aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Improved TLS application data detection.improved/tls-appdata-detection-the-secondlns2022-05-08
| | | | | | | * #1532 did fx TLS appdata detection only partially * use flow->l4.tcp.tls.message.buffer_used instead of packet->payload Signed-off-by: lns <matzeton@googlemail.com>
* Added Edgecast and Cachefly CDNs. (#1540)Toni2022-05-07
| | | | | | | | * Improved ASN update script * Ran `utils/update_every_lists.sh' * `tests/do.sh.in' prints the amount of failed pcap(s) * `utils/asn_update.sh' prints the amount of failed download(s) Signed-off-by: lns <matzeton@googlemail.com>
* Replaced ndpiReader's libjson-c support with libnDPI's internal ↵Toni2022-05-07
| | | | | | | | | | | serialization interface. (#1535) * Fixes #1528 * Serialization Interface should also fuzzed * libjson-c may only be used in the unit test to verify the internal serialization interface * Serialization Interface supports tlv(broken), csv and json * Unit test does work again and requires libjson-c Signed-off-by: lns <matzeton@googlemail.com>
* Fix compilation (if `--enable-debug-messages` is used) (#1539)Ivan Nardi2022-05-04
|
* Added extra check to make sure that the guessed protocol is the one we ↵Luca Deri2022-05-04
| | | | expect and not another one
* Fixes bug that prevents triggering alerts for traffic on non-standard ports ↵Luca Deri2022-05-04
| | | | | | that have been defined in the custom protocols file Fixes https://github.com/ntop/ntopng/issues/6458
* Fixes outdated descriptionLuca Deri2022-05-04
|
* Modified risk labelsLuca Deri2022-05-04
|
* Added some Pluralsight Hostnames/SNIs. May fix #1501. (#1538)Toni2022-05-03
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Updated RRD dependenciesLuca Deri2022-05-03
|
* Improved suspicious http user agent detection. (#1537)Toni2022-05-02
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added ndpi_get_flow_error_code() API callLuca Deri2022-05-02
| | | | Fixed typo
* Improved AES-NI check. (#1536)Toni2022-04-30
| | | | | * A library should not open a subshell Signed-off-by: lns <matzeton@googlemail.com>
* Improved AES-NI check on Linux to avoid crashes on CPUs that doLuca Deri2022-04-29
| | | | not support it (e.g. Intel Celeron N2930)
* Sync unit tests results (#1533)Ivan Nardi2022-04-27
|
* Improved TLS application data detection. (#1532)Toni2022-04-27
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added BPF filtering for discarding non-IP packetsLuca Deri2022-04-27
|
* String messages have been shrinkedLuca Deri2022-04-27
|
* Added ability to store custom category file in patricia treeLuca Deri2022-04-26
|
* Add ndpi_json_string_escape to the APIAlfredo Cardigliano2022-04-26
|
* Raknet: fix heap-buffer-overflow (#1531)Ivan Nardi2022-04-25
| | | | | | | | | | | | | | | | | | | | | | | | ``` ==120637==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000488 at pc 0x55a0598d97ec bp 0x7ffcfe13f2e0 sp 0x7ffcfe13f2d8 READ of size 2 at 0x606000000488 thread T0 #0 0x55a0598d97eb in ndpi_search_raknet /home/ivan/svnrepos/nDPI/src/lib/protocols/raknet.c:152:38 #1 0x55a05966c48e in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5060:6 #2 0x55a05966e428 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5119:10 #3 0x55a05966dddc in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5152:12 #4 0x55a05967fa7a in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5971:15 #5 0x55a05962b860 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:3 #6 0x55a05962bd9b in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:84:17 #7 0x7f4aad7d80b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #8 0x55a05956b46d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x5d746d) (BuildId: 9429d3d08edc3836e5536f93c07f140716d8b82e) 0x606000000488 is located 9 bytes to the right of 63-byte region [0x606000000440,0x60600000047f) allocated by thread T0 here: #0 0x55a0595ee80e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x65a80e) (BuildId: 9429d3d08edc3836e5536f93c07f140716d8b82e) #1 0x55a05962bd06 in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:70:17 #2 0x7f4aad7d80b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47000
