aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Improved Wireguard detectionLuca2023-08-21
|
* Removed empty lineLuca2023-08-21
|
* Added ndpi_bitmap_andnot API callLuca2023-08-21
|
* fuzz: extend coverage (#2073)Ivan Nardi2023-08-20
|
* Fix compilation on Windows (#2072)Ivan Nardi2023-08-14
|
* Replaces free() with ndpi_free()Luca Deri2023-08-14
|
* Reworked ndpi_filter_xxx implementation using compressed bitmapsLuca Deri2023-08-14
|
* TypoLuca Deri2023-08-12
|
* ARM compilation fixLuca Deri2023-08-12
|
* Fixed to address issueLuca Deri2023-08-12
| | | | | | | | Run ./utils/check_symbols.sh || { FAILED=$?; echo "::error file=${NDPI_LIB}::Unwanted libc symbols found: ${FAILED}. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free."; false; } [ndpi_filter.o]: calloc Unwanted symbols found: 1 Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free Error: Unwanted libc symbols found: 1. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of
* Added ndpi_filter_add_multi() API callLuca Deri2023-08-11
|
* Minor initialization fixesLuca Deri2023-08-11
|
* Added new API calls for implementing Bloom-filter like data structuresLuca Deri2023-08-11
| | | | | | | ndpi_filter* ndpi_filter_alloc(uint32_t elements_number); bool ndpi_filter_add(ndpi_filter *f, uint64_t value); bool ndpi_filter_contains(ndpi_filter *f, uint64_t value); void ndpi_filter_free(ndpi_filter *f);
* Typo fixLuca2023-08-07
|
* Added ndpi_bitmap_copy() API callLuca2023-08-06
|
* Mullvad VPN service added (based on entry node IP addresses) (#2062)snicket21002023-08-02
|
* Compilation fixes for older C compilersLuca Deri2023-08-01
|
* Add Service Location Protocol dissector. (#2036)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added `slackb.com` SNI. (#2067)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* DNS: extract geolocation information, if available (#2065)Ivan Nardi2023-07-31
| | | | | | | The option NSID (RFC5001) is used by Google DNS to report the airport code of the metro where the DNS query is handled. This option is quite rare, but the added overhead in DNS code is pretty much zero for "normal" DNS traffic
* Typo in a comment fixed (#2063)snicket21002023-07-28
|
* ProtonVPN: split the ip list (#2060)Ivan Nardi2023-07-27
| | | | | | | | | | | Use two separate lists: * one for the ingress nodes, which triggers a ProtonVPN classification * one for the egress nodes, which triggers the `NDPI_ANONYMOUS_SUBSCRIBER` risk Add a command line option (to `ndpiReader`) to easily test IP/port matching. Add another example of custom rule.
* Add an heuristic to detect fully encrypted flows (#2058)Ivan Nardi2023-07-26
| | | | | | | | A fully encrypted session is a flow where every bytes of the payload is encrypted in an attempt to “look like nothing”. The heuristic needs only the very first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf A basic, but generic, inplementation of the popcpunt alg has been added
* Allow init of app protocols w/o any hostnames set. (#2057)Toni2023-07-22
|
* Fix string truncation. (#2056)Toni2023-07-22
| | | | | | | | ndpi_main.c: In function ‘ndpi_load_ip_category’: ndpi_main.c:6598:3: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] 6598 | strncpy(ipbuf, ip_address_and_mask, sizeof(ipbuf)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Debian 12 fixesLuca Deri2023-07-21
|
* zabbix: improve detection (#2055)Ivan Nardi2023-07-21
|
* TLS: add basic, basic, detection of Encrypted ClientHello (#2053)Ivan Nardi2023-07-21
|
* Add detection of Roblox games (#2054)Ivan Nardi2023-07-21
|
* fuzz: extend fuzzing coverage (#2052)Ivan Nardi2023-07-18
| | | | Added/merged some traces. Improved Socks identification
* tests: restore some old paths as symbolic links (#2050)Ivan Nardi2023-07-16
|
* HTTP: fix another memory access error (#2049)Ivan Nardi2023-07-15
| | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==199079==ERROR: AddressSanitizer: negative-size-param: (size=-1) #0 0x559a2a6efd4f in strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x94ad4f) (BuildId: 34aaabba403c6bc5482553ef355360fd2762a157) #1 0x559a2a9890f0 in ndpi_http_check_content /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:300:8 #2 0x559a2a9812c0 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:910:46 #3 0x559a2a978fee in process_response /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1289:3 #4 0x559a2a97622f in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1382:9 #5 0x559a2a975d95 in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1468:3 #6 0x559a2a864970 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5948:4 #7 0x559a2a8660df in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6013:12 #8 0x559a2a865d7f in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6032:12 #9 0x559a2a876fd6 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7038:15 #10 0x559a2a87311f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7205:22 #11 0x559a2a77381e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1710:31 #12 0x559a2a77381e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2427:10 [...] ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60605
