aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* websocket: `ndpi_set_detected_protocol()` should be called only onceHEADdevIvan Nardi5 days
| | | | Fix: b07a910dc
* Refactor: make src_name/dst_name dynamically allocated to reduce RAM usage ↵Fábio Depin5 days
| | | | | | (#2908) - Changed ndpi_flow_info: replaced fixed-size char arrays (always INET6_ADDRSTRLEN) for src_name and dst_name with char* pointers. - Now IPv4 flows use only INET_ADDRSTRLEN when needed, instead of always reserving IPv6 size.
* DNS: `ndpi_match_host_subprotocol()` should be called only onceIvan Nardi5 days
|
* websocket: `ndpi_set_detected_protocol()` should be called only once (#2911)Ivan Nardi5 days
|
* Add auto-updating cryptocurrency mining pool lists (#2891)JH5 days
| | | Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* Rework classification in `ndpi_match_host_subprotocol()`-like functions (#2910)Ivan Nardi5 days
|
* Update README.mdIvan Nardi5 days
| | | [no ci]
* Jabber: proper subclassification of TruPhoneIvan Nardi5 days
|
* Remove some hack for Google traffic in `ndpi_reconcile_protocols()`Ivan Nardi5 days
|
* Fix `ndpi_reconcile_protocols` with classification by port/ipIvan Nardi5 days
|
* Fix classification with nBPF rulesIvan Nardi5 days
|
* TypoLuca Deri5 days
|
* Fix logic: reset stats once per thread after clearing all flow roots (#2905)Fábio Depin12 days
| | | | | | | Call ndpi_stats_reset() once per thread instead of once per flow root Moved ndpi_stats_reset() outside the loop that destroys ndpi_flows_root[] to avoid redundant resets. The stats structure is shared per thread and should only be reset once after all roots are cleared.
* fuzz: extend fuzzing coverageIvan Nardi12 days
| | | | Remove some unused code
* Fix stats memory reuse and cleanup across duration loops in ndpiReader ↵Fábio Depin13 days
| | | | | | | | | | | | | | (#2903) (#2904) Refactored stats allocation and reset logic to avoid segmentation faults when running ndpiReader in live_capture mode with the -m (duration) option. - Introduced ndpi_stats_init(), ndpi_stats_reset(), and ndpi_stats_free() to encapsulate lifecycle management of stats. - Applied these functions in ndpiReader.c and reader_util.{c,h}. - Prevented multiple allocations and ensured safe reuse of cumulative_stats and per-thread stats structures between capture iterations. Fixes: https://github.com/ntop/nDPI/issues/2903
* Bittorrent: update default ports (#2902)Ivan Nardi13 days
|
* STUN: don't check `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` flow risk (#2901)Ivan Nardi13 days
|
* ndpiReader: fix check on max number of packets per flowIvan Nardi13 days
|
* Viber: fix categoryIvan Nardi13 days
|
* TypoLuca Deri13 days
|
* TypoLuca Deri13 days
|
* Classify Tracking/ADS/Analytics traffic only via category (#2900)Ivan Nardi13 days
| | | See 3a243bb40 for similar work about porn and LLM
* Added new protocol categoriesLuca Deri13 days
|
* IndentLuca Deri13 days
|
* If `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` risk is disabled, avoid some ↵Ivan Nardi13 days
| | | | work (#2899)
* Create a wrapper to check for `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` ↵Ivan Nardi13 days
| | | | | risk (#2898) No real change
* New API to enable/disable protocols. Removed ↵Ivan Nardi13 days
| | | | | | | | | | | | | | | | | | | | | | | | | | `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2894) Change the API to enable/disable protocols: you can set that via the standard `ndpi_set_config()` function, as every configuration parameters. By default, all protocols are enabled. Split the (local) context initialization into two phases: * `ndpi_init_detection_module()`: generic part. It does not depend on the configuration and on the protocols being enabled or not. It also calculates the real number of internal protocols * `ndpi_finalize_initialization()`: apply the configuration. All the initialization stuff that depend on protocols being enabled or not must be put here This is the last step to have the protocols number fully calculated at runtime Remove a (now) useless fuzzer. Important API changes: * remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` define * remove `ndpi_get_num_internal_protocols()`. To get the number of configured protocols (internal and custom) you must use `ndpi_get_num_protocols()` after having called `ndpi_finalize_initialization()`
* fuzz: fuzz loading of external protocols lists (#2897)Ivan Nardi2025-06-22
|
* Fix heap-buffer-overflow (#2896)Ivan Nardi2025-06-22
| | | | | | | | | | | | | | ``` ================================================================= ==33955==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x742759c04838 at pc 0x6202855bdeda bp 0x7ffcfb602bf0 sp 0x7ffcfb602be8 READ of size 2 at 0x742759c04838 thread T0 #0 0x6202855bded9 in ndpi_handle_rule /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5513:40 #1 0x6202855b9b7a in load_protocols_file_fd /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6333:8 #2 0x62028556b29e in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols.c:18:3 #3 0x62028546684f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x70484f) (BuildId: 24c11efa0800dbd23c38b07e76cdc510388e6f85) ``` Found by oss-fuzzer. See: https://issues.oss-fuzz.com/issues/426164365?pli=1
* ndpiReader: print categories summary (#2895)Ivan Nardi2025-06-21
|
* Rework default ports initialization (#2893)Ivan Nardi2025-06-20
| | | | | | | Default ports trees are initialized during `ndpi_finalize_initialization()` Make `ndpi_init_detection_module()` less likely to fail, because there are less memory allocations.
