| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Last step of removing JA3C fingerprint
Remove some duplicate tests: testing with ja4c/ja3s disabled is already
performed by `disable_metadata_and_flowrisks` configuration.
Close:#2551
|
| |
|
|
|
|
|
|
|
| |
It might be usefull to be able to match traffic against a list of
suspicious JA4C fingerprints
Use the same code/logic/infrastructure used for JA3C (note that we are
going to remove JA3C...)
See: #2551
|
| |
|
|
| |
https://github.com/ntop/nDPI/commit/d351907af8b93020d5d4ac2949d8e9dd0cfb0dd7
|
| |
|
|
|
| |
type (#2675)
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
| |
|
|
|
| |
type (#2676)
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
| |
|
|
|
| |
type (#2677)
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
| |
|
|
|
| |
dereference (#2674)
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Removing JA3C is an big task. Let's start with a simple change having an
huge impact on unit tests: remove printing of JA3C information from
ndpiReader.
This way, when we will delete the actual code, the unit tests diffs
should be a lot simpler to look at.
Note that the information if the client/server cipher is weak or
obsolete is still available via flow risk
See: #2551
|
| |
|
|
| |
We calculate HTTP entropy according to "Content-type:" header, see
`ndpi_validate_http_content()` on HTTP code
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now the CI takes ~30 minutes; the goal is to have it ending in
< 15 min.
The basic trick is to run the longer jobs (no_x86_64 and masan) only
with the recently updated pcaps. The same jobs will run again on schedule
(every night) testing all the traces.
This way the CI will be "green" (hopefully!) earlier while pushing new
commit/PR; full tests are simply delayed.
Details: when `NDPI_TEST_ONLY_RECENTLY_UPDATED_PCAPS` is set,
`tests/do.sh` checks only the latest 10 pcaps (i.e. the more recent pcap
added/updated) for *every* configuration.
Notes that no_x86_64 and masan jobs run twice: when pushing/merging and
on schedule (every night)
|
| |
|
|
|
|
|
| |
For some reansons, the installation of golang-1.16 fails on ubuntu 24.04
(note that ubuntu-latest now is pointing to ubuntu-24.04).
It seems that everything is fine if we use the already installed version
of golang
|
| |
|
|
|
|
| |
* detect `chisel` SSH-over-HTTP-WebSocket
* use `strncasecmp()` for `LINE_*` matching macros
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Integrate .md files into official documentation
See: https://stackoverflow.com/questions/46278683/include-my-markdown-readme-into-sphinx/68005314#68005314
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Move ThreadSanitizer job to the scheduled jobs (once a day): all our tests
are intrinsically mono-thread and this job takes quite some time
* Two explicit jobs to test LTO and Gold linker, used by oss-fuzz
* Two explicit jobs for Windows (with msys2)
* Run address sanitizer only on the 4 main jobs: newest/oldest gcc/clang
* Reduce the time used by fuzzing jobs. Note that oss-fuzz is
continuosly fuzzing our code!
* Move the no x86_64 jobs to a dedicated file
This way, the main matrix is a little bit simpler and the CI jobs last a
little shorter
|
| | |
|
| |
|
|
|
| |
In very old (G)QUIC versions by Google, the user agent was available on
plain text. That is not true anymore, since about end of 2021.
See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7
|
| |
|
| |
Add a new variable to keep track of internal partial classification
|
| |
|
|
|
| |
Classification "by-port" is the latest possible shot at getting a
classification, when everything else failed: we should always use
the configured ports (as expected by the users, IMO)
|
| | |
|
| |
|
|
| |
Show JA4C and JA3S information (instead of JA3C and JA3S)
See #2551 for context
|
| |
|
|
|
| |
Even if it is only the proposed value by the client (and not the
negotiated one), it might be use as hint for timeout by the (external)
flows manager
|
| |
|
|
| |
We should set it also for "obsolete"/"insecure" ciphers, not only for
the "weak" ones.
|
| |
|
|
|
| |
ESNI has been superseded by ECH for years, now.
See: https://blog.cloudflare.com/encrypted-client-hello/
Set the existing flow risk if we still found this extension.
|
| |
|
| |
We should use the existing helper
|
| | |
|
| |
|
|
| |
messages when used to browse (old) network devices
|
| | |
|
| |
|
|
|
|
| |
ipv6 addresses already containing "::" token shall
not be searched for ":0:" nor patched
Close #1890
|
| | |
|
| |
|
| |
[no ci]
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
```
Running: /home/ivan/Downloads/clusterfuzz-testcase-minimized-fuzz_ndpi_reader_pl7m_simplest_internal-5759495480868864
protocols/dns.c:482:5: runtime error: index 4 out of bounds for type 'u_int8_t[4]' (aka 'unsigned char[4]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:482:5
protocols/dns.c:483:5: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:483:5
protocols/dns.c:490:12: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]')
```
Found by oss-fuzz
See: https://issues.oss-fuzz.com/issues/383911300?pli=1
|
| | |
|
| |
|
| |
[no ci]
|
| | |
|
| |
|
| |
[no ci]
|
| | |
|
| |
|
| |
Updtae pl7m code (Fix swap-direction mutation)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|