aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Search fixesLuca Deri2023-08-26
|
* Changes for supporinng more efficient sub-string matchingLuca Deri2023-08-26
|
* Improved domain search tet unitLuca Deri2023-08-26
|
* LEak fixLuca Deri2023-08-26
|
* Added ndpi_domain_classify_XXX(0 APILuca Deri2023-08-26
|
* Warning fixLuca Deri2023-08-25
|
* added bimap and/or with allocationLuca Deri2023-08-24
|
* Minor improvementsLuca Deri2023-08-23
|
* Added ndpi_bitmap_is_empty() and ndpi_bitmap_optimize() API callsLuca2023-08-23
|
* Boundary checkLuca2023-08-21
|
* Improved Wireguard detectionLuca2023-08-21
|
* Removed empty lineLuca2023-08-21
|
* Added ndpi_bitmap_andnot API callLuca2023-08-21
|
* fuzz: extend coverage (#2073)Ivan Nardi2023-08-20
|
* Fix compilation on Windows (#2072)Ivan Nardi2023-08-14
|
* Replaces free() with ndpi_free()Luca Deri2023-08-14
|
* Reworked ndpi_filter_xxx implementation using compressed bitmapsLuca Deri2023-08-14
|
* TypoLuca Deri2023-08-12
|
* ARM compilation fixLuca Deri2023-08-12
|
* Fixed to address issueLuca Deri2023-08-12
| | | | | | | | Run ./utils/check_symbols.sh || { FAILED=$?; echo "::error file=${NDPI_LIB}::Unwanted libc symbols found: ${FAILED}. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free."; false; } [ndpi_filter.o]: calloc Unwanted symbols found: 1 Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free Error: Unwanted libc symbols found: 1. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of
* Added ndpi_filter_add_multi() API callLuca Deri2023-08-11
|
* Minor initialization fixesLuca Deri2023-08-11
|
* Added new API calls for implementing Bloom-filter like data structuresLuca Deri2023-08-11
| | | | | | | ndpi_filter* ndpi_filter_alloc(uint32_t elements_number); bool ndpi_filter_add(ndpi_filter *f, uint64_t value); bool ndpi_filter_contains(ndpi_filter *f, uint64_t value); void ndpi_filter_free(ndpi_filter *f);
* Typo fixLuca2023-08-07
|
* Added ndpi_bitmap_copy() API callLuca2023-08-06
|
* Mullvad VPN service added (based on entry node IP addresses) (#2062)snicket21002023-08-02
|
* Compilation fixes for older C compilersLuca Deri2023-08-01
|
* Add Service Location Protocol dissector. (#2036)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added `slackb.com` SNI. (#2067)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* DNS: extract geolocation information, if available (#2065)Ivan Nardi2023-07-31
| | | | | | | The option NSID (RFC5001) is used by Google DNS to report the airport code of the metro where the DNS query is handled. This option is quite rare, but the added overhead in DNS code is pretty much zero for "normal" DNS traffic
* Typo in a comment fixed (#2063)snicket21002023-07-28
|
* ProtonVPN: split the ip list (#2060)Ivan Nardi2023-07-27
| | | | | | | | | | | Use two separate lists: * one for the ingress nodes, which triggers a ProtonVPN classification * one for the egress nodes, which triggers the `NDPI_ANONYMOUS_SUBSCRIBER` risk Add a command line option (to `ndpiReader`) to easily test IP/port matching. Add another example of custom rule.
* Add an heuristic to detect fully encrypted flows (#2058)Ivan Nardi2023-07-26
| | | | | | | | A fully encrypted session is a flow where every bytes of the payload is encrypted in an attempt to “look like nothing”. The heuristic needs only the very first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf A basic, but generic, inplementation of the popcpunt alg has been added
* Allow init of app protocols w/o any hostnames set. (#2057)Toni2023-07-22
|
* Fix string truncation. (#2056)Toni2023-07-22
| | | | | | | | ndpi_main.c: In function ‘ndpi_load_ip_category’: ndpi_main.c:6598:3: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] 6598 | strncpy(ipbuf, ip_address_and_mask, sizeof(ipbuf)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Debian 12 fixesLuca Deri2023-07-21
|
* zabbix: improve detection (#2055)Ivan Nardi2023-07-21
|
* TLS: add basic, basic, detection of Encrypted ClientHello (#2053)Ivan Nardi2023-07-21
|
* Add detection of Roblox games (#2054)Ivan Nardi2023-07-21
|
* fuzz: extend fuzzing coverage (#2052)Ivan Nardi2023-07-18
| | | | Added/merged some traces. Improved Socks identification
* tests: restore some old paths as symbolic links (#2050)Ivan Nardi2023-07-16
|
* HTTP: fix another memory access error (#2049)Ivan Nardi2023-07-15
| | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==199079==ERROR: AddressSanitizer: negative-size-param: (size=-1) #0 0x559a2a6efd4f in strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x94ad4f) (BuildId: 34aaabba403c6bc5482553ef355360fd2762a157) #1 0x559a2a9890f0 in ndpi_http_check_content /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:300:8 #2 0x559a2a9812c0 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:910:46 #3 0x559a2a978fee in process_response /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1289:3 #4 0x559a2a97622f in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1382:9 #5 0x559a2a975d95 in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1468:3 #6 0x559a2a864970 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5948:4 #7 0x559a2a8660df in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6013:12 #8 0x559a2a865d7f in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6032:12 #9 0x559a2a876fd6 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7038:15 #10 0x559a2a87311f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7205:22 #11 0x559a2a77381e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1710:31 #12 0x559a2a77381e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2427:10 [...] ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60605
* Fix compilation in CI jobs (#2048)Ivan Nardi2023-07-15
|
* ndpireader: fix detection of DoH traffic based on packet distributions (#2045)Ivan Nardi2023-07-14
|
* Add a configuration knob to enable/disable loading of gambling list (#2047)Ivan Nardi2023-07-14
|
* Adds new pcap for testing "funny" HTTP serversLuca Deri2023-07-14
|
* Restored filesLuca Deri2023-07-14
|
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* Included Gambling website data from the Polish `hazard.mf.gov.pl` list (#2041)snicket21002023-07-14
| | | | | | | | | | | | | * Refreshed the Belgium Gambling Site list data Unfortunately some hostnames have been removed from that list, which means they are disappearing from the `ndpi_gambling_match.c.inc` file as well. * build: added `libxml2-utils` (for `xmllint`) * Included Gambling website data from the Polish `hazard.mf.gov.pl` list The list contains over 30k gambling website hostnames as of today.
* HTTP: fix extraction of filename (#2046)Ivan Nardi2023-07-14
|
Powered by cgit, Themed by Ted Yin.