aboutsummaryrefslogtreecommitdiff
path: root/example/reader_util.c
Commit message (Collapse)AuthorAge
* Refactor: make src_name/dst_name dynamically allocated to reduce RAM usage ↵Fábio Depin4 days
| | | | | | (#2908) - Changed ndpi_flow_info: replaced fixed-size char arrays (always INET6_ADDRSTRLEN) for src_name and dst_name with char* pointers. - Now IPv4 flows use only INET_ADDRSTRLEN when needed, instead of always reserving IPv6 size.
* Fix stats memory reuse and cleanup across duration loops in ndpiReader ↵Fábio Depin12 days
| | | | | | | | | | | | | | (#2903) (#2904) Refactored stats allocation and reset logic to avoid segmentation faults when running ndpiReader in live_capture mode with the -m (duration) option. - Introduced ndpi_stats_init(), ndpi_stats_reset(), and ndpi_stats_free() to encapsulate lifecycle management of stats. - Applied these functions in ndpiReader.c and reader_util.{c,h}. - Prevented multiple allocations and ensured safe reuse of cumulative_stats and per-thread stats structures between capture iterations. Fixes: https://github.com/ntop/nDPI/issues/2903
* ndpiReader: fix check on max number of packets per flowIvan Nardi12 days
|
* New API to enable/disable protocols. Removed ↵Ivan Nardi13 days
| | | | | | | | | | | | | | | | | | | | | | | | | | `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2894) Change the API to enable/disable protocols: you can set that via the standard `ndpi_set_config()` function, as every configuration parameters. By default, all protocols are enabled. Split the (local) context initialization into two phases: * `ndpi_init_detection_module()`: generic part. It does not depend on the configuration and on the protocols being enabled or not. It also calculates the real number of internal protocols * `ndpi_finalize_initialization()`: apply the configuration. All the initialization stuff that depend on protocols being enabled or not must be put here This is the last step to have the protocols number fully calculated at runtime Remove a (now) useless fuzzer. Important API changes: * remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` define * remove `ndpi_get_num_internal_protocols()`. To get the number of configured protocols (internal and custom) you must use `ndpi_get_num_protocols()` after having called `ndpi_finalize_initialization()`
* fuzz: fuzz loading of external protocols lists (#2897)Ivan Nardi13 days
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Moved variable across filesLuca Deri2025-05-29
|
* Changed variable nameLuca Deri2025-05-29
|
* Added ndpi_load_protocols_dir() API call for loading IP-based protocol detectionLuca Deri2025-05-28
| | | | Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
* BFCP: fix check on payload length and extract metadata (#2854)Ivan Nardi2025-05-26
| | | | | | We should be able to identified this protocol on the first packet, without keeping any state Close #2745
* TLS: avoid exporting TLS heuristic fingerprint as metadata (#2783)Ivan Nardi2025-03-27
|
* FastCGI: use specific metadata, not the HTTP ones (#2774)Ivan Nardi2025-03-19
| | | | We are going to use HTTP metadata only for real HTTP traffic; FastCGI should be the only protocol using them improperly
* ndpiReader: remove redundant checksIvan Nardi2025-02-28
|
* Move `rtp` info out of `flow->protos` (#2739)Ivan Nardi2025-02-21
| | | | | Thiw way, the code is ready to handle rtp info from STUN flows too. And, most important, this change works as workaround to fix some crashes reported by oss-fuzz
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* ndpiReader: print more DNS information (#2717)Ivan Nardi2025-02-11
|
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* fuzz: extend fuzzing coverage (#2696)Ivan Nardi2025-01-23
|
* TLS: remove JA3C (#2679)Ivan Nardi2025-01-14
| | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551
* Fixes https://github.com/ntop/nDPI/issues/2672Luca Deri2025-01-13
|
* QUIC: extract "max idle timeout" parameter (#2649)Ivan Nardi2025-01-06
| | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager
* TLS: remove ESNI support (#2648)Ivan Nardi2025-01-06
| | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension.
* STUN/RTP: improve metadata extraction (#2641)Ivan Nardi2024-12-11
|
* STUN counter changesLuca Deri2024-11-29
|
* Enhanced STUN statsLuca Deri2024-11-28
|
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* Exported is_ndpi_proto definitionLuca Deri2024-11-04
|
* Added HTTP credentials extractionLuca Deri2024-10-31
|
* TLS: export heuristic fingerprint as metadata (#2609)Ivan Nardi2024-10-28
|
* ndpiReader: explicitly remove non ipv4/6 packets (#2601)Ivan Nardi2024-10-19
|
* ndpiReader: add some statistics about monitoring (#2602)Ivan Nardi2024-10-19
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Implemented nDPI TCP fingerprintLuca Deri2024-10-15
|
* Add monitoring capability (#2588)Ivan Nardi2024-10-14
| | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583
* Added support for printing JA4r when enabledLuca Deri2024-10-11
|
* Added -N option for dumping/restoring the DNS cache (when enabled)Luca Deri2024-10-10
| | | | Example ndpiReader -i en0 --cfg=dpi.address_cache_size,32768 -N /tmp/a
* Implemented (disabled by default) DNS host cache. You can set the cache size ↵Luca Deri2024-10-07
| | | | | | | | | | as follows: ndpiReader --cfg=dpi.address_cache_size,1000 -i <pcap>.pcap In the above example the cache has up to 1000 entries. In jcase ndpiReader exports data in JSON, the cache hostname (if found) is exported in the field server_hostname
* Exports DNS A/AAAA responses (up to 4 addresses)Luca2024-10-02
| | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response
* Let the library returning the packet direction calculated internally (#2572)Ivan Nardi2024-09-27
| | | wireshark, lua: add basic analysis of possible obfuscated flows
* domain lists are not loaded when -E is usedLuca2024-09-17
|
* fuzz: try to be a little bit faster (#2559)Ivan Nardi2024-09-17
| | | | | | | Some fuzzers don't really need a real and complete local context. Try to avoid setting it up, creating a simpler fake version with only the features really needed. That is a kind of experiment: if it works, we can extend the same logic to other fuzzers
* Reworked fingerprint export now in JSONLuca2024-09-16
|
* Enhanced DHCP fingerprintLuca Deri2024-09-15
| | | | Exported it with -E
* Added -E option for dumping flow fingerprintLuca Deri2024-09-15
|
* Introduced ndpi_master_app_protocol typedefLuca Deri2024-08-24
|
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
Powered by cgit, Themed by Ted Yin.