libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	HSRP: fix dissection over IPv6 (#1443)	Ivan Nardi	2022-02-10
\| \| \|	Handle all message types.
*	Added cybersecurity category mapping to string	Luca Deri	2022-02-10
\|
*	Added cybersecurity protocol and category that groups traffic towards ↵	Luca Deri	2022-02-10
\| \| \| \|	leading cybersecurity companies and CDNs, useful to make destinations that should be marked as trusted in firewalls and security gateways
*	HSRP: add support for IPv6 (#1440)	Ivan Nardi	2022-02-09
\|
*	Added VXLAN dissector (#1439)	Dmytrii Vitman	2022-02-09
\| \| \|	* RFC 7348
*	Fix memory access in ndpi_strnstr() (#1438)	Ivan Nardi	2022-02-09
\| \| \| \| \| \| \|	Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44482 It should be the same error reported (and only partially fixed) in 79968f32
*	Add few scripts to easily update some IPs lists (#1436)	Ivan Nardi	2022-02-09
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
*	Increment current/total number of active flows on successful flow insertion ↵	ol-andreyizrailev	2022-02-09
\| \| \| \| \| \| \| \|	(#1434) Memory allocation or ndpi_tsearch might fail, so the two values should be incremented only when insertion actually happened. Co-authored-by: Andrey Izrailev <Andrey.Izrailev@oktetlabs.ru>
*	Added ndpi_serialize_string_string_len() APi call	Luca Deri	2022-02-08
\| \| \| \|	Fixed CSV string serialization
*	Added HSRP protocol detection	Luca Deri	2022-02-08
\| \| \| \|	Removed attic directory now obsolete
*	Added check to ignore multicast packets marking the as Skype	Luca Deri	2022-02-08
\|
*	Improved MDNS/LLMNR detection. (#1437)	Toni	2022-02-07
\| \| \| \| \| \|	* Checking for port 5353/5355 is not enough. * Added additional multicast address and header checks. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	TLS: fix parsing of certificate elements (#1435)	Ivan Nardi	2022-02-07
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44280 ``` ==263603==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x592478 in ndpi_is_printable_string ndpi/src/lib/ndpi_utils.c:2200:9 #1 0x5b047c in processCertificateElements ndpi/src/lib/protocols/tls.c:400:7 #2 0x5ac880 in processCertificate ndpi/src/lib/protocols/tls.c:790:7 #3 0x5c3a32 in processTLSBlock ndpi/src/lib/protocols/tls.c:844:13 #4 0x5c2c61 in ndpi_search_tls_tcp ndpi/src/lib/protocols/tls.c:973:2 #5 0x5c117d in ndpi_search_tls_wrapper ndpi/src/lib/protocols/tls.c:2367:5 #6 0x552a50 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:4792:6 ```
*	Sync utests (#1433)	Ivan Nardi	2022-02-04
\| \| \| \| \| \| \|	* Sync utest results * Fix read-heap-buffer-overflow error reported by CI See: https://github.com/ntop/nDPI/runs/5055876515?check_suite_focus=true
*	Add comment	Alfredo Cardigliano	2022-02-03
\|
*	Updated test results	Luca Deri	2022-02-03
\|
*	Added NDPI_ERROR_CODE_DETECTED risk	Luca Deri	2022-02-03
\|
*	Renamed DCERPC to more generic RPC protocol so we can use also for other ↵	Luca Deri	2022-02-03
\| \| \| \| \| \| \|	types of RPCs (not limited to DCE) Extended HTTP plugin to support RPC Improved HTTP crear text detection to limit it to Basic and Digest
*	Typo	Luca Deri	2022-02-03
\|
*	Improved risks description	Luca Deri	2022-02-03
\|
*	Updated risk documentation	Luca Deri	2022-02-03
\|
*	Added new IDN/Punycode risk for spotting internationalized domain names	Luca	2022-02-03
\|
*	Added missing __sync_fetch_and_add() definition in Windows	Luca Deri	2022-02-02
\|
*	Moved to 4.3	Luca	2022-02-01
\|
*	Update changelog	Alfredo Cardigliano	2022-01-31
\|
*	Remove `struct ndpi_id_struct` (#1427)	Ivan Nardi	2022-01-30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Remove the last uses of `struct ndpi_id_struct`. That code is not really used and it has not been updated for a very long time: see #1279 for details. Correlation among flows is achieved via LRU caches. This change allows to further reduce memory consumption (see also 91bb77a8). At nDPI 4.0 (more precisly, at a6b10cf, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 235.27 KB Flow Memory (per flow): 688 B <-------- ``` i.e. memory usage per flow has been reduced by 77%. Close #1279
