aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* TLS: fix a use-of-uninitialized-value error (#1411)Ivan Nardi2022-01-16
| | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43705
* Zattoo: fix Null-dereference READ with ipv6 traffic (#1410)Ivan Nardi2022-01-16
| | | | | Fix: 20b5f6d7 Detected by oss-fux: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43700
* XBox, Diameter: fix dissectors initialization (#1405)Ivan Nardi2022-01-16
| | | | | | | | These dissectors have *never* been triggered because their registration functions use the wrong parameter/bitmask. Diameter code is buggy since the origianl commit (1d108234), while XBox code since 5266c726. Fix some false positives in Xbox code.
* Added performance tests toolsLuca Deri2022-01-16
|
* Minor cosmetic changesLuca Deri2022-01-16
|
* Reduced Patricia tree bucket memory footprintLuca Deri2022-01-16
|
* Kerberos: fix use-of-uninitialized-value error (#1409)Ivan Nardi2022-01-15
| | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43677
* TLS: fix heap-buffer-overflow error (#1408)Ivan Nardi2022-01-15
| | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43664
* STUN: fix "confidence" value for some classifications (#1407)Ivan Nardi2022-01-15
|
* Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)Ivan Nardi2022-01-15
| | | Follow-up of 7cba34a1
* Restore a unit test result (#1403)Ivan Nardi2022-01-13
| | | | | Deleted, probably by mistake, in 406ac7e8 Fix Makefile and add compilation of `rrdtool` in CI tests
* FreeBSD fixesLuca Deri2022-01-13
|
* Added the ability to specify trusted issueDN often used in companies to ↵Luca Deri2022-01-13
| | | | | | | | | | | self-signed certificates This allows to avoid triggering alerts for trusted albeit private certificate issuers. Extended the example/protos.txt with the new syntax for specifying trusted issueDN. Example: trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US"
* fix ahocorasick on big-endian machines (#1401)Vinicius Silva Nogueira2022-01-13
|
* Improved MicrosoftAzure detectionLuca Deri2022-01-12
|
* Added EthernetIP dissectorLuca Deri2022-01-12
|
* Run fuzzing tests also on push event (like the CI tests) (#1400)Ivan Nardi2022-01-12
|
* Fix DGA false positive (#1399)Ivan Nardi2022-01-12
| | | Close #1397
* Fix two use-of-uninitialized-value errors (#1398)Ivan Nardi2022-01-12
| | | | | | | Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40269 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41432 Fix fuzz compilation (follow-up of f5545a80)
* Removed outdated commentLuca Deri2022-01-11
|
* Removed legacy codeLuca Deri2022-01-11
|
* QUIC: fix an integer overflow (#1396)Ivan Nardi2022-01-11
| | | | | | | | | | | | | | | | | Reported by oss-fuzz: ``` ==685288==ERROR: AddressSanitizer: SEGV on unknown address 0x61a100000687 (pc 0x0000005aba64 bp 0x7ffe3f29f510 sp 0x7ffe3f29f400 T0) ==685288==The signal is caused by a READ memory access. SCARINESS: 20 (wild-addr-read) #0 0x5aba64 in quic_len ndpi/src/lib/protocols/quic.c:203:12 #1 0x5aba64 in decrypt_initial_packet ndpi/src/lib/protocols/quic.c:993:16 #2 0x5aba64 in get_clear_payload ndpi/src/lib/protocols/quic.c:1302:21 #3 0x5aba64 in ndpi_search_quic ndpi/src/lib/protocols/quic.c:1658:19 #4 0x579f00 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:4683:6 #5 0x57abe6 in ndpi_check_flow_func ndpi/src/lib/ndpi_main.c:0 #6 0x583b2c in ndpi_detection_process_packet ndpi/src/lib/ndpi_main.c:5545:15 #7 0x55e75e in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_process_packet.c:30:3 [...] ```
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* Readme for using fuzzer with nDPILuca Deri2022-01-11
|
* Updated resultLuca Deri2022-01-09
|
* Improved user agent analysisLuca Deri2022-01-09
|
* GTP: fix some false positives (#1394)Ivan Nardi2022-01-08
|
* Remove some unused fields (#1393)Ivan Nardi2022-01-08
|
* Improved bittorrent detectionLuca Deri2022-01-06
|
* Invalid checkLuca Deri2022-01-06
|
* Added missing dependencyLuca Deri2022-01-05
|
* Update issue tempalteAlfredo Cardigliano2022-01-03
|
* Update copyrightAlfredo Cardigliano2022-01-03
|
* Improved BitTorrent guessLuca Deri2021-12-26
|
* Added support for Log4J/Log4Shell detection in nDPI via a new flow risk ↵Luca Deri2021-12-23
| | | | named NDPI_POSSIBLE_EXPLOIT
* Add support for ICloud Private Relay (#1390)Ivan Nardi2021-12-22
| | | | | | | See: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF TODO: an up-to-date list of egress IP ranges is publicly available. Can we use it somehow?