* Added generic user agent setter. (#1530)Toni2022-04-25
| | | | | * ndpiReader: Print user agent if one was set and not just for certain protocols. Signed-off-by: lns <matzeton@googlemail.com>
* XIAOMI: add detection of Xiaomi traffic (#1529)Ivan Nardi2022-04-25
| | | Most of the credits should go to @utoni (see #1521)
* Added RakNet protocol dissector. (#1527)Toni2022-04-24
| | | | | * Frame Set PDU's do not get fully dissected for the sake of simplicity Signed-off-by: lns <matzeton@googlemail.com>
* Code cleanup (removed redundancy)Luca Deri2022-04-22
|
* Tiny gnutella improvement if gtk-gnutella used. (#1525)Toni2022-04-22
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Updated `utils/whatsapp_ip_addresses_download.sh' to scrape the required IP ↵Toni2022-04-22
| | | | | | | | addresses/ranges. (#1524) * Replaced return statements in `utils/*.sh' with exit's (such scripts should never source'd) * Ran `utils/update_every_lists.sh' Signed-off-by: lns <matzeton@googlemail.com>
* Add some scripts to easily update some IPs lists (#1522)Ivan Nardi2022-04-21
| | | | | Follow-up of 8b062295 Add a new protocol id for generic Tencent/Wechat flows
* Reduce ndpiReader's `-h' spam. `-H' does this job now. (#1523)Toni2022-04-21
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added proprietary Agora Software Defined Real-time Network (SD-RTN) protocol ↵Toni2022-04-20
| | | | | dissector. (#1520) Signed-off-by: lns <matzeton@googlemail.com>
* Added Toca Boca protocol dissector. (#1517)Toni2022-04-19
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Removed superfluous ifdef'd includes. (#1519)Toni2022-04-19
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved sflow protocol detection false-positives. (#1518)Toni2022-04-19
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Kerberos: fix Undefined-shift error (#1516)Ivan Nardi2022-04-18
| | | | | Similar to the error fixed in 4775be3d Found by oss-fuzz. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46713
* DGA improvementsLuca Deri2022-04-16
|
* Minor fix.Zied Aouini2022-04-15
|
* Merge pull request #1491 from utoni/fix/windows-msys2Zied Aouini2022-04-15
|\ | | | | Fixed msys2 build and re-activated CI Mingw-w64 build.
| * Fixed msys2 build warnings and re-activated CI Mingw64 build.fix/windows-msys2Toni Uhlig2022-04-14
|/ | | | | | | * Removed Visual Studio leftovers. Maintaining an autotools project with VS integration requires some additional overhead. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: lns <matzeton@googlemail.com>
* Kerberos: fix some memory access errors (#1514)Ivan Nardi2022-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` ==19724==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e00000045e at pc 0x5620b8b3d3cc bp 0x7ffe0fda6b50 sp 0x7ffe0fda6310 READ of size 2 at 0x60e00000045e thread T0 #0 0x5620b8b3d3cb in __interceptor_strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x63f3cb) (BuildId: ee53ff920c8cd4c226d8520a0d4846d8864726b6) #1 0x5620b8d9b69c in strncpy_lower /home/ivan/svnrepos/nDPI/src/lib/protocols/kerberos.c:208:4 #2 0x5620b8d995a0 in krb_parse /home/ivan/svnrepos/nDPI/src/lib/protocols/kerberos.c:316:5 #3 0x5620b8d97a90 in ndpi_search_kerberos /home/ivan/svnrepos/nDPI/src/lib/protocols/kerberos.c:687:12 #4 0x5620b8bcef35 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:4996:4 #5 0x5620b8bd1be8 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5072:10 #6 0x5620b8bd159c in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5105:12 #7 0x5620b8be323a in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5924:15 #8 0x5620b8b8f7e0 