libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
...
*	Added JA3 in risj exceptions	Luca Deri	2022-01-20
\|
*	Fixed certificate mismatch check	Luca Deri	2022-01-19
\|
*	Fixed an issue on CentOS 7 introduced by	Luca Deri	2022-01-19
\| \| \| \|	https://github.com/ntop/nDPI/commit/c2b7d77784beeae5f86f19e33ba3da5ddce55898
*	Updated confidence type	Luca Deri	2022-01-18
\|
*	TLS, H323, examples: fix some memory errors (#1414)	Ivan Nardi	2022-01-18
\| \| \| \| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26880 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26906 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43782 https://oss-fuzz.com/testcase-detail/6334089358082048
*	Netbios, CSGO: fix two memory errors (#1413)	Ivan Nardi	2022-01-18
\| \| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43754 https://oss-fuzz.com/testcase-detail/5329842395021312
*	build: respect environment options more (#1392)	Sam James	2022-01-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* build: update m4/ax_pthread.m4 from serial 23 -> serial 31 Update ax_pthread.m4 to the latest version from the autoconf-archive project. Signed-off-by: Sam James <sam@gentoo.org> * build: properly detect AR, CC, RANLIB It's necessary to be able to override choice of AR/CC/RANLIB and other toolchain variables/tools for cross-compilation, testing with other toolchains, and to ensure the compiler chosen by the user is actually used for the build. Previously, GNU_PREFIX was kind-of used for this but this isn't a standard variable (at all) and it wasn't applied consistently anyway. We now use the standard autoconf mechanisms for finding these tools. (RANLIB is already covered by LT_INIT.) Signed-off-by: Sam James <sam@gentoo.org> * build: use $(MAKE) This ensures that parallel make works correctly, as otherwise, a fresh make job will be started without the jobserver fd, and hence not know about its parent, forcing -j1. * build: respect CPPFLAGS, LDFLAGS - CPPFLAGS is for the C preprocessor (usually for setting defines) - LDFLAGS should be placed before objects for certain flags to work (e.g. -Wl,--as-needed) Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
*	H323: fix a use-after-poison error (#1412)	Ivan Nardi	2022-01-17
\| \| \| \| \| \| \|	Detected by oss-fuzz See: https://oss-fuzz.com/testcase-detail/6730505580576768 Fix a function prototype Update a unit test results
*	Improved Badoo detection (missing mobile app domain)	Luca Deri	2022-01-17
\|
*	Added Badoo detection	Luca Deri	2022-01-17
\|
*	Adds some risk exceptions for popular services and domain names	Luca	2022-01-17
\| \| \| \|	via a new (internal) function named ndpi_add_domain_risk_exceptions()
*	TLS: fix a use-of-uninitialized-value error (#1411)	Ivan Nardi	2022-01-16
\| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43705
*	Zattoo: fix Null-dereference READ with ipv6 traffic (#1410)	Ivan Nardi	2022-01-16
\| \| \| \| \|	Fix: 20b5f6d7 Detected by oss-fux: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43700
*	XBox, Diameter: fix dissectors initialization (#1405)	Ivan Nardi	2022-01-16
\| \| \| \| \| \| \| \|	These dissectors have never been triggered because their registration functions use the wrong parameter/bitmask. Diameter code is buggy since the origianl commit (1d108234), while XBox code since 5266c726. Fix some false positives in Xbox code.
