aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix for old gcc compilersLuca Deri2024-08-24
|
* Compilation fixesLuca Deri2024-08-24
|
* Compilation fixesLuca Deri2024-08-24
|
* Introduced ndpi_master_app_protocol typedefLuca Deri2024-08-24
|
* Add Automatic Tank Gauge protocol (#2527)wssxsxxsx2024-08-23
| | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* ahocorasick: fix mem leaked AC_NODE_T object (#2258) (#2522)Maatuq2024-08-23
| | | | | | | Skipping node at depth = AC_PATTRN_MAX_LENGTH inside `ac_automata_walk()` caused this leak, as one of the added patterns has len = AC_PATTRN_MAX_LENGTH (not including the null char), this change avoid this. Fix: #2258 Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
* Fix url for downloading X/Twitter crawler IPs (#2526)Ivan Nardi2024-08-22
|
* Add CNP/IP protocol support (#2521)Vladimir Gavrilov2024-08-22
| | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
* Initialization fixLuca Deri2024-08-22
|
* Fixed initializationLuca Deri2024-08-22
|
* Removed unnecessary includes (#2525)Luca Deri2024-08-21
|
* Fixes Viber false positive detectionLuca Deri2024-08-19
|
* Sync unit tests resultsNardi Ivan2024-08-07
|
* Fixed probing attempt risk that was creating false positivesLuca Deri2024-08-07
|
* Fix `verify_dist_tarball.sh` after latest release (#2519)Ivan Nardi2024-08-07
| | | | | | | | | | Moving from 4.8 to 4.10 (and so, from 4.9 to 4.11 for development builds) made some paths one character longer; that triggers an error with tar when running `verify_dist_tarball.sh` script: ``` tar: libndpi-4.11.0/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.protonvpn.load.txt: file name is too long (max 99); not dumped ``` As a quick fix, reduce the length of that file name.
* Moved dev branch to 4.11Luca Deri2024-08-05
|
* Update for nDPI 4.10Luca Deri2024-08-05
|
* Update all IP lists (#2515)Ivan Nardi2024-08-02
| | | | | The `suffix_id` is simply an incremental index (see `ndpi_load_domain_suffixes`), so its value might changes every time we update the public suffix list.
* Enhanced PrimeVideo detectionLuca Deri2024-07-30
|
* Enhanced ookla tracingLuca Deri2024-07-29
|
* Improved ICMP malformed packet risk descriptionLuca Deri2024-07-25
|
* FPC: add DPI information (#2514)Ivan Nardi2024-07-23
| | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC
* Add OpenWire support (#2513)Vladimir Gavrilov2024-07-22
|
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* FPC: add DNS correlation (#2497)mmanoj2024-07-22
| | | | | | | | | Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Performed some grammar and typo fixes (#2511)Petr2024-07-19
|
* ipaddr2list.py, ndpi2timeline.py: reformatted (#2509)Petr2024-07-18
|
* ndpi_strncasestr: optimization, fixes, tests (#2507)Petr2024-07-18
|
* shell: reformatted, fixed inspections, typos (#2506)Petr2024-07-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reformatted shell scripts according to [ShellCheck](https://github.com/koalaman/shellcheck/). I. Most common changes: 1. https://github.com/koalaman/shellcheck/wiki/SC2086 `$var` → `"$var"` Note: this isn't always necessary and I've been careful not to substitute where it wasn't necessary in meaning. 2. https://github.com/koalaman/shellcheck/wiki/SC2006 `` `command` `` → `$(command)` 3. https://github.com/koalaman/shellcheck/wiki/SC2004 `$(( $a + $b ))` → `$(( a + b ))` 4. https://github.com/koalaman/shellcheck/wiki/SC2164 `cd "$dir"` → `cd "$dir" || exit 1` 5. https://github.com/koalaman/shellcheck/wiki/SC2166 `[ check1 -o check2 ]` → `[ check1 ] || [ check2 ]` 6. https://github.com/koalaman/shellcheck/wiki/SC2002 `cat "${file}" | wc -c` → `< "${file}" wc -c` Note: this looks a bit uglier but works faster. II. Some special changes: 1. In file `utils/common.sh`: https://github.com/koalaman/shellcheck/wiki/SC2112 This script is interpreted by `sh`, not by `bash`, but uses the keyword `function`. So I replaced `#!/usr/bin/env sh` to `#!/usr/bin/env bash`. 2. After that I thought of replacing all shebangs to `#!/usr/bin/env bash` for consistency and cross-platform compatibility, especially since most of the files already use bash. 3. But in cases when it was `#!/bin/sh -e` or `#!/bin/bash -eu` another problem appears: https://github.com/koalaman/shellcheck/wiki/SC2096 So I decided to make all shebangs look uniform: ``` #!/usr/bin/env bash set -e (or set -eu) (if needed) ``` 4. In file `tests/ossfuzz.sh`: https://github.com/koalaman/shellcheck/wiki/SC2162 `read i` → `read -r i` Note: I think that there is no need in special treatment for backslashes, but I could be wrong. 5. In file `tests/do.sh.in`: https://github.com/koalaman/shellcheck/wiki/SC2035 `ls *.*cap*` → `ls -- *.*cap*` 6. In file `utils/verify_dist_tarball.sh`: https://github.com/koalaman/shellcheck/wiki/SC2268 `[ "x${TARBALL}" = x ]` → `[ -z "${TARBALL}" ]` 7. In file `utils/check_symbols.sh`: https://github.com/koalaman/shellcheck/wiki/SC2221 `'[ndpi_utils.o]'|'[ndpi_memory.o]'|'[roaring.o]')` → `'[ndpi_utils.o]'|'[ndpi_memory.o]')` 8. In file `autogen.sh`: https://github.com/koalaman/shellcheck/wiki/SC2145 `echo "./configure $@"` → `echo "./configure $*"` https://github.com/koalaman/shellcheck/wiki/SC2068 `./configure $@` → `./configure "$@"` III. `LIST6_MERGED` and `LIST_MERGED6` There were typos with this variables in files `utils/aws_ip_addresses_download.sh`, `utils/aws_ip_addresses_download.sh` and `utils/microsoft_ip_addresses_download.sh` where variable `LIST6_MERGED` was defined, but `LIST_MERGED6` was removed by `rm`. I changed all `LIST_MERGED6` to `LIST6_MERGED`. Not all changes are absolutely necessary, but some may save you from future bugs.
