| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
* adapted to SonarCloud-CI workflow
* removed broken and incomplete Windows example (tested on VS2017/VS2019)
* removed unnecessary include (e.g. pthread.h for the library which does not make use of it)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
* fixed [h]euristic typo
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
|
|
| |
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.
Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
|
| |
|
|
| |
Removed fragment manager code
|
| |
|
|
|
| |
for more information. (#1177)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
|
| |
* Increased risk bitmask to 64bit (instead of 32bit).
* Removed annoying "Unknown datalink" error message for fuzzers.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
| |
Fuzzing #1161 exposed some (completely unrelated) issues on GTP-U
detunneling code.
(see https://github.com/ntop/nDPI/actions/runs/719882047)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Add support for Snapchat voip calls
Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.
* Fix tests with libgcrypt disabled
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed memory leaks caused by conditional free'ing for some TLS connections.
* Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.
* Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Modified TLS memory free
|
| | |
|
| |
|
|
| |
be present with POSTs and not with other methods such as GET
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
#1073 (#1085)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| |
|
|
| |
Removed heuristic from CiscoVPN as it leads to false positives
|
| |
|
|
|
|
| |
application data TLS blocks are now ignored when exchanged before
- the end of certificate negotiation (up to TLS 1.2)
- change cipher
|
| | |
|
| |
|
|
|
| |
* Fix CAPWAP processing.
* Update result.
|
| | |
|
| |
|
|
| |
Warning fix
|
| | |
|
| | |
|
| |
|
|
| |
Prepare the code to handle UA information from flows other than HTTP
|
| |
|
|
|
|
| |
Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI
APIs expect `struct timeval`. These two structs, besides having
a different name, share the exact same set of fields.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* triggered by fuzz traces from wireshark
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
bins manipulation
|
| |\
| |
| | |
Log
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NDPI_LOG* macros dereference ndpi_detection_module_struct object which is
private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use
them outside the library itself, i.e. in ndpiReader code
Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros
to a new very simple macro, private to ndpiReader program. If necessary,
such macro may be improved.
According to a comment in ndpi_define.h, each dissector must define its own
NDPI_CURRENT_PROTO macro before including ndpi_api.h file
|
| | |
| |
| |
| |
| |
| | |
* triggered by fuzz traces from wireshark
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|