libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	fuzz: extend fuzzing coverage (#2626)	Ivan Nardi	2024-11-20
\|
*	Endian-independent implementation of IEEE 802.3 CRC32 (#2529)	Vladimir Gavrilov	2024-08-25
\|
*	fuzz: improve fuzzing coverage (#2309)	Ivan Nardi	2024-02-09
\|
*	Add IEC62056 (DLMS/COSEM) protocol dissector (#2229)	Vladimir Gavrilov	2024-01-02
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add IEC62056 (DLMS/COSEM) protocol dissector * Fix detection on big endian architectures * Update protocols.rst * Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c * Update pcap sample * Remove empty .out file * iec62056: add some documentation --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
*	Add some fast CRC16 algorithms implementation (#2195)	Vladimir Gavrilov	2023-12-05
\| \| \| \| \| \| \| \| \|	* Add some fast CRC16 algorithms implementation * Update ndpi_crc.c * Move crc16 stuff to ndpi_analyze.c * IEEE C37.118: use new fast CRC-16/CCITT-FALSE implementation
*	fuzz: improve coverage and remove dead code (#2135)	Ivan Nardi	2023-11-07
\| \| \| \| \| \| \| \| \| \|	We are not able to remove custom rules: remove the empty stubs (which originate from the original OpenDPI code). `ndpi_guess_protocol_id()` is only called on the first packet of the flow, so the bitmask `flow->excluded_protocol_bitmask` is always empty, since we didn't call any dissectors yet. Move another hash function to the dedicated source file.
*	fuzz: add fuzzers to test bitmap64 and domain_classify data structures (#2082)	Ivan Nardi	2023-09-10
\|
*	Add an heuristic to detect fully encrypted flows (#2058)	Ivan Nardi	2023-07-26
\| \| \| \| \| \| \| \|	A fully encrypted session is a flow where every bytes of the payload is encrypted in an attempt to “look like nothing”. The heuristic needs only the very first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf A basic, but generic, inplementation of the popcpunt alg has been added
*	fuzz: some improvements and add two new fuzzers (#1881)	Ivan Nardi	2023-02-09
	Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from `fuzz/Makefile.am`; it is already included by the main configure script (when fuzzing). Add a knob to force disabling of AESNI optimizations: this way we can fuzz also no-aesni crypto code. Move CRC32 algorithm into the library. Add some fake traces to extend fuzzing coverage. Note that these traces are hand-made (via scapy/curl) and must not be used as "proof" that the dissectors are really able to identify this kind of traffic. Some small updates to some dissectors: CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting with "VS01" will be classified as STEAM (see steam.c around line 111). Googling it, it seems right so. XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore that condition is false. RTP, STUN: removed useless "break"s Zattoo: `flow->zattoo_stage` is never set to any values greater or equal to 5, so these checks are never true. PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it. TeamSpeak: we check for `flow->packet_counter == 3` just above, so the following check `flow->packet_counter >= 3` is always false.