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:3 #9 0x5620b8b8fd1b in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:84:17 #10 0x7f45b32b90b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x5620b8acf47d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x5d147d) (BuildId: ee53ff920c8cd4c226d8520a0d4846d8864726b6) 0x60e00000045e is located 0 bytes to the right of 158-byte region [0x60e0000003c0,0x60e00000045e) allocated by thread T0 here: #0 0x5620b8b5283e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x65483e) (BuildId: ee53ff920c8cd4c226d8520a0d4846d8864726b6) #1 0x5620b8b8fc86 in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:70:17 #2 0x7f45b32b90b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 ``` ``` protocols/kerberos.c:79:52: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' ``` Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46670 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46636
* Extended list of cybersecurity domainsLuca Deri2022-04-13
|
* fix(ndpi_main):Fix memory leak about ndpi_str; (#1513)Wayne2022-04-12
| | | Co-authored-by: 林文烽 <wenfeng.lin@baishan.com>
* TINC: fix invalid memory read (#1512)Ivan Nardi2022-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==19324==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600061be96 at pc 0x55b4a4cb4460 bp 0x7ffc7b461a70 sp 0x7ffc7b461a68 READ of size 1 at 0x60600061be96 thread T0 #0 0x55b4a4cb445f in ndpi_check_tinc /home/ivan/svnrepos/nDPI/src/lib/protocols/tinc.c:105:9 #1 0x55b4a4cb1888 in ndpi_search_tinc /home/ivan/svnrepos/nDPI/src/lib/protocols/tinc.c:135:5 #2 0x55b4a4b4a6e1 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5013:6 #3 0x55b4a4b4c2d4 in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5084:12 #4 0x55b4a4b4bf77 in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5103:12 #5 0x55b4a4b5dcca in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5924:15 #6 0x55b4a4a87734 in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1519:31 #7 0x55b4a4a80761 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2093:10 #8 0x55b4a4a39c8d in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:107:7 #9 0x55b4a4a3a46b in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:179:17 #10 0x7f69c63760b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x55b4a497954d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x61654d) (BuildId: 705ebc5c412d267294a65cb01f03a1f012aeaf20) 0x60600061be96 is located 0 bytes to the right of 54-byte region [0x60600061be60,0x60600061be96) allocated by thread T0 here: [...] ``` Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46499
* Improved ASN.1 parsing for Keberos. Fixes #1492. (#1497)Toni2022-04-10
| | | | | | * This is a quick fix, the Kerberos protocol dissector requires some refactoring effort. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: lns <matzeton@googlemail.com>
* QUIC: handle retransmissions and overlapping fragments in reassembler ↵Vinicius Silva Nogueira2022-04-07
| | | | | | | | | | | | | | | | | | | | | (#1195) (#1498) * QUIC: handle retransmissions and overlapping fragments in reassembler * Trigger CI * minor fix: parentheses * Changing ndpi_malloc to ndpi_calloc * fix memory leak * quic_reasm_buf calloc to malloc * change order of is_ch_complete && is_reasm_buf_complete call * is_reasm_buf_complete: added handling for case where frame size is not multiple of 8 * add extra check
* Fix JSON-C.aouinizied2022-04-07
|
* Python bindings fix.aouinizied2022-04-07
|
* Added ndpi_find_outliers() API call using Z-ScoreLuca Deri2022-04-04
|
* Added -z flagLuca Deri2022-04-03
|
* ndpiReader: fix compilation (#1510)Ivan Nardi2022-04-01
| | | | Not sure why Windows started complaining... anyway, the fixes has been taken from https://github.com/ntop/nDPI/pull/1491: credits to @lnslbrty
* Removed un-necessary guess in miningLuca Deri2022-04-01
|
Powered by cgit, Themed by Ted Yin.