* Fix protocol documentationIvan Nardi2025-06-18
| | | | [no ci]
* fuzz: fix compilationIvan Nardi2025-06-18
|
* Merged protocols (now free to use) into existing categoriesLuca Deri2025-06-17
| | | | | - AdultContent -> Category Adult Content - LLM -> Category Artificial Intelligence
* Renamed custom protocol labelsLuca Deri2025-06-17
|
* Rework `ndpi_init_detection_module_ext()` (#2888)Ivan Nardi2025-06-17
|
* Faster configuration (#2887)Ivan Nardi2025-06-17
|
* Move dissectors initialization to `ndpi_finalize_initialization()` (#2886)Ivan Nardi2025-06-17
|
* Fix double-free on domain reloadIvan Nardi2025-06-17
| | | | | | | | | | | | | | ``` ==20045==ERROR: AddressSanitizer: attempting double-free on 0x7c95733e1c00 in thread T0: #0 0x5648d814034a in free build-llvm/tools/clang/stage2-bins/runtimes/runtimes-bins/compiler-rt/lib/asan/asan_malloc_linux.cpp:51:3 #1 0x7f457408532f in _IO_deallocate_file libio/libioP.h:958:3 #2 0x7f457408532f in fclose libio/iofclose.c:74:3 #3 0x5648d8102b90 in fclose build-llvm/tools/clang/stage2-bins/runtimes/runtimes-bins/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6434:13 #4 0x5648d81b00d4 in ndpi_load_domain_suffixes /home/ivan/svnrepos/nDPI/src/lib/ndpi_domains.c:79:3 #5 0x5648d8188a6f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_config.cpp:103:5 ``` Found by oss-fuzz
* Prelimary work to remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2885)Ivan Nardi2025-06-16
|
* Added missing ndpi_is_custom_category() the ndpi_api.hLuca Deri2025-06-16
| | | | Fixed ndpi_is_custom_category() and ndpi_is_custom_protocol(0 prototypes so that now return a bool
* No limits on the number of (custom) protocols (#2875)Ivan Nardi2025-06-16
| | | | | | | | | | | | | | | | The hard limit of total number of protocols (internal and custom) is ~65535, because protocol ids are `u_int16_t`... API changes: 1. From `NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS` to `ndpi_get_num_protocols()` (after having called `ndpi_finalize_initialization()`); 2. From `proto_id >= NDPI_MAX_SUPPORTED_PROTOCOLS` to `ndpi_is_custom_protocol(proto_id)` (after having called `ndpi_finalize_initialization()`); Close #2136 Close #2545
* Check `ndpi_finalize_initialization()` return value (#2884)Ivan Nardi2025-06-14
|
* fuzz: try to improve coverage (#2883)Ivan Nardi2025-06-14
| | | Revert of 2b14b46df39e14d8c41ca1a5aa8db375bbc11ba6
* Added webinar videoLuca Deri2025-06-12
|
* fuzz: make allocation failures a bit more unlikelyIvan Nardi2025-06-12
|
* Rework sanity checks and remove some functions from API (#2882)Ivan Nardi2025-06-12
|
* A new attempt to improve public documentation (#2881)Ivan Nardi2025-06-11
|
* TCP fingerprint: fix an undefined-shiftIvan Nardi2025-06-11
| | | | | | | | | ``` ndpi_main.c:7905:33: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' ``` Found by oss-fuzz. See: https://issues.oss-fuzz.com/issues/423959691
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.