aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* fuzz: extend fuzzing coverage (#2205)Ivan Nardi2023-12-11
|
* Fix typos (#2204)rl19872023-12-10
| | | | | * Fix typo in ndpiSimpleIntegration.c * Fix misspelling in a comment
* Replace complicated TPKT header validation with an helper function (#2201)Vladimir Gavrilov2023-12-10
| | | | | * Replace complicated TPKT header validation with an helper function * Move tpkt_verify_hdr function definition to ndpi_utils.c
* OpenVPN: rework detection (#2199)Ivan Nardi2023-12-06
| | | Close #1873
* Add Ether-S-Bus protocol dissector (#2200)Vladimir Gavrilov2023-12-05
|
* Add some fast CRC16 algorithms implementation (#2195)Vladimir Gavrilov2023-12-05
| | | | | | | | | * Add some fast CRC16 algorithms implementation * Update ndpi_crc.c * Move crc16 stuff to ndpi_analyze.c * IEEE C37.118: use new fast CRC-16/CCITT-FALSE implementation
* Add IEEE C37.118 protocol dissector (#2193)Vladimir Gavrilov2023-12-05
|
* TLS: remove JA3+ fingerprints. (#2192)Ivan Nardi2023-12-05
| | | See: #2191
* Add ISO 9506-1 MMS protocol dissector (#2189)Vladimir Gavrilov2023-12-01
| | | | * Add ISO 9506-1 MMS protocol dissector * Fix detection on big-endian architectures
* STUN: parsing of DATA attribute (#2179)Ivan Nardi2023-12-01
|
* Add Beckhoff ADS protocol dissector (#2181)Vladimir Gavrilov2023-11-30
| | | | | | | * Add Beckhoff ADS protocol dissector * Remove redundant le32toh * Fix detection on big-endian architectures
* STUN: fix detection of DTLS (#2187)Ivan Nardi2023-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a memory leak ``` ==97697==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x55a6967cfa7e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x701a7e) (BuildId: c7124999fa1ccc54346fa7bd536d8eab88c3ea01) #1 0x55a696972ab5 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #2 0x55a696972da0 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #3 0x55a696b7658d in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2394:46 #4 0x55a696b86e81 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:897:5 #5 0x55a696b80649 in ndpi_search_tls_udp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1262:11 #6 0x55a696b67a57 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2751:5 #7 0x55a696b67758 in switch_to_tls /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1408:3 #8 0x55a696c47810 in stun_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/stun.c:422:4 #9 0x55a6968a22af in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7247:9 #10 0x55a6968acd6f in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7746:5 #11 0x55a6968aba3f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8013:22 #12 0x55a69683d30e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1723:31 #13 0x55a69683d30e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2440:10 #14 0x55a69680f08f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:135:7 [...] SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). ``` Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64564
* Rework extraction of HTTP headers (#2183)Ivan Nardi2023-11-29
| | | | | | Extract only the headers that we really need/use. Avoid too many `strcmp`; the algorithm might be a little bit overwhelming right now but it might be useful if we have further headers in the future.
* Fix FAQ (#2186)Ivan Nardi2023-11-29
|
* Update FAQ.mdIvan Nardi2023-11-29
|
* Update FAQ.mdIvan Nardi2023-11-29
|
* Add a FAQ for the project (#2185)Ivan Nardi2023-11-29
|
* Keep separating public and private API (#2157)Ivan Nardi2023-11-29
| | | See: b08c787fe
* Fix detection of `NDPI_TCP_ISSUES` flow risk (#2177)Ivan Nardi2023-11-29
| | | | | | | We need to take into account retransmissions: they increase `flow->all_packets_counter` counter but not `flows->packet_counter` one. Therefore, the right way to check for 3WH + RST pattern involves checking for `flows->packet_counter == 0`
* Improved belgium gambling sites regex. (#2184)Toni2023-11-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Schneider Electric’s UMAS detection support (#2180)Vladimir Gavrilov2023-11-28
| | | | | | | * Add Schneider Electric’s UMAS detection support * Swap proto IDs in ndpi_set_detected_protocol * Update unit test result
* Fix FINS false positives (#2176)Vladimir Gavrilov2023-11-27
| | | | | * Fix FINS false positives * Add rsv (reserved) field check
* Add Ether-S-I/O protocol dissector (#2174)Vladimir Gavrilov2023-11-27
|
* Add Omron FINS protocol dissector (#2172)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | * Add Omron FINS protocol dissector * Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP * Update unit test results * Update protocols.rst * Remove dummy flows from fins.pcap
* Rework S7Comm dissector; add S7Comm Plus support (#2165)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | | | | * Rework S7Comm dissector; add S7Comm Plus support * Cleanup s7comm.c * Improve S7Comm Plus detection * s7comm/s7commplus: faster detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Improve CORBA detection (#2167)Vladimir Gavrilov2023-11-27
| | | | | | | * Improve CORBA detection * Remove dummy flow from ziop.pcap * Merge ziop.pcap and miop.pcap into corba.pcap
* Add OPC UA protocol dissector (#2169)Vladimir Gavrilov2023-11-27
|
* STUN: improve demultiplexing of DTLS packets (#2153)Ivan Nardi2023-11-27
| | | | | | Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones. We might end up processing the session a little longer, because we will process the STUN/RTP/RTCP packets after the DTLS handshake.
