aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Added further checksLuca Deri2021-05-15
|
* Updated protocol categoryLuca Deri2021-05-15
|
* Added ndpi_check_subprotocol_risk() API call definitionLuca Deri2021-05-15
|
* Added TLS certifiacate cachingLuca Deri2021-05-15
| | | | Added Fortigate protocol
* Converted some test .pcapng files to pcap formatLuca Deri2021-05-13
|
* Added browser TLS heuristicLuca Deri2021-05-13
|
* Implemented heuristic to detect Safari and Firefox TLS browsingLuca Deri2021-05-13
|
* Fixed obsolete error printing if CTRL-C is pressed. #1165 (#1184)Toni2021-05-11
| | | | | * This fix was proposed by @robertsong2019 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved SSL certificate name wildcard handling and risk. #1182 (#1183)Toni2021-05-11
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Changes for sonarcloud integrationLuca Deri2021-05-11
|
* Fixed typoLuca Deri2021-05-11
|
* Implemented flow score in Wireshark integrationLuca Deri2021-05-10
|
* Added check to reduce MongoDB false positive detectionLuca Deri2021-05-10
|
* Added (partial) Activision protocol support (based on tencent cloud)Luca Deri2021-05-10
|
* Fix some warnings (#1181)Ivan Nardi2021-05-09
| | | | | | | | | | | | | | | | | | | ``` In file included from protocols/fasttrack.c:29: ../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers] 1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk); | ^~~~~ In file included from protocols/amazon_video.c:28: ../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers] 1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk); | ^~~~~ ... ndpi_utils.c: In function ‘ndpi_risk2severity’: ndpi_utils.c:1834:1: warning: control reaches end of non-void function [-Wreturn-type] 1834 | } | ^ ```
* TLS: fix extraction for TLS signature algorithms (#1180)Ivan Nardi2021-05-09
| | | | | | | | | | ``` ==69562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6100009000fb at pc 0x7f41882003a7 bp 0x7f4183cfbfc0 sp 0x7f4183cfb768 READ of size 32 at 0x6100009000fb thread T1 #0 0x7f41882003a6 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 #1 0x560b2d7462a1 in processClientServerHello protocols/tls.c:1647 #2 0x560b2d73be6a in processTLSBlock protocols/tls.c:712 #3 0x560b2d73e61f in ndpi_search_tls_udp protocols/tls.c:968 ```
* TLS: fix another use-of-uninitialized-value error in ClientHello parsing (#1179)Ivan Nardi2021-05-09
| | | | | | | | | | | | Error detected with valgrind. ==13127== Conditional jump or move depends on uninitialised value(s) ==13127== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==13127== by 0x1A93B6: ndpi_strdup (ndpi_main.c:159) ==13127== by 0x1C07CC: processClientServerHello (tls.c:1678) ==13127== by 0x1C0C4C: processTLSBlock (tls.c:712) ==13127== by 0x1C0C4C: ndpi_search_tls_tcp.part.0 (tls.c:849) See also 8c3674e9
* Check datalink during fuzzing to prevent console / logfile spam. See #1175 ↵Toni2021-05-09
| | | | | for more information. (#1177) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Allow to override build date with SOURCE_DATE_EPOCH (#1176)Bernhard M. Wiedemann2021-05-09
| | | | | | in order to make builds reproducible. See https://reproducible-builds.org/ for why this is good and https://reproducible-builds.org/specs/source-date-epoch/ for the definition of this variable.
