aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Added TSAN support. (#1613)Toni2022-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix byte-order issue during ndpiReader tcp/udp src/dst port serialization. ↵Toni2022-07-03
| | | | | | | | Fixes #1608. (#1614) * fixed possible memory leak caused by an invalid call to `node_proto_guess_walker()` during serialization * execute serialization code while running regression tests Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added Cloudflare WARP detection patterns. (#1615) (#1616)Toni2022-07-02
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed SMTP default port 587Luca Deri2022-07-02
|
* Added TunnelBear VPN detection patterns. (#1615)Toni2022-07-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated (C)Luca Deri2022-06-30
|
* Removed space from "Genshin Impact"Luca Deri2022-06-30
|
* sync unit tests (#1612)Toni2022-06-30
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix after the protocol name updateLuca Deri2022-06-28
|
* Renamed Z39.50 -> Z3950 as the '.' breaks the naming conventionLuca2022-06-28
| | | | QUIC is a network protocol
* Enhanced TLS risk info reported to usersLuca Deri2022-06-28
|
* Added default port for syslog TCPLuca Deri2022-06-27
|
* Fix compilation and sync unit tests results (#1606)Ivan Nardi2022-06-20
|
* Added unidirectional traffic flow riskLuca Deri2022-06-20
|
* Improved SOAP via HTTP. (#1605)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved GenshinImpact protocol dissector. (#1604)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added collectd dissector (again). (#1601)Toni2022-06-17
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Replaced nDPI's internal hashmap with uthash. (#1602)Toni2022-06-17
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved IPSec/ISAKMP detection. (#1600)Toni2022-06-16
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added new test pcapsLuca2022-06-15
|
* Add some statistics to ndpiReader (#1587)claudio_burrafato2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add some statistics to ndpiReader The purpose of this version of ndpiReader is too adding some other statistics printed by ndpiReader. In this simple version the domain names(in the flows) that are collected are: flow-> ssh_tls.server_info flow-> host_server_name and are placed in a UT_hash_table, ordering them by number of occurrences. * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update example/ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com> * Update ndpiReader.c * Update ndpiReader.c * Update ndpiReader.c * Update ndpiReader.c Co-authored-by: Toni <matzeton@googlemail.com>
* Add support for PIM (Protocol Indipendent Multicast) protocol (#1599)Ivan Nardi2022-06-15
| | | Close #1598
* Improved WhatsApp detection. (#1595)Toni2022-06-14
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Fix invalid memory access (#1596)Ivan Nardi2022-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | We can access `flow->protos` union only after checking the protocol. Checking `flow->detected_protocol.master_protocol` is redundant because we already check it in `is_ndpi_proto` ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==29739==ERROR: AddressSanitizer: SEGV on unknown address 0x000000353820 (pc 0x7f9b64dd2717 bp 0x7fff161a52f0 sp 0x7fff161a4aa8 T0) ==29739==The signal is caused by a READ memory access. #0 0x7f9b64dd2717 /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/strlen-avx2.S:96 #1 0x555c65e597d8 in __interceptor_strlen (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x6407d8) (BuildId: 11ac8ec30f1d49fb0276c9b03368e491505d2bba) #2 0x555c65fd85fa in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:269:13 #3 0x555c65f3e8c6 in process_ndpi_collected_info /home/ivan/svnrepos/nDPI/example/reader_util.c:1188:36 #4 0x555c65f52cab in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1567:2 #5 0x555c65f4b632 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2110:10 #6 0x555c65f04d29 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:109:7 #7 0x555c65f054bb in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:181:17 #8 0x7f9b64c6e082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #9 0x555c65e4253d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x62953d) (BuildId: 11ac8ec30f1d49fb0276c9b03368e491505d2bba) ``` Found by oss-fuzzer. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48020
* DNS: fix TTL check and sync unit test results (#1594)Ivan Nardi2022-06-14
|
* Updated DNS alert triggered only with TTL == 0Luca Deri2022-06-14
|
* Restored ndpi_set_proto_defaults() prototypeLuca Deri2022-06-13
| | | | Updated test results