* Add RTPS protocol dissector (#2168)Vladimir Gavrilov2023-11-27
|
* Reduce false positives for H.323 over TCP (#2164)Vladimir Gavrilov2023-11-23
| | | Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Get rid of RDP false positives (#2161)Vladimir Gavrilov2023-11-23
| | | | | | | | | | | | * Get rid of false positives in the RDP protocol dissector * Remove kludge for RDP * RDP: improve detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add HART-IP protocol dissector (#2163)Vladimir Gavrilov2023-11-22
| | | | | | | | | | | | | | | * Add HART-IP protocol dissector * Update docs * Update protocols.rst * Reuse free proto id and re-run tests * docs: move HART-IP to top of list --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Improved TFTP. Fixes #2075. (#2149)Toni2023-11-21
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Get rid of Apache Cassandra false positives (#2159)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Rewrite Apache Cassandra dissector * Replace memcmp with strncmp * Add payload length check * Update Cassandra dissector * Update test results --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Add IEEE 1588-2008 (PTPv2) dissector (#2156)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Add IEEE 1588-2008 (PTPv2) dissector PTPv2 is a time synchronization protocol in computer networks, similar to NTP. * Add default protocol ports * Update default test result for PTPv2 * Update copyright --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Ip address list: aggregate Mullvad and Tor lists too (#2154)Ivan Nardi2023-11-21
| | | | Missing from bdb73db1a See #2150
* Remove Google+ support (#2155)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | * Remove Google+ support Google+ was discontiued in 2019, so I think that its protocol id can be freed for reuse. * Fix typo * Update tests --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* IP lists: aggregate addresses wherever possible (#2152)Ivan Nardi2023-11-17
| | | See #2150
* Remove duplicate addreess list (#2151)Ivan Nardi2023-11-16
| | | | We are loading the same AS list as GOTO See #2150
* protocols/ethereum: enhance node discovery protocol detection. (#2145)Maatuq2023-11-15
| | | | | | * packet-type == 0x0 shouldn't be allowed. * allow more packet-type e.g. ENRRequest, ENRResponse. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added TeslaServices and improved TikTok host names. Fixes #2140. (#2144)Toni2023-11-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed hash buffer size in ndpiSimpleIntegration. (#2143)Toni2023-11-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Have a clear distinction between public and private/internal API (#2137)Ivan Nardi2023-11-09
| | | | | | 1) Public API/headers in `src/include/` [as it has always been] 2) Private API/headers in `src/lib/` Try to keep the "ndpi_" prefix only for the public functions
* Fixed implicit u32 cast in `ndpi_data_min()` / `ndpi_data_max()`. (#2139)Toni2023-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fuzz: improve coverage and remove dead code (#2135)Ivan Nardi2023-11-07
| | | | | | | | | | We are not able to remove custom rules: remove the empty stubs (which originate from the original OpenDPI code). `ndpi_guess_protocol_id()` is only called on the first packet of the flow, so the bitmask `flow->excluded_protocol_bitmask` is always empty, since we didn't call any dissectors yet. Move another hash function to the dedicated source file.
* Remove `struct ndpi_packet_struct` from the public API (#2129)Ivan Nardi2023-11-07
| | | | | | | | | | | | | | | | | Right now, the only instance of `struct ndpi_packet_struct` is embedded into `struct ndpi_detection_module_struct`. Since the latter is a private structure (because of `NDPI_LIB_COMPILATION` ) there is no way for the application to get a pointer to `ndpi_struct->packet`. Bottom line: the application can't use any API functions having `struct ndpi_packet_struct *` as parameter. Remove them all (since they are completly unused and unusable). There are no public helper functions to initialize/populate/deinit a `struct ndpi_packet_struct` object, so the application can't neither create its own instance of this object. Protect `struct ndpi_packet_struct` via the same define `NDPI_LIB_COMPILATION`.
* In case a pattern is redefined (for instance with protos.txt), the custom ↵Luca Deri2023-11-02
| | | | definition overwrites the previous one (so far it was ignored)
* Added malicious sites from the polish cert. (#2121)Toni2023-11-02
| | | | | * added handling of parsing errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Move from PCRE to PCRE2 (#2134)Christian Marangi2023-11-01
| | | | | | | | | | Move from PCRE to PCRE2. PCRE is EOL and won't receive any security updates anymore. Convert to PCRE2 by converting any function PCRE2 new API. Also update every entry in github workflows and README to point to the new configure flag. (--with-pcre2) Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* Fix proto_name and proto_id missmatch for Sina and SinaWeibo (#2131)Ivan Kapranov2023-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | * minor fixes fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq * fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol * fix compile errors * fix * Fix name missmatch for Sina and Sina Weibo * fix * add Sina Weibo to doc * fix * add Sina Weibo to doc --------- Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
Powered by cgit, Themed by Ted Yin.