aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* STUN: fix detection of Google Voip apps (#2031)Ivan Nardi2023-07-05
| | | Fix: 2c7fb9179
* fixed numeric truncation error in diameter.c (#2034)headshog2023-07-05
|
* fixed numeric truncation error in rtcp.c (#2033)headshog2023-07-05
|
* fixed numeric truncation error in kerberos.c (#2032)headshog2023-07-05
|
* STUN: avoid FacebookVoip false positives (#2029)Ivan Nardi2023-07-03
| | | | Attribute 0xC057 is defined in the Google public implementation of webrtc (which is used by Google products but also by other applications)
* STUN: fix Skype/MsTeams detection and monitoring logic (#2028)Ivan Nardi2023-07-03
|
* STUN: tell RTP from RTCP while in monitoring state (#2027)Ivan Nardi2023-06-27
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* Simplify the report of streaming multimedia info (#2026)Ivan Nardi2023-06-26
| | | | | The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are pretty much identical: rename the former in `flow->flow_multimedia_type` and remove the latter.
* Thrift: fix heap-buffer-overflow (#2024)Ivan Nardi2023-06-26
|
* Optimizes and fixes possible out0of0boundary write in ndpi_fill_prefix_v4()Luca Deri2023-06-23
|
* RTP: rework code (#2021)Ivan Nardi2023-06-23
| | | | | | | Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
* minor fixes (#2023)Ivan Kapranov2023-06-22
| | | | | fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* removed useless call of ndpi_set_risk func (#2022)Ivan Kapranov2023-06-22
|
* Compilation fixLuca Deri2023-06-22
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Waring fixLuca Deri2023-06-21
|
* Gnutella: improve detection (#2019)Ivan Nardi2023-06-21
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
| | | | TCP framing is optional
* STUN: improve WhatsappCall detectionNardi Ivan2023-06-21
|
* Line: fix heap-buffer-overflow error (#2015)Ivan Nardi2023-06-21
|
* STUN: keep monitoring/processing STUN flows (#2012)Ivan Nardi2023-06-21
| | | | Look for RTP packets in the STUN sessions. TODO: tell RTP from RTCP
* Fix access to packet/flow information (#2013)Ivan Nardi2023-06-17
| | | We can't access to `ndpi_str->packet` from `ndpi_detection_giveup()`
* Added hyperlinkLuca Deri2023-06-16
|
* Reworked teams handlingLuca Deri2023-06-15
|
* Fix compilation (#2011)Ivan Nardi2023-06-15
|
* Implemented Zoom/Teams stream type detectionLuca Deri2023-06-14
|
* Improved line protocol dissection with heuristicLuca Deri2023-06-13
|
* Updated line test resultLuca Deri2023-06-13
|
* Refreshed ASN listsLuca Deri2023-06-13
| | | | Enhanced the Line IP list with https://ipinfo.io/AS23576/125.209.252.0/24 used by line
* Added check to avoid skype heuristic false positivesLuca Deri2023-06-12
|
* Set _DEFAULT_SOURCE and _GNU_SOURCE globally. (#2010)Toni2023-06-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix missing u_char, u_short and u_int typedefs for some platforms e.g.: (#2009)Toni2023-06-12
| | | | | | | | | | In file included from ../include/ndpi_main.h:34, from ../include/ndpi_api.h:28, from protocols/activision.c:26: ../include/ndpi_typedefs.h:294:3: error: unknown type name 'u_char' 294 | u_char h_dest[6]; /* destination eth addr */ | ^~~~~~ Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* oss-fuzz: sync build script with upstreamNardi Ivan2023-06-12
| | | | | | | | | | | | File copied from https://github.com/google/oss-fuzz/blob/master/projects/ndpi/build.sh The general idea is to keep the build script in our repository and use it from oss-fuzz builder: updating it from our side is easier and faster then passing via an oss-fuzz PR. The original idea is from @utoni in 3068306b60. Once this change has been merged, we can update the code in oss-fuzz.
* Added vlan_id in ndpi_flow2json() prototypeLuca Deri2023-06-09
|
* QUIC: fix dissection of packets forcing VNNardi Ivan2023-06-08
|
* QUIC: fix a memory access errorNardi Ivan2023-06-08
| | | | Found while fuzzing
* QUIC: add support for QUIC version 2Nardi Ivan2023-06-08
| | | | | | See: https://www.rfc-editor.org/rfc/rfc9369.txt Old v2-01 version has been removed, since it has never been really used.
* ndpiReader: allow to configure LRU caches TTL and size (#2004)Ivan Nardi2023-06-08
|
* ProtonVPN: add basic detection (#2006)Ivan Nardi2023-06-08
|
* Numeric truncation at `tls.c:1010` (#2005)headshog2023-06-08
| | | | | * fixed numtrunc error in protocols/tls.c * fixed build error for tls.c
* added new domain names (#2002)zehraIn2023-06-01
| | | | | | | | | * added new domain names * Sync unit tests results --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* tests: add an option to force the overwrite of the unit tests results (#2001)Ivan Nardi2023-05-31
| | | Usage: `FORCE_UPDATING_UTESTS_RESULTS=1 ./tests/do.sh`
* Add bitcoing protocol dissector. (#1992)Maatuq2023-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add bitcoing protocol dissector. * remove bitcoin protcol detection from mining.c * add a new bitcoin deissector. * add a new category: Cryptocurrency. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * Remove useless checks and add missing windows and docs file. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update affected tests. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * add a brief version. Add notes on the difference between normal bitcoin protocol and the mining protocol. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update enable_payload_stat test after dev rebasing. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> --------- Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Numeric truncation at `ndpi_analyze.c` at lines 101, 104, 107, 110 (#1999)headshog2023-05-30
| | | | | | | | | | | * fixed numeric truncation error in ndpi_analyze.c * fixed numeric truncation error in ndpi_analyze.c x2 * fixed numeric truncation error in ndpi_analyze.c x3 * fixed numeric truncation error in ndpi_analyze.c and printf format * fixed tests
* Changed logging callback function sig. (#2000)Toni2023-05-30
| | | | | * make user data available for any build config Signed-off-by: lns <matzeton@googlemail.com>
* fixed numeric truncation error in ndpi_main.c:6837 (#1998)headshog2023-05-29
|
* Fix some memory errors triggered by allocation failures (#1995)Ivan Nardi2023-05-29
| | | | | | | | | | | | Some low hanging fruits found using nallocfuzz. See: https://github.com/catenacyber/nallocfuzz See: https://github.com/google/oss-fuzz/pull/9902 Most of these errors are quite trivial to fix; the only exception is the stuff in the uthash. If the insertion fails (because of an allocation failure), we need to avoid some memory leaks. But the only way to check if the `HASH_ADD_*` failed, is to perform a new lookup: a bit costly, but we don't use that code in any critical data-path.
* Avoid calling `ndpi_reconcile_protocols()` twice in ↵Ivan Nardi2023-05-29
| | | | | | `ndpi_detection_giveup()` (#1996) `ndpi_reconcile_protocols()` is already called by `ndpi_set_detected_protocol()`
Powered by cgit, Themed by Ted Yin.