* Initial work towards detection via TLS of browser typesLuca2021-05-06
|
* Add extraction for TLS signature algorithmsLuca2021-05-06
|
* Added ndpi_risk2severity() API callLuca2021-05-02
|
* Enhanced netbios decoding checkLuca Deri2021-04-28
|
* Compilation fixLuca Deri2021-04-27
|
* Updated code due to https://github.com/ntop/nDPI/pull/1175Luca Deri2021-04-27
|
* Removed DGA check for ipv6 reverse IPsLuca Deri2021-04-27
|
* Check for common ALPNs and set a flow risk if not known. (#1175)Toni2021-04-27
| | | | | | * Increased risk bitmask to 64bit (instead of 32bit). * Removed annoying "Unknown datalink" error message for fuzzers. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed invalid DNS dissectionLuca Deri2021-04-26
|
* Compilation fixLuca Deri2021-04-26
|
* Added flow risk to wireshark dissectionLuca Deri2021-04-26
|
* Added tshark descriptionLuca Deri2021-04-25
|
* README for the tshark classLuca Deri2021-04-25
|
* Lua tshark class and examplesLuca Deri2021-04-25
|
* Removed protocol space in Genshin ImpactLuca Deri2021-04-25
|
* Add Genshin Impact protocol. (#1173)Toni2021-04-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add vxlan enum to ndpi_packet_tunnelAlfredo Cardigliano2021-04-21
|
* Add HP Virtual Machine Group Management (hpvirtgrp) protocol. (#1170)Toni2021-04-20
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Reworked GeoIP APILuca Deri2021-04-19
| | | | | | | | int ndpi_get_geoip_asn(struct ndpi_detection_module_struct *ndpi_str, char *ip, u_int32_t *asn); int ndpi_get_geoip_country_continent(struct ndpi_detection_module_struct *ndpi_str, char *ip, char *country_code, u_int8_t country_code_len, char *continent, u_int8_t continent_len);
* TLS: fix some use-of-uninitialized-value errors in ClientHello parsing (#1169)Ivan Nardi2021-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Error detected with valgrind. ==125883== Conditional jump or move depends on uninitialised value(s) ==125883== at 0x438F57: processClientServerHello (tls.c:1421) ==125883== by 0x43B35A: processTLSBlock (tls.c:712) ==125883== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125883== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125883== by 0x42E920: ndpi_detection_process_packet (ndpi_main.c:5301) ==125916== Conditional jump or move depends on uninitialised value(s) ==125916== at 0x438D7D: processClientServerHello (tls.c:1379) ==125916== by 0x43B35A: processTLSBlock (tls.c:712) ==125916== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125916== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125932== Conditional jump or move depends on uninitialised value(s) ==125932== at 0x438C1D: processClientServerHello (tls.c:1298) ==125932== by 0x43B35A: processTLSBlock (tls.c:712) ==125932== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125932== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125950== Conditional jump or move depends on uninitialised value(s) ==125950== at 0x438D4F: processClientServerHello (tls.c:1371) ==125950== by 0x43B35A: processTLSBlock (tls.c:712) ==125950== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125950== by 0x42C079: check_ndpi_detection_func (ndpi_main.c:4443)
* Fix detunneling of GTP-U traffic (#1168)Ivan Nardi2021-04-18
| | | | | Fuzzing #1161 exposed some (completely unrelated) issues on GTP-U detunneling code. (see https://github.com/ntop/nDPI/actions/runs/719882047)
* Improve classification of Outlook/MicrosoftMail traffic (#1167)Ivan Nardi2021-04-18
| | | See #1148
* GeoIP handlign fixesLuca Deri2021-04-18
|
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for ↵Luca Deri2021-04-12
| | | | remote assistance sessions
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION flow riskLuca Deri2021-04-11
|
* wireshark/lua: fix handling of VLAN traffic (#1162)Ivan Nardi2021-04-05
|
* GTP: fix parsing of GTP headers (#1161)Ivan Nardi2021-04-05
| | | | | | | | | | | | | Message length checks and basic headers are not uniform across GTP-U, GTP-C and GTP-PRIME. Note that, even if the length checks were wrong, the GTP sessions were almost always correctly classified because of the "guessing" algorithm. This patch has been tested with GTP-U, GTP-C-V1, GTP-C-V2 and GPT-PRIME-V2 traffic using ndpiReader with "-d" flag (to avoid "guessing" algorithm) and without "-t" flag (to avoid GTP-U de-tunneling). See #1148
* Fix some warnings about unused variables/functions (#1160)Ivan Nardi2021-04-05
|
* Trace fixLuca Deri2021-04-02
|
* Fixed incapoatibilities with the latest extcap/wiresharkLuca Deri2021-04-01
|
Powered by cgit, Themed by Ted Yin.