* Fix compilation in CI jobs (#2048)Ivan Nardi2023-07-15
|
* ndpireader: fix detection of DoH traffic based on packet distributions (#2045)Ivan Nardi2023-07-14
|
* Add a configuration knob to enable/disable loading of gambling list (#2047)Ivan Nardi2023-07-14
|
* Adds new pcap for testing "funny" HTTP serversLuca Deri2023-07-14
|
* Restored filesLuca Deri2023-07-14
|
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* Included Gambling website data from the Polish `hazard.mf.gov.pl` list (#2041)snicket21002023-07-14
| | | | | | | | | | | | | * Refreshed the Belgium Gambling Site list data Unfortunately some hostnames have been removed from that list, which means they are disappearing from the `ndpi_gambling_match.c.inc` file as well. * build: added `libxml2-utils` (for `xmllint`) * Included Gambling website data from the Polish `hazard.mf.gov.pl` list The list contains over 30k gambling website hostnames as of today.
* HTTP: fix extraction of filename (#2046)Ivan Nardi2023-07-14
|
* Removed -fno-color-diagnostics not available on all platformsLuca Deri2023-07-13
|
* Cosmetic fixesLuca Deri2023-07-13
|
* Implemented Count-Min Sketch [count how many times a value has been observed]Luca Deri2023-07-13
| | | | | | | - ndpi_cm_sketch_init() - ndpi_cm_sketch_add() - ndpi_cm_sketch_count() - ndpi_cm_sketch_destroy()
* HTTP: fix heap-buffer-overflow (#2044)Ivan Nardi2023-07-13
| | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==673246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5080000002fd at pc 0x555c6a22eca2 bp 0x7ffe1db9b290 sp 0x7ffe1db9aa48 READ of size 1 at 0x5080000002fd thread T0 #0 0x555c6a22eca1 in strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet+0x53aca1) (BuildId: 464e7474cde3de91c01588c7ea0161a05ddd6b63) #1 0x555c6a462a9d in ndpi_http_check_content /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:309:8 #2 0x555c6a45a9a0 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:901:46 #3 0x555c6a4526ce in process_response /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1280:3 #4 0x555c6a44f90f in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1373:9 #5 0x555c6a44f475 in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1459:3 #6 0x555c6a348520 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5949:6 #7 0x555c6a348f2f in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5997:12 #8 0x555c6a348bcf in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6016:12 #9 0x555c6a359e26 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7017:15 #10 0x555c6a355f6f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7184:22 #11 0x555c6a284958 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:5 ``` Found by oss-fuzz. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60557 Fix: 0b0f255cc
* RDP: improve detection over UDP (#2043)Ivan Nardi2023-07-13
|
* fuzz: add fuzzer for DGA detection code (#2042)Ivan Nardi2023-07-13
|
* Add support for multiline jsonAlfredo Cardigliano2023-07-12
|
* Minor code cleanupLuca Deri2023-07-11
|
* added feature to extract filename from http attachment (#2037)Chiara Maggi2023-07-11
| | | | | | | | | | | | | | | | | | | * added feature to extract filename from http attachment * fixed some issues * added check for filename format * added check for filename format * remove an unnecessary print * changed the size from 952 to 960 * modified some test result files * small changes string size * comment removed and mallocs checked
* fuzz: extend fuzzing coverage (#2040)Ivan Nardi2023-07-11
| | | | | | | | | Some notes: * libinjection: according to https://github.com/libinjection/libinjection/issues/44, it seems NULL characters are valid in the input string; * RTP: `rtp_get_stream_type()` is called only for RTP packets; if you want to tell RTP from RTCP you should use `is_rtp_or_rtcp()`; * TLS: unnecessary check; we already make the same check just above, at the beginning of the `while` loop
Powered by cgit, Themed by Ted Yin.