aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Allow init of app protocols w/o any hostnames set.improved/empty-app-protosToni Uhlig2023-07-22
| | | | | | | * fixes `[NDPI] INTERNAL ERROR missing protoName initialization for [protoId=339]: recovering` * still possible for app logic to make use of "empty" app protocols Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Debian 12 fixesLuca Deri2023-07-21
|
* zabbix: improve detection (#2055)Ivan Nardi2023-07-21
|
* TLS: add basic, basic, detection of Encrypted ClientHello (#2053)Ivan Nardi2023-07-21
|
* Add detection of Roblox games (#2054)Ivan Nardi2023-07-21
|
* fuzz: extend fuzzing coverage (#2052)Ivan Nardi2023-07-18
| | | | Added/merged some traces. Improved Socks identification
* tests: restore some old paths as symbolic links (#2050)Ivan Nardi2023-07-16
|
* HTTP: fix another memory access error (#2049)Ivan Nardi2023-07-15
| | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==199079==ERROR: AddressSanitizer: negative-size-param: (size=-1) #0 0x559a2a6efd4f in strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x94ad4f) (BuildId: 34aaabba403c6bc5482553ef355360fd2762a157) #1 0x559a2a9890f0 in ndpi_http_check_content /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:300:8 #2 0x559a2a9812c0 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:910:46 #3 0x559a2a978fee in process_response /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1289:3 #4 0x559a2a97622f in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1382:9 #5 0x559a2a975d95 in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1468:3 #6 0x559a2a864970 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5948:4 #7 0x559a2a8660df in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6013:12 #8 0x559a2a865d7f in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6032:12 #9 0x559a2a876fd6 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7038:15 #10 0x559a2a87311f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7205:22 #11 0x559a2a77381e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1710:31 #12 0x559a2a77381e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2427:10 [...] ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60605
* Fix compilation in CI jobs (#2048)Ivan Nardi2023-07-15
|
* ndpireader: fix detection of DoH traffic based on packet distributions (#2045)Ivan Nardi2023-07-14
|
* Add a configuration knob to enable/disable loading of gambling list (#2047)Ivan Nardi2023-07-14
|
* Adds new pcap for testing "funny" HTTP serversLuca Deri2023-07-14
|
* Restored filesLuca Deri2023-07-14
|
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* Included Gambling website data from the Polish `hazard.mf.gov.pl` list (#2041)snicket21002023-07-14
| | | | | | | | | | | | | * Refreshed the Belgium Gambling Site list data Unfortunately some hostnames have been removed from that list, which means they are disappearing from the `ndpi_gambling_match.c.inc` file as well. * build: added `libxml2-utils` (for `xmllint`) * Included Gambling website data from the Polish `hazard.mf.gov.pl` list The list contains over 30k gambling website hostnames as of today.