* Added check for DGA names that resolve to a valid recordLuca Deri2022-06-13
|
* Improved DNS traffic analysisLuca Deri2022-06-13
| | | | Added ability to identify application and network protocols
* Added DNS record TTL checkLuca Deri2022-06-13
|
* Added gprof CPU/HEAP profiling support. (#1592)Toni2022-06-12
| | | | | * Some small auto{conf,make} improvements Signed-off-by: lns <matzeton@googlemail.com>
* Removed Makefile references to legacy code. (#1589)Toni2022-06-08
| | | | | - feature removed with f5545a80f95a90a5219bbb319b346f964b1e1548 Signed-off-by: lns <matzeton@googlemail.com>
* Added Pragmatic General Multicast (PGM) protocol detectionLuca Deri2022-06-08
|
* Dissect host line if SSDP contains such. (#1586)Toni2022-06-07
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Reimplemented 1kxun application protocol. (#1585)Toni2022-06-06
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Prevent compilation failure if, for whatever reason, NDPI_API_VERSION is ↵Toni2022-06-06
| | | | | | | empty. (#1584) - This is not a fix for #1494, just an improvment. Signed-off-by: lns <matzeton@googlemail.com>
* Fixed syslog false negatives. (#1582)Toni2022-06-05
| | | | | - RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns <matzeton@googlemail.com>
* Fix some debug messages (#1583)Ivan Nardi2022-06-05
| | | Increase max number of flows handled during fuzzing
* Updated test resultsLuca Deri2022-06-05
|
* Fixed invalid DHCP dissectionLuca Deri2022-06-05
|
* Fixed DHCP dissection bugLuca Deri2022-06-05
|
* Added RSH dissector. Fixes #202. (#1581)Toni2022-06-04
| | | | | | - added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations Signed-off-by: lns <matzeton@googlemail.com>
* Add support for GoTo products (mainly GoToMeeting) (#1580)Ivan Nardi2022-06-04
| | | There is some overlap with Citrix protocol.
* Fix syslog heap overflow introduced in ↵Toni2022-06-04
| | | | | | | 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c. (#1579) - fixes #1578 Signed-off-by: lns <matzeton@googlemail.com>
* Fixed syslog false positives. (#1577)Toni2022-06-03
| | | | | | | * syslog: removed unnecessary/unreliable printable string check * added `ndpi_isalnum()` * splitted `ndpi_is_printable_string()` into `ndpi_is_printable_buffer()` and `ndpi_normalize_printable_string()` Signed-off-by: lns <matzeton@googlemail.com>
* Fix heap buffer overflow mentioned in #1574. (#1576)Toni2022-06-02
| | | Signed-off-by: lns <matzeton@googlemail.com>
* TLS: fix use-of-uninitialized-value error (#1573)Ivan Nardi2022-06-02
| | | | | | | | | | | | | | | | | | | | | | Proper fix for the error already reported in 9040bc74 ``` Uninitialized bytes in __interceptor_strlen at offset 3 inside [0x7ffc7a147390, 4) ==111876==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55e3e4f32e5b in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:268:13 #1 0x55e3e4ef7391 in ndpi_set_risk /home/ivan/svnrepos/nDPI/src/lib/ndpi_utils.c:2254:12 #2 0x55e3e5022fdf in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1523:8 #3 0x55e3e503af44 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:865:5 #4 0x55e3e50397cd in ndpi_search_tls_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1024:2 #5 0x55e3e503570c in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2453:5 #6 0x55e3e4f84a6a in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5150:6 #7 0x55e3e4f85778 in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5198:12 #8 0x55e3e4f851e1 in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5217:12 #9 0x55e3e4f96c7a in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6076:15 #10 0x55e3e4ed91ef in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:29:5 #11 0x55e3e4eda27e in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:101:17 #12 0x7f5cb3146082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #13 0x55e3e4e5140d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0xa340d) (BuildId: 0c02c433e039970dd13a60382b94dd5a8e19f625) ```
* Removed README.nDPI as it does not provide any new information not covered ↵Toni2022-05-31
| | | | | by README.md (#1572) Signed-off-by: lns <matzeton@googlemail.com>
* Removed LGTM ql query for packet payload integer arithmetic. (#1570)Toni2022-05-31
| | | | | * Detection is unreliable and results in too much false-positives (and false-negatives!) Signed-off-by: lns <matzeton@googlemail.com>
* Force roaring bitmap to use ndpi memory wrappers. (#1569)Toni2022-05-31
| | | | | | | | GCC analyzer won't complain about possible use-after-free (false positive). * tests/do.sh prints word diff's only once and not the same over and over again * sync unit tests Signed-off-by: lns <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.