* A final(?) effort to reduce memory usage per flow (#1389)Ivan Nardi2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove some unused fields and re-organize other ones. In particular: * Update the parameters of `ndpi_ssl_version2str()` function * Zattoo, Thunder: these timestamps aren't really used. * Ftp/mail: these protocols are dissected only over TCP. * Attention must be paid to TLS.Bittorrent flows to avoid invalid read/write to `flow->protos.bittorrent.hash` field. This is the last(?) commit of a long series (see 22241a1d, 227e586e, 730c2360, a8ffcd8b) aiming to reduce library memory consumption. Before, at nDPI 4.0 (more precisly, at a6b10cf7, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 231.71 KB Flow Memory (per flow): 1008 B <--------- ``` i.e. memory usage per flow has been reduced by 66%, dropping below the psychological threshold of 1 KB. To further reduce this value, we probably need to look into #1279: let's fight this battle another day.
* Add links to other user guidesAlfredo Cardigliano2021-12-22
|
* Improved bittorrent heuristicLuca Deri2021-12-21
|
* Fix a global-buffer-overflow when loading Azure list (#1388)Ivan Nardi2021-12-19
|
* Added Microsoft Azure supportLuca Deri2021-12-19
|
* Improve/add several protocols (#1383)Ivan Nardi2021-12-18
| | | | | | | | | | | | | | | | | | | Improve Microsoft, GMail, Likee, Whatsapp, DisneyPlus and Tiktok detection. Add Vimeo, Fuze, Alibaba and Firebase Crashlytics detection. Try to differentiate between Messenger/Signal standard flows (i.e chat) and their VOIP (video)calls (like we already do for Whatsapp and Snapchat). Add a partial list of some ADS/Tracking stuff. Fix Cassandra, Radius and GTP false positives. Fix DNS, Syslog and SIP false negatives. Improve GTP (sub)classification: differentiate among GTP-U, GTP_C and GTP_PRIME. Fix 3 LGTM warnings.
* TLS: add support for IPV6 in Subject Alt Names field (#1385)Ivan Nardi2021-12-18
|
* TLS: fix usage of certificate cache (#1384)Ivan Nardi2021-12-18
|
* Improved bittorrent detectionLuca Deri2021-12-17
|
* QUIC: fix old versions of GQUIC on big-endian machines (#1387)Ivan Nardi2021-12-17
| | | Credits to @viniciussn (see #1312)
* Improved BitTorrent classificationLuca Deri2021-12-07
|
* Optimized ndpi_serialize_string_int32Luca Deri2021-12-07
|
* Fixed issue that prevented alt certificate names to be fully detected when ↵Luca Deri2021-12-07
| | | | ipAddress and rfc822Name were specified in certificates
* Added missing install targetLuca Deri2021-12-07
|
Powered by cgit, Themed by Ted Yin.