aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Bittorrent: fix keys in cache code (#1670)Ivan Nardi2022-07-22
|
* RPM fixLuca Deri2022-07-20
|
* STUN: improve detection of Hangout/Duo and FB voip callsNardi Ivan2022-07-20
|
* DTLS: fix exclusion of DTLS protocolNardi Ivan2022-07-20
| | | | Add an helper to exclude a generic protocol
* Rocky fixLuca Deri2022-07-20
|
* SKYPE: fix detection over UDPNardi Ivan2022-07-20
| | | | | | | | | Commit ba6a48c9 is completely bogus: we can't set extra dissection without having set a proper classification. The idea behind that commit seems to be that we need to look for 2 (consecutives?) packets with the same crc/pattern: try to implement this logic in a saner way.
* SKYPE: remove detection over TCPNardi Ivan2022-07-20
| | | | | | Skype detection over TCP has been completely disable since 659f75138 (3 years ago!). Since that logic was too weak anyway, remove it.
* reader_util: stop processing a flow (#1666)Ivan Nardi2022-07-20
| | | | We should stop processing a flow if all protocols have been excluded or if we have already processed too many packets.
* BITTORRENT: fix confidence (#1664)Ivan Nardi2022-07-20
| | | Remove two unused parameters.
* ahocorasick: fix char/uchar bug (#1597)Ivan Nardi2022-07-20
| | | | Porting of https://github.com/vel21ripn/nDPI/commit/06e2967d0c26ab214683a2f5565f4012fd523537 Close #1506
* Fix unitialized use of W[16]. (#1662)Toni2022-07-15
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added null pointer checksLuca2022-07-14
|
* Restored -O2 in default buildsLuca2022-07-14
|
* Do not interfere with CFLAGS/LDFLAGS env anymore. (#1659)Toni2022-07-13
| | | | | | | * CI fixes * some build systems do not like that (e.g. OpenWrt) * fixed some rrdtool related build warnings/errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved Jabber/XMPP detection. (#1661)Toni2022-07-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ASN1/BER: fix signed integer overflow (#1660)Ivan Nardi2022-07-12
| | | | | | | | | | | | | ``` protocols/snmp_proto.c:77:23: runtime error: signed integer overflow: 6 + 2147483647 cannot be represented in type 'int' #0 0x52f69e in ndpi_search_snmp ndpi/src/lib/protocols/snmp_proto.c:77:23 #1 0x4c5347 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:5211:4 #2 0x4c5591 in ndpi_check_flow_func ndpi/src/lib/ndpi_main.c:0 #3 0x4c8903 in ndpi_detection_process_packet ndpi/src/lib/ndpi_main.c:6145:15 #4 0x4b3712 in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_process_packet.c:29:5 [...] ``` Found by oss-fuzzer. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49057
* Introduced risk accountabilityLuca2022-07-12
|
* Cosmetic changeLuca2022-07-12
|
* Keep track of how many dissectors calls we made for each flow (#1657)Ivan Nardi2022-07-11
|
* HTTP: improve detection of WindowsUpdate (#1658)Ivan Nardi2022-07-10
| | | | WindowsUpdate is also transported over HTTP, using a numeric IP as hostname (some kinds of CDN?)
* Remove unsafe access to `flow->protos` union (#1656)Ivan Nardi2022-07-10
| | | | | | We can access `flow->protos` only if we already have set a valid classification. It is quite likely that this code is never trigger, anyway.
* SNMP: fix detection (#1655)Ivan Nardi2022-07-10
| | | | | | We can write to `flow->protos` only when we are sure about SNMP classification. Use the generic wrapper to decode ASN1 BER integer
* SIP: improve detection (#1654)Ivan Nardi2022-07-09
|
* TFTP: fix memory access (#1653)Ivan Nardi2022-07-08
|
* LDAP: rewrite dissection (#1649)Ivan Nardi2022-07-08
|
* Enhances gprof usage. (#1651)Toni2022-07-08
| | | | | * gprof results were incorrectly displayed Signed-off-by: lns <matzeton@googlemail.com>
* SMB: add (partial) support for messages split into multiple TCP segments (#1644)Ivan Nardi2022-07-07
|
* Avoid spurious calls to extra dissection (#1648)Ivan Nardi2022-07-07
| | | | If the extra callabck is not set, calling the extra dissection is only a waste of resources...
* SMTP: add support for X-ANONYMOUSTLS comamnd (#1650)Ivan Nardi2022-07-07
|
* Kerberos: add support for Krb-Error messages (#1647)Ivan Nardi2022-07-07
|
* Spotify: remove some useless ip ranges (#1646)Ivan Nardi2022-07-07
| | | | | | | These AS numbers are no more related to Spotify (or, if they are, they don't have any prefixes anyway). Even if we find some valid Spotify AS, we should handle them via the generic "autogenerated logic" used for every AS, and not in the dissector code.
* MONGODB: avoid false positivesNardi Ivan2022-07-07
|
* TLS: ignore invalid Content Type valuesNardi Ivan2022-07-07
|
* Added Threema Messenger. (#1643)Toni2022-07-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added RiotGames ASN update.Toni Uhlig2022-07-06
| | | | | | * updated asn lists Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added another RiotGames signature.Toni Uhlig2022-07-06
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Moved to 4.5Luca Deri2022-07-06
|
* Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639)Toni2022-07-06
| | | | | | | | | | | | | | | | | * Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Revert "SMTP with STARTTLS is now identified as SMTPS" This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482. * Revert "Compilation fix" This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5. * Sync unit tests. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Compilation fixLuca Deri2022-07-05
|
* Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)Ivan Nardi2022-07-05
|
* SMTP with STARTTLS is now identified as SMTPSLuca Deri2022-07-05
|
* Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes ↵Toni2022-07-05
| | | | | | | #1630. (#1637) * FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Run regression tests from different locations at the same time w/o side ↵Toni2022-07-05
| | | | | effects on the results. (#1638) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Exported username in flow informationLuca Deri2022-07-04
|
* Updated ndpi_check_flow_risk_exceptions() signatureLuca Deri2022-07-04
|
* Cleaned-up issuer DN check code addingLuca Deri2022-07-04
| | | | | | | | | u_int8_t ndpi_check_issuerdn_risk_exception(struct ndpi_detection_module_struct *ndpi_str, char *issuerDN); Added new API function for checking nDPI-configured exceptions u_int8_t ndpi_check_flow_risk_exception(struct ndpi_detection_module_struct *ndpi_str, u_int num_params, ndpi_risk_params **params);
* Set CiscoVPN as a network protocolLuca Deri2022-07-04
|
* Updated JA3/SSL fingerprints.Toni Uhlig2022-07-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Replaced malicious JA3-md5/SSL-cert-sha1 ac automata with hashmaps.Toni Uhlig2022-07-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added UltraSurf protocol dissector. (#1618)Toni2022-07-04
| | | | | * TLSv1.3 UltraSurf flows are not detected by now Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.