aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix `make dist` and add it to the CI along with `make -C doc text`. Fixes #1324fix-add/make-doc-and-CIToni Uhlig2021-10-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added extra checkLuca Deri2021-10-07
|
* Fix compilation with clang-13 or if some debug macros are enabled (#1326)Ivan Nardi2021-10-06
|
* Added checkLuca Deri2021-10-06
|
* Compilation fix for old Linux distributionsLuca Deri2021-10-06
|
* Test updateLuca Deri2021-10-06
|
* Compilation fixLuca Deri2021-10-05
|
* Numeric IPs are not considered for DGA checksLuca Deri2021-10-05
|
* Improved DGA detection for skipping potential DGAs of known/popular domain namesLuca Deri2021-10-05
|
* TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)Luca Deri2021-10-05
|
* Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)Ivan Nardi2021-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet") in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid saving dissection information of "current packet" into the "flow" state, i.e. in the flow management table. The nDPI detection module processes only one packet at the time, so it is safe to save packet dissection information in `struct ndpi_detection_module_struct`, reusing always the same "packet" instance and saving a huge amount of memory. Bottom line: we need only one copy of "packet" (for detection module), not one for each "flow". It is not clear how/why "packet" ended up in "flow" in the first place. It has been there since the beginning of the GIT history, but in the original OpenDPI code `struct ipoque_packet_struct` was embedded in `struct ipoque_detection_module_struct`, i.e. there was the same exact situation this commit wants to achieve. Most of the changes in this PR are some boilerplate to update something like "flow->packet" into something like "module->packet" throughout the code. Some attention has been paid to update `ndpi_init_packet()` since we need to reset some "packet" fields before starting to process another packet. There has been one important change, though, in ndpi_detection_giveup(). Nothing changed for the applications/users, but this function can't access "packet" anymore. The reason is that this function can be called "asynchronously" with respect to the data processing, i.e in context where there is no valid notion of "current packet"; for example ndpiReader calls it after having processed all the traffic, iterating the entire session table. Mining LRU stuff seems a bit odd (even before this patch): probably we need to rethink it, as a follow-up.
* Update unit tests results after da8eed5a (#1323)Ivan Nardi2021-10-05
|
* Updated descriptionLuca Deri2021-10-05
|
* WHOIS: enhance detection, avoiding false positives (#1320)Ivan Nardi2021-10-05
| | | We are interested only in the domain name required, not in the long reply.
* Added -a <num> to ndpiReader for generating OPNsense configurationLuca Deri2021-10-04
| | | | See https://github.com/ntop/opnsense
* Removed traceLuca Deri2021-10-03
|
* Fix how some protocols handle tcp retransmissions (#1321)Ivan Nardi2021-10-03
| | | | | | | Most (all?) protocols don't care about (tcp) retransmissions. If a protocol registers itself with a NDPI_SELECTION_BITMASK_PROTOCOL_*_WITHOUT_RETRANSMISSION value, its callback is never triggered with a retransmitted packet.
* Added nDPI pkg-config file to Debian / Ubuntu ndpi-dev packaging. (#1318)Toni2021-10-03
| | | | | | | * Added nDPI pkg-config file to Debian / Ubuntu ndpi-dev packaging. * fixed missing gcrypt library dependency in libndpi.pc Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Adds sections labels with risk id to the docsSimone Mainardi2021-10-01
|
* Warning fixLuca Deri2021-10-01
|
* Initial attempt to write nDPI documentation. Starting with flow risks. ↵Luca Deri2021-10-01
| | | | Please contribute
* Remove `detected_protocol_stack` field from `ndpi_packet_struct` (#1317)Ivan Nardi2021-09-29
| | | | | | | | | | | | | This field is an exact copy of `ndpi_flow_struct->detected_protocol_stack[2]`: * at the very beginning of packet dissection, the value saved in `flow->detected_protocol_stack` is copied in `packet->detected_protocol_stack` (via `ndpi_detection_process_packet()` -> `ndpi_init_packet_header()`) * every time we update `flow->detected_protocol_stack` we update `packet->detected_protocol_stack` too (via `ndpi_int_change_protocol()` -> `ndpi_int_change_packet_protocol()`) These two fields are always in sync: keeping the same value in two different places is useless.