* HTTP: fix extraction of filename (#2046)Ivan Nardi2023-07-14
|
* Removed -fno-color-diagnostics not available on all platformsLuca Deri2023-07-13
|
* Cosmetic fixesLuca Deri2023-07-13
|
* Implemented Count-Min Sketch [count how many times a value has been observed]Luca Deri2023-07-13
| | | | | | | - ndpi_cm_sketch_init() - ndpi_cm_sketch_add() - ndpi_cm_sketch_count() - ndpi_cm_sketch_destroy()
* HTTP: fix heap-buffer-overflow (#2044)Ivan Nardi2023-07-13
| | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==673246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5080000002fd at pc 0x555c6a22eca2 bp 0x7ffe1db9b290 sp 0x7ffe1db9aa48 READ of size 1 at 0x5080000002fd thread T0 #0 0x555c6a22eca1 in strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet+0x53aca1) (BuildId: 464e7474cde3de91c01588c7ea0161a05ddd6b63) #1 0x555c6a462a9d in ndpi_http_check_content /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:309:8 #2 0x555c6a45a9a0 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:901:46 #3 0x555c6a4526ce in process_response /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1280:3 #4 0x555c6a44f90f in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1373:9 #5 0x555c6a44f475 in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1459:3 #6 0x555c6a348520 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5949:6 #7 0x555c6a348f2f in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5997:12 #8 0x555c6a348bcf in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6016:12 #9 0x555c6a359e26 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7017:15 #10 0x555c6a355f6f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7184:22 #11 0x555c6a284958 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:5 ``` Found by oss-fuzz. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60557 Fix: 0b0f255cc
* RDP: improve detection over UDP (#2043)Ivan Nardi2023-07-13
|
* fuzz: add fuzzer for DGA detection code (#2042)Ivan Nardi2023-07-13
|
* Add support for multiline jsonAlfredo Cardigliano2023-07-12
|
* Minor code cleanupLuca Deri2023-07-11
|
* added feature to extract filename from http attachment (#2037)Chiara Maggi2023-07-11
| | | | | | | | | | | | | | | | | | | * added feature to extract filename from http attachment * fixed some issues * added check for filename format * added check for filename format * remove an unnecessary print * changed the size from 952 to 960 * modified some test result files * small changes string size * comment removed and mallocs checked
* fuzz: extend fuzzing coverage (#2040)Ivan Nardi2023-07-11
| | | | | | | | | Some notes: * libinjection: according to https://github.com/libinjection/libinjection/issues/44, it seems NULL characters are valid in the input string; * RTP: `rtp_get_stream_type()` is called only for RTP packets; if you want to tell RTP from RTCP you should use `is_rtp_or_rtcp()`; * TLS: unnecessary check; we already make the same check just above, at the beginning of the `while` loop
* Fixed heap-overflow if compiled with `--enable-tls-sigs`. (#2038)Toni2023-07-07
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added coverage targets to `Makefile.am` for convenience. (#2039)Toni2023-07-07
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fix Stack overflow caused by invalid write in ndpi_automa_match_strin… ↵Ivan Kapranov2023-07-06
| | | | | | | | | | | | | | | | | (#2035) * minor fixes fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq * fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol * fix compile errors * fix --------- Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* STUN: fix detection of Google Voip apps (#2031)Ivan Nardi2023-07-05
| | | Fix: 2c7fb9179
* fixed numeric truncation error in diameter.c (#2034)headshog2023-07-05
|
* fixed numeric truncation error in rtcp.c (#2033)headshog2023-07-05
|
* fixed numeric truncation error in kerberos.c (#2032)headshog2023-07-05
|
* STUN: avoid FacebookVoip false positives (#2029)Ivan Nardi2023-07-03
| | | | Attribute 0xC057 is defined in the Google public implementation of webrtc (which is used by Google products but also by other applications)
* STUN: fix Skype/MsTeams detection and monitoring logic (#2028)Ivan Nardi2023-07-03
|
* STUN: tell RTP from RTCP while in monitoring state (#2027)Ivan Nardi2023-06-27
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* Simplify the report of streaming multimedia info (#2026)Ivan Nardi2023-06-26
| | | | | The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are pretty much identical: rename the former in `flow->flow_multimedia_type` and remove the latter.
* Thrift: fix heap-buffer-overflow (#2024)Ivan Nardi2023-06-26
|
* Optimizes and fixes possible out0of0boundary write in ndpi_fill_prefix_v4()Luca Deri2023-06-23
|
* RTP: rework code (#2021)Ivan Nardi2023-06-23
| | | | | | | Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
* minor fixes (#2023)Ivan Kapranov2023-06-22
| | | | | fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* removed useless call of ndpi_set_risk func (#2022)Ivan Kapranov2023-06-22
|
* Compilation fixLuca Deri2023-06-22
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Waring fixLuca Deri2023-06-21
|
* Gnutella: improve detection (#2019)Ivan Nardi2023-06-21
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
| | | | TCP framing is optional
* STUN: improve WhatsappCall detectionNardi Ivan2023-06-21
|