_RESULTS=1 ./tests/do.sh`
* Add bitcoing protocol dissector. (#1992)Maatuq2023-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add bitcoing protocol dissector. * remove bitcoin protcol detection from mining.c * add a new bitcoin deissector. * add a new category: Cryptocurrency. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * Remove useless checks and add missing windows and docs file. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update affected tests. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * add a brief version. Add notes on the difference between normal bitcoin protocol and the mining protocol. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update enable_payload_stat test after dev rebasing. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> --------- Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Numeric truncation at `ndpi_analyze.c` at lines 101, 104, 107, 110 (#1999)headshog2023-05-30
| | | | | | | | | | | * fixed numeric truncation error in ndpi_analyze.c * fixed numeric truncation error in ndpi_analyze.c x2 * fixed numeric truncation error in ndpi_analyze.c x3 * fixed numeric truncation error in ndpi_analyze.c and printf format * fixed tests
* Changed logging callback function sig. (#2000)Toni2023-05-30
| | | | | * make user data available for any build config Signed-off-by: lns <matzeton@googlemail.com>
* fixed numeric truncation error in ndpi_main.c:6837 (#1998)headshog2023-05-29
|
Powered by cgit, Themed by Ted Yin.