aboutsummaryrefslogtreecommitdiff
path: root/example
Commit message (Collapse)AuthorAge
...
* Fixed output when tLS (nad not QUIC) is usedLuca Deri2020-12-28
|
* Fixes bug introduced by https://github.com/ntop/nDPI/pull/1085Luca Deri2020-12-12
|
* Fix minimum packet length condition (#1087)Zied Aouini2020-12-12
|
* Added --ignore-vlanid / -I to exclude VLAN ids for flow hash calculation. ↵Toni2020-12-11
| | | | | #1073 (#1085) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPI rules (work in progress) implementationLuca Deri2020-11-30
|
* Support raw IPv4 / IPv6 pcap packet processing. (#1053)Toni2020-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cosmetic changesLuca Deri2020-11-03
|
* Moved global in reader_util.cLuca Deri2020-10-27
|
* Added -D flag for detecting DoH in the wildLuca Deri2020-10-26
| | | | Removed heuristic from CiscoVPN as it leads to false positives
* Various improvemement when using ndpi_pref_enable_tls_block_dissection:Luca Deri2020-10-24
| | | | | | application data TLS blocks are now ignored when exchanged before - the end of certificate negotiation (up to TLS 1.2) - change cipher
* Added -x for checking patternsLuca Deri2020-10-22
|
* Fix parsing of DLT_PPP datalink type (#1042)Ivan Nardi2020-10-21
|
* CAPWAP tunnel decoding fix (#1038)Zied Aouini2020-10-21
| | | | | * Fix CAPWAP processing. * Update result.
* Fixed missing PCAP include directories in Makefiles. (#1034)Toni2020-10-19
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix CAPWAP handling.aouinizied2020-10-13
|
* Added ndpi_quick_16_byte_hashLuca2020-10-05
| | | | Warning fix
* Warning fixLuca Deri2020-10-03
|
* Added missing files to `make dist' target which are not required to build ↵Toni2020-09-29
| | | | | nDPI but still somehow essential. (#1024) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add unit tests to travis. Move ndpi serializer tests to unit tests.Alfredo Cardigliano2020-09-21
|
* Merge pull request #1018 from lnslbrty/fix/make-distLuca Deri2020-09-20
|\ | | | | Fixed broken `make dist' and added CI check.
| * Fixed broken `make dist' and added CI check.Toni Uhlig2020-09-19
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Merge pull request #1017 from lnslbrty/fix/mingw-xcompileLuca Deri2020-09-20
|\ \ | | | | | | Added support for mingw xcompile.
| * | Fixed mingw build w/o examples/tests/fuzzer.Toni Uhlig2020-09-18
| |/ | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
| |
* | Merge pull request #1012 from IvanNardi/uaLuca Deri2020-09-17
|\ \ | | | | | | QUIC: extract User Agent information
| * | http: create a common function to parse User Agent fieldNardi Ivan2020-09-08
| |/ | | | | | | Prepare the code to handle UA information from flows other than HTTP
* / Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ | | | https://github.com/veggiedefender/browsertunnel
* Fixed invalid memory access leading to a SIGSEGV in ndpiReader's option parser.Toni Uhlig2020-08-28
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
* Add (optional) dependency on external libraries: libgcrypt and libgpg-errorNardi Ivan2020-08-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To support QUIC payload and header decryption, it is necessary to choose an external crypto library to handle the low-level crypto stuff. Since we will use some Wireshark code, it is quite natural to choose the same library used by Wireshark itself: libgcrypt. More precisely, we will use libgcrypt and libgpg-error. Both libraries have LGPL license, so there should be no issue from this point of view. These libraries are not required to build nDPI, and their usage is optional: nDPI will keep working (and compiling) even if they are not available. However, without them, QUIC sub-classification is next to impossible. The configure flag "--disable-gcrypt" forces the build system to ignore these libraries. libgpg-error is only used for debug to have meaningful error messages and its usage is trivial. The same cannot be said for libgcrypt because its initialization is a significant issue. The rest of this commit message try explaining how libgcrypt is initialized. According to the documentation https://gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html https://gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html#Multi_002dThreading libgcrypt must be initialized before using it, but such initialization should be performed by the actual application and not by any library. Forcing the users to proper initialize libgcrypt in their own code