aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add Vivox support (#2668)Vladimir Gavrilov2025-01-11
|
* Make CI faster (#2662)Ivan Nardi2025-01-11
| | | | | | | | | | | | | | | | | Right now the CI takes ~30 minutes; the goal is to have it ending in < 15 min. The basic trick is to run the longer jobs (no_x86_64 and masan) only with the recently updated pcaps. The same jobs will run again on schedule (every night) testing all the traces. This way the CI will be "green" (hopefully!) earlier while pushing new commit/PR; full tests are simply delayed. Details: when `NDPI_TEST_ONLY_RECENTLY_UPDATED_PCAPS` is set, `tests/do.sh` checks only the latest 10 pcaps (i.e. the more recent pcap added/updated) for *every* configuration. Notes that no_x86_64 and masan jobs run twice: when pushing/merging and on schedule (every night)
* Fix CodeQL GitHub action (#2665)Ivan Nardi2025-01-11
| | | | | | | For some reansons, the installation of golang-1.16 fails on ubuntu 24.04 (note that ubuntu-latest now is pointing to ubuntu-24.04). It seems that everything is fine if we use the already installed version of golang
* Improved WebSocket-over-HTTP detection (#2664)Toni2025-01-11
| | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve documentation (#2661)Ivan Nardi2025-01-10
| | | | Integrate .md files into official documentation See: https://stackoverflow.com/questions/46278683/include-my-markdown-readme-into-sphinx/68005314#68005314
* Update some CI jobs (#2660)Ivan Nardi2025-01-09
| | | | | | | | | | | | | * Move ThreadSanitizer job to the scheduled jobs (once a day): all our tests are intrinsically mono-thread and this job takes quite some time * Two explicit jobs to test LTO and Gold linker, used by oss-fuzz * Two explicit jobs for Windows (with msys2) * Run address sanitizer only on the 4 main jobs: newest/oldest gcc/clang * Reduce the time used by fuzzing jobs. Note that oss-fuzz is continuosly fuzzing our code! * Move the no x86_64 jobs to a dedicated file This way, the main matrix is a little bit simpler and the CI jobs last a little shorter
* Added ICMP risk checks for valid packet payloadsLuca Deri2025-01-08
|
* QUIC: remove extraction of user-agent (#2650)Ivan Nardi2025-01-07
| | | | | In very old (G)QUIC versions by Google, the user agent was available on plain text. That is not true anymore, since about end of 2021. See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7
* Classifications "by-port"/"by-ip" should never change (#2656)Ivan Nardi2025-01-06
| | | Add a new variable to keep track of internal partial classification
* Fix classification "by-port" (#2655)Ivan Nardi2025-01-06
| | | | | Classification "by-port" is the latest possible shot at getting a classification, when everything else failed: we should always use the configured ports (as expected by the users, IMO)
* Add the ability to enable/disable every specific flow risks (#2653)Ivan Nardi2025-01-06
|
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* QUIC: extract "max idle timeout" parameter (#2649)Ivan Nardi2025-01-06
| | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager
* TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647)Ivan Nardi2025-01-06
| | | | We should set it also for "obsolete"/"insecure" ciphers, not only for the "weak" ones.
* TLS: remove ESNI support (#2648)Ivan Nardi2025-01-06
| | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension.
* SSH: fix how the flow risk is set (#2652)Ivan Nardi2025-01-06
| | | We should use the existing helper
* Path of Exile 2 support (#2654)Vladimir Gavrilov2025-01-06
|
* Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵Luca Deri2025-01-03
| | | | messages when used to browse (old) network devices
* Removed Cobalt strikeLuca Deri2024-12-20
|
* IPv6: fix bad ipv6 format (#1890) (#2651)paolomonti2024-12-20
| | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
* Moded to 4.13Luca Deri2024-12-17
|
* Update CHANGELOG.mdIvan Nardi2024-12-14
| | | [no ci]
* Telegram STUN improvementLuca Deri2024-12-13
|
* DNS: fix Index-out-of-bounds error (#2644)Ivan Nardi2024-12-13
| | | | | | | | | | | | | ``` Running: /home/ivan/Downloads/clusterfuzz-testcase-minimized-fuzz_ndpi_reader_pl7m_simplest_internal-5759495480868864 protocols/dns.c:482:5: runtime error: index 4 out of bounds for type 'u_int8_t[4]' (aka 'unsigned char[4]') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:482:5 protocols/dns.c:483:5: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:483:5 protocols/dns.c:490:12: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]') ``` Found by oss-fuzz See: https://issues.oss-fuzz.com/issues/383911300?pli=1
* Added minor Citrix improvementLuca Deri2024-12-13
|
* Update CHANGELOG.mdIvan Nardi2024-12-13
| | | [no ci]
* Update all IPs lists (#2643)Ivan Nardi2024-12-13
|
* Update CHANGELOG.mdIvan Nardi2024-12-13
| | | [no ci]
* Update CHANGELOG.mdIvan Nardi2024-12-12
|
* fuzz: improve fuzzing coverage (#2642)Ivan Nardi2024-12-11
| | | Updtae pl7m code (Fix swap-direction mutation)
* STUN/RTP: improve metadata extraction (#2641)Ivan Nardi2024-12-11
|
* Update script to download Azure IP list ranges (#2640)Ivan Nardi2024-12-11
|
* Added missing checkLuca Deri2024-12-09
|
* STUN: fix monitoring (#2639)Ivan Nardi2024-12-06
|
* Changed serializer buffer size to 256 bytesLuca Deri2024-12-05
|
* signal: improve detection of chats and calls (#2637)Ivan Nardi2024-12-04
|
* fix license typo (#2638)Tina DiPierro2024-12-04
|
* Added STUN custom supportLuca Deri2024-12-02
|
* Minor fixLuca Deri2024-11-29
|
* STUN counter changesLuca Deri2024-11-29
|
* Add support Yandex Alice (#2633)Evgeny Shtanov2024-11-29
| | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* STUN: improve Whatsapp monitoring (#2635)Ivan Nardi2024-11-29
|
* Enhanced STUN statsLuca Deri2024-11-28
|
* Sync unit tests resultsToni Uhlig2024-11-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add a configuration file to ndpiReader (#2629)Ivan Nardi2024-11-27
| | | | | | Example: ./example/ndpiReader --conf=./example/calls.conf -i ./tests/pcap/signal_videocall.pcapng -v2 Close #2608
* Updated fingerprintsLuca Deri2024-11-26
|
* Removed old USE_LEGACY_AHO_CORASICK codeLuca Deri2024-11-26
|
* SIP: export metadata via json (#2630)Ivan Nardi2024-11-26
| | | Fix: 1bda2bf41
* Sync unit tests resultsIvan Nardi2024-11-26
|
* Fingerprint updateLuca Deri2024-11-25
|
Powered by cgit, Themed by Ted Yin.