* smpp: fix parsing of Generic Nack message (#2496)Ivan Nardi2024-07-18
|
* Add Nano (XNO) protocol support (#2508)Vladimir Gavrilov2024-07-18
|
* Added ClickHouse protocolLuca2024-07-17
|
* python: reformatted, fixed bugs (#2504)Petr2024-07-17
|
* .gitignore: reformatted, added patterns for IDEs, for deb packages and for ↵Petr2024-07-16
| | | | test results (#2503)
* Add HLS support (#2502)Vladimir Gavrilov2024-07-16
|
* Refactor ndpi_strnstr to use ndpi_memmem (#2500)Vladimir Gavrilov2024-07-15
|
* ndpi_memmem: optimized, fixed bug, added tests (#2499)Petr2024-07-15
|
* Optimize performance of ndpi_strnstr() and possible bugfix (#2494)Petr2024-07-15
|
* Fixed mistake in shebang (SC1113) (#2498)Petr2024-07-15
|
* fuzzing: improve coverage (#2495)Ivan Nardi2024-07-12
| | | | | | | | | | | | | | Fix detection of WebDAV and Gnutella (over HTTP) Fix detection of z3950 Add two fuzzers to test `ndpi_memmem()` and `ndpi_strnstr()` Remove some dead code: * RTP: the same exact check is performed at the very beginning of the function * MQTT: use a better helper to exclude the protocol * Colletd: `ndpi_hostname_sni_set()` never fails Update pl7m code (fix a Use-of-uninitialized-value error)
* Improve detection of Cloudflare WARP traffic (#2491)Ivan Nardi2024-07-04
| | | See: #2484
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Minor fix in CI action (#2489)Ivan Nardi2024-07-03
|
* Reduce snaplen of some traces (#2490)Ivan Nardi2024-07-03
| | | | | | To avoid the following error with some old libpcap versions: ``` ERROR: could not open pcap file: invalid file capture length 524288, bigger than maximum of 262144 ```
* Add detection of Twitter bot (#2487)Ivan Nardi2024-07-03
| | | Update the global list of crawlers ips
* Make the CI faster (#2475)Ivan Nardi2024-07-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | Without the `-fsanitize-memory-track-origins` flag, MSAN job is ~30% faster. Since this flag is useful only while debugging (and not to simply discover memory issues), avoid it on the CI. Note that, by default it is still enabled by default. Right now, MingW runs on *every* ubuntu builds: limit it only to the standard matrix (i.e. ubuntu 20.04, 22.04, 24.04 with default configuration), without any sanitizers (note that MingW doesn't support *san anyway). armhf job is by far the longest job in the CI: remove asan configuration to make it faster. Note that we already have a lot of different jobs (on x86_64) with some sanitizers, and that the other 2 jobs on arm/s390x don't have asan support anyway. If we really, really want a job with arm + asan we can add it as a async/scheduled job. Remove an old workaround for ubuntu jobs Avoid installing packages needed only for the documentation About `check_symbols.sh` script: even if uses the compiled library/objects, it basicaly only checks if we are using, in the source code, same functions that we shoudn't. We don't need to perform the same kind of check so many times..
* Modified separator from , (comma) to | (pipe) as some fields such as the ↵Luca Deri2024-07-01
| | | | HTTP user agent as sometimes they contain commas and create parsing problems
* tunnelbear: improve detection over wireguard (#2485)Ivan Nardi2024-07-01
| | | See #2484
* Improve detection of Twitter/X (#2482)Ivan Nardi2024-07-01
|
* Add detection of OpenAI ChatGPT bots (#2481)Ivan Nardi2024-07-01
|
Powered by cgit, Themed by Ted Yin.