* Fix warningAlfredo Cardigliano2021-09-28
|
* Added unit test for bitmap iterationLuca Deri2021-09-27
|
* Compilation fixed on CentOS 7Luca Deri2021-09-27
| | | | Bitmap APi changes
* Bitmap codeLuca Deri2021-09-27
|
* Reworked bitmap codeLuca Deri2021-09-27
|
* Warnign fixLuca Deri2021-09-27
|
* Fix armhf (#1315)Gianfranco Costamagna2021-09-26
| | | | | | | | | | | | | | | | * Fix unaligned memory accesses with get_u_int64_t at armhf see: https://bugs.debian.org/993627 * Use get_u_int64_t to avoid unaligned memory access at armhf see: https://bugs.debian.org/993627 * Update src/include/ndpi_define.h.in Drop const type from get_u_int64_t, from lnslbrty Co-authored-by: Bernhard Übelacker <bernhardu@mailbox.org> Co-authored-by: Toni <matzeton@googlemail.com>
* Added include for defining bools (not present on all platforms)Luca Deri2021-09-26
|
* Added API for handling compressed bitmapsLuca Deri2021-09-26
| | | | | | | | | | | | | | ndpi_bitmap* ndpi_bitmap_alloc(); void ndpi_bitmap_free(ndpi_bitmap* b); u_int64_t ndpi_bitmap_cardinality(ndpi_bitmap* b); void ndpi_bitmap_set(ndpi_bitmap* b, u_int32_t value); void ndpi_bitmap_unset(ndpi_bitmap* b, u_int32_t value); bool ndpi_bitmap_isset(ndpi_bitmap* b, u_int32_t value); void ndpi_bitmap_clear(ndpi_bitmap* b); size_t ndpi_bitmap_serialize(ndpi_bitmap* b, char **buf); ndpi_bitmap* ndpi_bitmap_deserialize(char *buf); based on https://github.com/RoaringBitmap/CRoaring
* Add arm64, armhf and s390x as part of CI. (#1314)Zied Aouini2021-09-23
| | | | | | | * Add arm64, armhf and s390x as part on CI. * Minor fix. * Fix code inspector complaints.
* QUIC: fix old GQUIC versions on big-endian machines (#1313)Ivan Nardi2021-09-23
|
* Improve CI (#1303)Zied Aouini2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve CI pipeline * Fix branch name. * Fix branch name. * Fix libgcrypt configuration. * Update build.yml * Move to Github Actions instead of Travis CI. * Fix mingw on ubuntu bionic. * Reactivate cross compile on Ubuntu Bionic. * Switch to single line steps. * Add several compilers versions * Minor fix. * Fix build all and delete cxx * Fix RCE detection. * Fix PCRE configuration. * Add condition on PCRE test pcap. * Update WebattackRCE.pcap.out * Add missing SUBST. * Delete WebattackRCE.pcap.out * Update WebAttackRCE result. * Fix typo. * Extend jobs with pcre+msan+maxminddb. * Fix code inpector warnings. * Delete .appveyor.yml
* Merge pull request #1311 from IvanNardi/ftp-start-tlsToni2021-09-22
|\ | | | | FTP: fix support for START-TLS sessions
| * FTP: fix support for START-TLS sessionsNardi Ivan2021-09-21
|/ | | | | | When TLS-over-FTP is used, the credentials are encrypted. So we must not wait for the username and the password commands, otherwise we elaborate a lot of packets for nothing.
* Merge pull request #1309 from IvanNardi/ipv6-headersToni2021-09-20
|\ | | | | Fix parsing of ipv6 packets with extension headers
| * Fix parsing of ipv6 packets with extension headersNardi Ivan2021-09-19
| | | | | | | | | | | | | | | | Decoding of ipv6 traffic with extension headers was completely broken, since the beginning of the L4 header was always set to a wrong value. Handle the ipv6 fragments in the same way as the ipv4 ones: keep the first one and drop the others.
* | Merge pull request #1310 from IvanNardi/stun-realmToni2021-09-20
|\ \ | |/ |/| STUN: fix extraction of Realm attribute
| * STUN: fix extraction of Realm attributeNardi Ivan2021-09-20
|/ | | | While at it, improve detection of Facebook Messenger
* Small fixes after latest commits (#1308)Ivan Nardi2021-09-18
|
* A (tiny) effort to reduce memory usage per flow (#1304)Ivan Nardi2021-09-18
| | | | | | | Follow-up of 22241a1d Only trivial changes: * remove completely unused fields * remove fields only written (but never read) * CSGO protocol only handles UDP traffic
* Added DNS fragmented test pcapLuca Deri2021-09-17
|
* Improved fragmented DNS detectionLuca Deri2021-09-17
|
* DNS dissection fixesLuca Deri2021-09-17
|
* Progetto esame Gestione di Reti - Debora Cerretini (#1290)deboracerretini2021-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* TLS: avoid zeroing large structures (#1300)Ivan Nardi2021-09-16
| | | | | | | | | | Zeroing large structures (i.e. size > KB) is quite costly (from a CPU point of view): we can safely avoid doing that for a couple of big structures. Standard and Valgrind tests have been diverging quite a lot: it is time to re-sync them. Use the same script and enable Valgrind via an enviroment variable: NDPI_TESTS_VALGRIND=1 ./tests/do.sh
* Adds instructions to update flow risks in ntopngSimone Mainardi2021-09-15
|
* Hangout: fix usage of STUN function (#1299)Ivan Nardi2021-09-13
|
* Fix some ndpi_malloc/ndpi_free pairs (#1298)Ivan Nardi2021-09-13
|
Powered by cgit, Themed by Ted Yin.