seems unreasonable: most people using nDPI might be complete unaware of any crypto stuff and update each and every one application linking to nDPI with specific libgcrypt code should be out of question, anyway. Fortunately, it seems a workaround exists to initialize libgcrypt in a library https://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html Therefore, we could provide a wrapper to this initialization stuff in a nDPI function. Unfortunately nDPI API lacks a global init function that must be called only once, before any other functions. We could add it, but that would be a major API break. AFAIK, ndpi_init_detection_module() might be called multiple times, for example to create multiple independent dpi engines in the same program. The proposed solution is to (optionally) initialize libgcrypt in ndpi_init_detection_module() anyway: * if the actual application doesn't directly use libgcrypt and only calls ndpi_init_detection_module() once, everything is formally correct and it should work out of the box [by far the most common user case]; * if the actual application already uses libgcrypt directly, it already performs the required initialization. In this case the ndpi_prefs.ndpi_dont_init_libgcrypt flag should be passed to ndpi_init_detection_module() to avoid further initializations. The only scenario not supported by this solution is when the application is unaware of libgcrypt and calls ndpi_init_detection_module() multiple times concurrently. But this scenario should be uncommon. A completely different option should be to switch to another crypto library, with a huge impact on the QUIC dissector code. Bottom line: crypto is hard, using libgcrypt is complex and the proposed initialization, even if not perfect, should cover the most frequent user cases and should work, for the time being. If anyone has some suggestions...
* Merge pull request #977 from adek05/devLuca Deri2020-08-19
|\ | | | | Enable building on OpenBSD 6.7
| * OpenBSD: Introduce pkt_timeval to deal with (bpf_)_timevalAdrian Zgorzałek2020-08-09
| | | | | | | | | | | | Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI APIs expect `struct timeval`. These two structs, besides having a different name, share the exact same set of fields.
* | Merge pull request #984 from lnslbrty/fix/invalid-fncall-dpdkLuca Deri2020-08-16
|\ \ | | | | | | Fixed invalid dpdk fn call.
| * | Fixed invalid dpdk fn call.Toni Uhlig2020-08-15
| | | | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | | Merge pull request #983 from lnslbrty/fix/libpcap-obsolete-pcap_lookupdev-usageLuca Deri2020-08-16
|\ \ \ | |/ / |/| | Replaced obsolete libpcap pcap_lookupdev with pcap_findalldevs.
| * | Replaced obsolete libpcap pcap_lookupdev with pcap_findalldevs.Toni Uhlig2020-08-15
| | | | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | | num_extra_packets_checked check can be 0 for some protocols and therefor ↵Toni Uhlig2020-08-13
| | | | | | | | | | | | | | | | | | requires lesser-or-equal condition for max_extra_packets_to_check Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | | Changed ndpi_ssl_version2str function call in ndpiSimpleIntegration.Toni Uhlig2020-08-08
| |/ |/| | | | | | | | | Fixes build error introduced with 23c072153. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Fixed possible memory leak in TLS certificate handlingLuca Deri2020-08-05
|/
* Tiny changes for TLS block lenght dissectionLuca Deri2020-07-29
|
* Minor fixesNardi Ivan2020-07-26
| | | | Fix a memory leak and an issue (re)-introduced in configure script
* Fixed bin similarityLuca Deri2020-07-24
|
* Improved bin clusteringLuca Deri2020-07-22
|
* Added changes for handlign SSSH cipher detectionLuca Deri2020-07-22
|
* wrapper cleanupLuca Deri2020-07-13
|
* Merge pull request #963 from yskcg/devLuca Deri2020-07-13
|\ | | | | add improved boundary check and check malloc return is NULL
| * add improved boundary check and check malloc return is NULLysk2020-07-10
| |
* | Merge pull request #961 from lnslbrty/fix/ssl-version2str-race-conditionLuca Deri2020-07-13
|\ \ | | | | | | Fixed race condition in ndpi_ssl_version2str() caused by static quali…
| * | Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵Toni Uhlig2020-07-11
| |/ | | | | | | | | | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* / Fixed heap overflow caused by missing lengthcheck in 802.11 LLC header parsing.Toni Uhlig2020-07-11
|/ | | | | | * triggered by fuzz traces from wireshark Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.