*	Remove Playstation VUE protocol (#1426)	Ivan Nardi	2022-01-30
\| \| \| \|	PS VUE service has been discontinued on January 30, 2020 https://en.wikipedia.org/wiki/PlayStation_Vue
*	Commented old code (see https://github.com/ntop/nDPI/pull/1425)	Luca Deri	2022-01-30
\|
*	Improve protocol stacks (#1425)	Ivan Nardi	2022-01-30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
*	Extend protocols support (#1422)	Ivan Nardi	2022-01-29
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add detection of AccuWeather site/app and Google Classroom. Improve detection of Azure, Zattoo, Whatsapp, MQTT and LDAP. Fix some RX false positives. Fix some "Uncommon TLS ALPN"-risk false positives. Fix "confidence" value for some Zoom/Torrent classifications. Minor fix in Lua script for Wireshark extcap. Update .gitignore file. Let GitHub correctly detect the language type of *.inc files. Zattoo example has been provided by @subhajit-cdot in #1148.
*	Fix some race conditions by using atomic operations. (#1420)	Toni	2022-01-29
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Make some protocols more "big-endian" friendly (#1402)	Ivan Nardi	2022-01-29
\| \| \|	See #1312
*	Sync unit tests results (#1423)	Ivan Nardi	2022-01-28
\| \| \|	Fix: 7a3aa41a
*	Updated alert description case	Luca	2022-01-28
\|
*	Fixed heap overflow in nDPI realloc wrapper if new size < old size. (#1421)	Toni	2022-01-27
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Kerberos, TLS, example: fix some memory errors (#1419)	Ivan Nardi	2022-01-27
\| \| \| \| \| \|	Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43823 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43921 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43925
*	Fixed wrong ip tuple comparison. #1386 (#1418)	Toni	2022-01-26
\| \| \| \| \| \| \|	* Added u32 pads to `union ip_tuple` so btree search should now work as expected. The bug caused new flow's when the remote answers, resulting in two Flows per direction. Fail. * Fixed a race condition during shutdown phase. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Added support for the .goog Google TLD	Luca Deri	2022-01-26
\|
*	Serializing empty `risk blocks' pollutes the resulting string. (#1417)	Toni	2022-01-26
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Updated test results after the risk NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE has ↵	Luca Deri	2022-01-26
\| \| \| \|	been added
*	Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow risk	Luca Deri	2022-01-26
\| \| \| \|	Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days
*	Removed pandora.tv from pandora protocol as they are different services that ↵	Luca Deri	2022-01-25
\| \| \| \|	shouldd not be mixed
*	Improved pandora TV detection	Luca Deri	2022-01-24
\|
*	Improved Zoom protocol detection	Luca Deri	2022-01-23
\|
*	Tool for generating automatically the Azure IP list	Luca Deri	2022-01-23
\|
*	Fix ndpi_serialize_string_int64	Alfredo Cardigliano	2022-01-21
\|
*	Add unit test for ndpi_serialize_string_int64	Alfredo Cardigliano	2022-01-21
\|
*	Fix Grease values parsing (#1416)	havsah	2022-01-21
\| \| \| \| \| \| \| \| \| \| \|	The check for grease was too broad and filtered some valid values. In particular, the value 257 was skipped because it matched the previous check. This has been discovered while parsing tests/pcap/443-firefox.pcap expected ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256-257,0 previously generated ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256,0 Signed-off-by: Patrick Havelange <patrick.havelange_ext@softathome.com>
*	Added JA3 in risj exceptions	Luca Deri	2022-01-20
\|
*	Fixed certificate mismatch check	Luca Deri	2022-01-19
\|