*	Added performance tests tools	Luca Deri	2022-01-16
\|
*	Minor cosmetic changes	Luca Deri	2022-01-16
\|
*	Reduced Patricia tree bucket memory footprint	Luca Deri	2022-01-16
\|
*	Kerberos: fix use-of-uninitialized-value error (#1409)	Ivan Nardi	2022-01-15
\| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43677
*	TLS: fix heap-buffer-overflow error (#1408)	Ivan Nardi	2022-01-15
\| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43664
*	STUN: fix "confidence" value for some classifications (#1407)	Ivan Nardi	2022-01-15
\|
*	Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)	Ivan Nardi	2022-01-15
\| \| \|	Follow-up of 7cba34a1
*	Restore a unit test result (#1403)	Ivan Nardi	2022-01-13
\| \| \| \| \|	Deleted, probably by mistake, in 406ac7e8 Fix Makefile and add compilation of `rrdtool` in CI tests
*	FreeBSD fixes	Luca Deri	2022-01-13
\|
*	Added the ability to specify trusted issueDN often used in companies to ↵	Luca Deri	2022-01-13
\| \| \| \| \| \| \| \| \| \| \|	self-signed certificates This allows to avoid triggering alerts for trusted albeit private certificate issuers. Extended the example/protos.txt with the new syntax for specifying trusted issueDN. Example: trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US"
*	fix ahocorasick on big-endian machines (#1401)	Vinicius Silva Nogueira	2022-01-13
\|
*	Improved MicrosoftAzure detection	Luca Deri	2022-01-12
\|
*	Added EthernetIP dissector	Luca Deri	2022-01-12
\|
*	Run fuzzing tests also on push event (like the CI tests) (#1400)	Ivan Nardi	2022-01-12
\|
*	Fix DGA false positive (#1399)	Ivan Nardi	2022-01-12
\| \| \|	Close #1397
*	Fix two use-of-uninitialized-value errors (#1398)	Ivan Nardi	2022-01-12
\| \| \| \| \| \| \|	Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40269 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41432 Fix fuzz compilation (follow-up of f5545a80)
*	Removed outdated comment	Luca Deri	2022-01-11
\|
*	Removed legacy code	Luca Deri	2022-01-11
\|
*	QUIC: fix an integer overflow (#1396)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Reported by oss-fuzz: ``` ==685288==ERROR: AddressSanitizer: SEGV on unknown address 0x61a100000687 (pc 0x0000005aba64 bp 0x7ffe3f29f510 sp 0x7ffe3f29f400 T0) ==685288==The signal is caused by a READ memory access. SCARINESS: 20 (wild-addr-read) #0 0x5aba64 in quic_len ndpi/src/lib/protocols/quic.c:203:12 #1 0x5aba64 in decrypt_initial_packet ndpi/src/lib/protocols/quic.c:993:16 #2 0x5aba64 in get_clear_payload ndpi/src/lib/protocols/quic.c:1302:21 #3 0x5aba64 in ndpi_search_quic ndpi/src/lib/protocols/quic.c:1658:19 #4 0x579f00 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:4683:6 #5 0x57abe6 in ndpi_check_flow_func ndpi/src/lib/ndpi_main.c:0 #6 0x583b2c in ndpi_detection_process_packet ndpi/src/lib/ndpi_main.c:5545:15 #7 0x55e75e in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_process_packet.c:30:3 [...] ```
*	Add a "confidence" field about the reliability of the classification. (#1395)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \|	As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
*	Readme for using fuzzer with nDPI	Luca Deri	2022-01-11
\|
*	Updated result	Luca Deri	2022-01-09
\|
*	Improved user agent analysis	Luca Deri	2022-01-09
\|
*	GTP: fix some false positives (#1394)	Ivan Nardi	2022-01-08
\|
*	Remove some unused fields (#1393)	Ivan Nardi	2022-01-08
\|
*	Improved bittorrent detection	Luca Deri	2022-01-06
\|
*	Invalid check	Luca Deri	2022-01-06
\|
*	Added missing dependency	Luca Deri	2022-01-05
\|
*	Update issue tempalte	Alfredo Cardigliano	2022-01-03
\|
*	Update copyright	Alfredo Cardigliano	2022-01-03
\|
*	Improved BitTorrent guess	Luca Deri	2021-12-26
\|
*	Added support for Log4J/Log4Shell detection in nDPI via a new flow risk ↵	Luca Deri	2021-12-23
\| \| \| \|	named NDPI_POSSIBLE_EXPLOIT
*	Add support for ICloud Private Relay (#1390)	Ivan Nardi	2021-12-22
\| \| \| \| \| \| \|	See: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF TODO: an up-to-date list of egress IP ranges is publicly available. Can we use it somehow?
*	A final(?) effort to reduce memory usage per flow (#1389)	Ivan Nardi	2021-12-22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Remove some unused fields and re-organize other ones. In particular: * Update the parameters of `ndpi_ssl_version2str()` function * Zattoo, Thunder: these timestamps aren't really used. * Ftp/mail: these protocols are dissected only over TCP. * Attention must be paid to TLS.Bittorrent flows to avoid invalid read/write to `flow->protos.bittorrent.hash` field. This is the last(?) commit of a long series (see 22241a1d, 227e586e, 730c2360, a8ffcd8b) aiming to reduce library memory consumption. Before, at nDPI 4.0 (more precisly, at a6b10cf7, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 231.71 KB Flow Memory (per flow): 1008 B <--------- ``` i.e. memory usage per flow has been reduced by 66%, dropping below the psychological threshold of 1 KB. To further reduce this value, we probably need to look into #1279: let's fight this battle another day.
*	Add links to other user guides	Alfredo Cardigliano	2021-12-22
\|
*	Improved bittorrent heuristic	Luca Deri	2021-12-21
\|