aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Add commentAlfredo Cardigliano2022-02-03
|
* Updated test resultsLuca Deri2022-02-03
|
* Added NDPI_ERROR_CODE_DETECTED riskLuca Deri2022-02-03
|
* Renamed DCERPC to more generic RPC protocol so we can use also for other ↵Luca Deri2022-02-03
| | | | | | | types of RPCs (not limited to DCE) Extended HTTP plugin to support RPC Improved HTTP crear text detection to limit it to Basic and Digest
* TypoLuca Deri2022-02-03
|
* Improved risks descriptionLuca Deri2022-02-03
|
* Updated risk documentationLuca Deri2022-02-03
|
* Added new IDN/Punycode risk for spotting internationalized domain namesLuca2022-02-03
|
* Added missing __sync_fetch_and_add() definition in WindowsLuca Deri2022-02-02
|
* Moved to 4.3Luca2022-02-01
|
* Update changelogAlfredo Cardigliano2022-01-31
|
* Remove `struct ndpi_id_struct` (#1427)Ivan Nardi2022-01-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the last uses of `struct ndpi_id_struct`. That code is not really used and it has not been updated for a very long time: see #1279 for details. Correlation among flows is achieved via LRU caches. This change allows to further reduce memory consumption (see also 91bb77a8). At nDPI 4.0 (more precisly, at a6b10cf, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 235.27 KB Flow Memory (per flow): 688 B <-------- ``` i.e. memory usage per flow has been reduced by 77%. Close #1279
* Remove Playstation VUE protocol (#1426)Ivan Nardi2022-01-30
| | | | PS VUE service has been discontinued on January 30, 2020 https://en.wikipedia.org/wiki/PlayStation_Vue
* Commented old code (see https://github.com/ntop/nDPI/pull/1425)Luca Deri2022-01-30
|
* Improve protocol stacks (#1425)Ivan Nardi2022-01-30
| | | | | | | | | | | | | | | | | We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
* Extend protocols support (#1422)Ivan Nardi2022-01-29
| | | | | | | | | | | | | | | | | | Add detection of AccuWeather site/app and Google Classroom. Improve detection of Azure, Zattoo, Whatsapp, MQTT and LDAP. Fix some RX false positives. Fix some "Uncommon TLS ALPN"-risk false positives. Fix "confidence" value for some Zoom/Torrent classifications. Minor fix in Lua script for Wireshark extcap. Update .gitignore file. Let GitHub correctly detect the language type of *.inc files. Zattoo example has been provided by @subhajit-cdot in #1148.
* Fix some race conditions by using atomic operations. (#1420)Toni2022-01-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Make some protocols more "big-endian" friendly (#1402)Ivan Nardi2022-01-29
| | | See #1312
* Sync unit tests results (#1423)Ivan Nardi2022-01-28
| | | Fix: 7a3aa41a
* Updated alert description caseLuca2022-01-28
|
* Fixed heap overflow in nDPI realloc wrapper if new size < old size. (#1421)Toni2022-01-27
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Kerberos, TLS, example: fix some memory errors (#1419)Ivan Nardi2022-01-27
| | | | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43823 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43921 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43925
* Fixed wrong ip tuple comparison. #1386 (#1418)Toni2022-01-26
| | | | | | | * Added u32 pads to `union ip_tuple` so btree search should now work as expected. The bug caused new flow's when the remote answers, resulting in two Flows per direction. Fail. * Fixed a race condition during shutdown phase. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added support for the .goog Google TLDLuca Deri2022-01-26
|
* Serializing empty `risk blocks' pollutes the resulting string. (#1417)Toni2022-01-26
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated test results after the risk NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE has ↵Luca Deri2022-01-26
| | | | been added
* Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow riskLuca Deri2022-01-26
| | | | Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days
* Removed pandora.tv from pandora protocol as they are different services that ↵Luca Deri2022-01-25
| | | | shouldd not be mixed
* Improved pandora TV detectionLuca Deri2022-01-24
|
