aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* fuzz: improve coverage (#2878)Ivan Nardi2025-06-10
|
* Simplify `ndpi_internal_detection_process_packet()` (#2877)Ivan Nardi2025-06-10
| | | Simplify process of each packet
* TCP fingerprint: fix an heap-buffer-overflow (#2876)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | ``` ================================================================= ==17655==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x71053b8a702a at pc 0x5e6f1ed825a2 bp 0x7095389f1d10 sp 0x7095389f1d08 READ of size 1 at 0x71053b8a702a thread T1 #0 0x5e6f1ed825a1 in ndpi_init_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7890:10 #1 0x5e6f1ed94bb2 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:9768:6 #2 0x5e6f1ed92f9f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:10065:22 #3 0x5e6f1ebe7a2e in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1985:31 #4 0x5e6f1ebdffd2 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2730:10 #5 0x5e6f1ea5da49 in ndpi_process_packet /home/ivan/svnrepos/nDPI/example/ndpiReader.c:4751:7 #6 0x74953c48763e (/lib/x86_64-linux-gnu/libpcap.so.0.8+0x2d63e) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) #7 0x74953c4688e7 in pcap_loop (/lib/x86_64-linux-gnu/libpcap.so.0.8+0xe8e7) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) ``` Found by oss-fuzz
* Cosmetic changesLuca Deri2025-06-09
| | | | Added ndpi finalization in case protocols are dumped
* Simplified codeLuca Deri2025-06-09
|
* Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`Ivan Nardi2025-06-09
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* Add category and breed support for custom rules (#2872)Vladimir Gavrilov2025-06-08
| | | Close #2594
* Fixes invalid SSH client/server detection based on stage and not on packet ↵Luca Deri2025-06-08
| | | | direction
* Sync unit tests results and fix `NDPI_HTTP_SUSPICIOUS_HEADER` (#2874)Ivan Nardi2025-06-08
|
* Sync unit tests resultsIvan Nardi2025-06-08
|
* Resoted PCRE2 as optional as some automatic tests failLuca Deri2025-06-08
|
* Improved HTTP risk reportLuca Deri2025-06-08
| | | | PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
* Normalize breed/category names: use _ instead of spaces and slashes (#2873)Vladimir Gavrilov2025-06-07
|
* Compilation fix on old platformsLuca Deri2025-06-06
|
* Added IMO and Badoo filesLuca Deri2025-06-06
|
* Dynamic allocation of `ndpi_struct->proto_defaults[]` (#2866)Ivan Nardi2025-06-06
| | | | | | | | Partial revert of 88bfe2cf0: in the trees we save the index and no more a pointer to `ndpi_struct->proto_defaults[]`. Remove same functions from public API See #2136
* Add ndpi_get_breed_by_name (#2870)Vladimir Gavrilov2025-06-05
|
* Speed up category lookup in ndpi_get_category_id() (#2869)Vladimir Gavrilov2025-06-05
| | | | Implements same optimization pattern as #2867 No behavior changes, just faster lookup
* Sync unit tests resultsIvan Nardi2025-06-05
|
* Update url to download malicious sitesIvan Nardi2025-06-05
|
* Sync unit tests resultsIvan Nardi2025-06-05
|
* Speed up protocol lookup in ndpi_get_proto_by_name (#2867)Vladimir Gavrilov2025-06-05
|
* Improved HTTP risk message reportLuca Deri2025-06-05
|
* Add a configuration to test a huge number of custom protocols (#2865)Ivan Nardi2025-06-03
| | | File taken from #2136
* Split `ndpi_set_proto_defaults()` logic (#2864)Ivan Nardi2025-06-03
| | | | | | | | | Split the internal logic: * update `ndpi_str->proto_defaults[]` array * update the `default_ports_tree_node_t` trees This is a preliminary work to have dynamic allocated `ndpi_str->proto_defaults[]`, because in the tree we have a pointer to the array entries
* Remove `ndpi_set_proto_defaults()` from the API (#2863)Ivan Nardi2025-06-03
| | | Add an explicit field to indicate if the protocol is custom or internal
* Fix test configurationIvan Nardi2025-06-03
| | | | | As reported in the comment at the beginning of the file, here we should only set default values
* Hamachi: improve handshake check (#2861)Vladimir Gavrilov2025-06-03
|
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Add Hamachi protocol detection support (#2860)Vladimir Gavrilov2025-06-02
|
* Added README fileLuca Deri2025-05-29
|
* Added boundary fixLuca Deri2025-05-29
|
* Added missing listsLuca Deri2025-05-29
|
* Moved variable across filesLuca Deri2025-05-29
|
* Updated bots and scanners listLuca Deri2025-05-29
| | | | Improved lists file parsing
* Changed variable nameLuca Deri2025-05-29
|
* Compilation fixLuca Deri2025-05-29
|
* Added readmeLuca Deri2025-05-28
|
* Added ndpi_load_protocols_dir() API call for loading IP-based protocol detectionLuca Deri2025-05-28
| | | | Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
* Fix configuration of ip lists of flow risks (#2859)Ivan Nardi2025-05-28
| | | | | Add some new tests about these configuration parameters. Close #2858
* Improved detection of TCP scannersLuca Deri2025-05-27
|
* Allow to specify default ports also via range (#2856)Ivan Nardi2025-05-27
| | | Ad a trivial example, update SIP configuration to use range
* Sync unit tests resultsIvan Nardi2025-05-27
|
* TypoLuca Deri2025-05-27
|
* Fix compilation on WindowsIvan Nardi2025-05-26
|
* Reworked fingerprint codeLuca Deri2025-05-26
|
* Better separation between "protocols" and "dissectors" (#2855)Ivan Nardi2025-05-26
| | | Callback functions are about dissectors, not protocols
* BFCP: fix check on payload length and extract metadata (#2854)Ivan Nardi2025-05-26
| | | | | | We should be able to identified this protocol on the first packet, without keeping any state Close #2745
Powered by cgit, Themed by Ted Yin.