* Improved Zoom protocol detectionLuca Deri2022-01-23
|
* Tool for generating automatically the Azure IP listLuca Deri2022-01-23
|
* Fix ndpi_serialize_string_int64Alfredo Cardigliano2022-01-21
|
* Add unit test for ndpi_serialize_string_int64Alfredo Cardigliano2022-01-21
|
* Fix Grease values parsing (#1416)havsah2022-01-21
| | | | | | | | | | | The check for grease was too broad and filtered some valid values. In particular, the value 257 was skipped because it matched the previous check. This has been discovered while parsing tests/pcap/443-firefox.pcap expected ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256-257,0 previously generated ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256,0 Signed-off-by: Patrick Havelange <patrick.havelange_ext@softathome.com>
* Added JA3 in risj exceptionsLuca Deri2022-01-20
|
* Fixed certificate mismatch checkLuca Deri2022-01-19
|
* Fixed an issue on CentOS 7 introduced byLuca Deri2022-01-19
| | | | https://github.com/ntop/nDPI/commit/c2b7d77784beeae5f86f19e33ba3da5ddce55898
* Updated confidence typeLuca Deri2022-01-18
|
* TLS, H323, examples: fix some memory errors (#1414)Ivan Nardi2022-01-18
| | | | | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26880 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26906 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43782 https://oss-fuzz.com/testcase-detail/6334089358082048
* Netbios, CSGO: fix two memory errors (#1413)Ivan Nardi2022-01-18
| | | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43754 https://oss-fuzz.com/testcase-detail/5329842395021312
* build: respect environment options more (#1392)Sam James2022-01-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * build: update m4/ax_pthread.m4 from serial 23 -> serial 31 Update ax_pthread.m4 to the latest version from the autoconf-archive project. Signed-off-by: Sam James <sam@gentoo.org> * build: properly detect AR, CC, RANLIB It's necessary to be able to override choice of AR/CC/RANLIB and other toolchain variables/tools for cross-compilation, testing with other toolchains, and to ensure the compiler chosen by the user is actually used for the build. Previously, GNU_PREFIX was kind-of used for this but this isn't a standard variable (at all) and it wasn't applied consistently anyway. We now use the standard autoconf mechanisms for finding these tools. (RANLIB is already covered by LT_INIT.) Signed-off-by: Sam James <sam@gentoo.org> * build: use $(MAKE) This ensures that parallel make works correctly, as otherwise, a fresh make job will be started without the jobserver fd, and hence not know about its parent, forcing -j1. * build: respect CPPFLAGS, LDFLAGS - CPPFLAGS is for the C preprocessor (usually for setting defines) - LDFLAGS should be placed before objects for certain flags to work (e.g. -Wl,--as-needed) Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* H323: fix a use-after-poison error (#1412)Ivan Nardi2022-01-17
| | | | | | | Detected by oss-fuzz See: https://oss-fuzz.com/testcase-detail/6730505580576768 Fix a function prototype Update a unit test results
* Improved Badoo detection (missing mobile app domain)Luca Deri2022-01-17
|
* Added Badoo detectionLuca Deri2022-01-17
|
* Adds some risk exceptions for popular services and domain namesLuca2022-01-17
| | | | via a new (internal) function named ndpi_add_domain_risk_exceptions()
* TLS: fix a use-of-uninitialized-value error (#1411)Ivan Nardi2022-01-16
| | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43705
* Zattoo: fix Null-dereference READ with ipv6 traffic (#1410)Ivan Nardi2022-01-16
| | | | | Fix: 20b5f6d7 Detected by oss-fux: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43700
* XBox, Diameter: fix dissectors initialization (#1405)Ivan Nardi2022-01-16
| | | | | | | | These dissectors have *never* been triggered because their registration functions use the wrong parameter/bitmask. Diameter code is buggy since the origianl commit (1d108234), while XBox code since 5266c726. Fix some false positives in Xbox code.
* Added performance tests toolsLuca Deri2022-01-16
|
* Minor cosmetic changesLuca Deri2022-01-16
|
Powered by cgit, Themed by Ted Yin.