aboutsummaryrefslogtreecommitdiff
path: root/fuzz
Commit message (Collapse)AuthorAge
* fuzz: extend fuzzing coverageIvan Nardi12 days
| | | | Remove some unused code
* New API to enable/disable protocols. Removed ↵Ivan Nardi13 days
| | | | | | | | | | | | | | | | | | | | | | | | | | `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2894) Change the API to enable/disable protocols: you can set that via the standard `ndpi_set_config()` function, as every configuration parameters. By default, all protocols are enabled. Split the (local) context initialization into two phases: * `ndpi_init_detection_module()`: generic part. It does not depend on the configuration and on the protocols being enabled or not. It also calculates the real number of internal protocols * `ndpi_finalize_initialization()`: apply the configuration. All the initialization stuff that depend on protocols being enabled or not must be put here This is the last step to have the protocols number fully calculated at runtime Remove a (now) useless fuzzer. Important API changes: * remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` define * remove `ndpi_get_num_internal_protocols()`. To get the number of configured protocols (internal and custom) you must use `ndpi_get_num_protocols()` after having called `ndpi_finalize_initialization()`
* fuzz: fuzz loading of external protocols lists (#2897)Ivan Nardi14 days
|
* fuzz: fix compilationIvan Nardi2025-06-18
|
* Prelimary work to remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2885)Ivan Nardi2025-06-16
|
* fuzz: try to improve coverage (#2883)Ivan Nardi2025-06-14
| | | Revert of 2b14b46df39e14d8c41ca1a5aa8db375bbc11ba6
* fuzz: make allocation failures a bit more unlikelyIvan Nardi2025-06-12
|
* Rework sanity checks and remove some functions from API (#2882)Ivan Nardi2025-06-12
|
* fuzz: improve coverage (#2878)Ivan Nardi2025-06-10
|
* Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`Ivan Nardi2025-06-09
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* Add category and breed support for custom rules (#2872)Vladimir Gavrilov2025-06-08
| | | Close #2594
* Add a configuration to test a huge number of custom protocols (#2865)Ivan Nardi2025-06-03
| | | File taken from #2136
* Remove `ndpi_set_proto_defaults()` from the API (#2863)Ivan Nardi2025-06-03
| | | Add an explicit field to indicate if the protocol is custom or internal
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Follow-up of c1d372860 (TCP fingerprint format) (#2850)Ivan Nardi2025-05-26
|
* UBNTAC2,Ookla: improve detection (#2793)Ivan Nardi2025-04-10
|
* Follow-up of latest Signal call change (see: 4d41588a7)Ivan Nardi2025-04-05
|
* fuzz: extend coverage (#2786)Ivan Nardi2025-03-31
|
* fuzz: fix configurationIvan Nardi2025-03-26
|
* fuzz: fix configuration after latest updatesIvan Nardi2025-03-26
|
* Improved configuration to enable/disable export of flow risk info (#2780)Ivan Nardi2025-03-25
| | | | Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the configuration is for flow-risk, not global
* fuzz: try to run one (ndpiReader-) fuzzer with a slight different cfg (#2771)Ivan Nardi2025-03-18
|
* Add Autonomous System Organization to geoip (#2763)Leonardo Teixeira Alves2025-03-06
| | | Co-authored-by: Leonardo Teixeira Alves <leonardo.alves@zerum.com>
* Add configuration parameter to enable/disable export of flow risk info (#2761)Ivan Nardi2025-03-05
| | | | For the most common protocols, avoid creating the string message if we are not going to use it
* Address cache: fix some bugs on cache traversalIvan Nardi2025-03-01
| | | | Add a new fuzzer to test it
* fuzz: extend fuzzing coverage (#2750)Ivan Nardi2025-02-28
|
* Add city as a geoip possibility (#2746)Leonardo Teixeira Alves2025-02-24
|
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* SSDP: add configuration for disabling metadata extraction (#2736)Ivan Nardi2025-02-17
|
* DNS: fix check for DGA domain (#2716)Ivan Nardi2025-02-11
| | | | If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
* DNS: disable subclassification by default (#2715)Ivan Nardi2025-02-11
| | | | Prelimary change to start supporting multiple DNS transactions on the same flow
* Compilation fixLuca2025-02-07
|
* bittorrent: add configuration for "hash" metadata (#2706)Ivan Nardi2025-01-31
| | | Fix confidence value for same TCP flows
* HTTP: add configuration for some metadata (#2704)Ivan Nardi2025-01-31
| | | Extend file configuration for just subclassification.
* Create a specific configuration for classification only (#2689)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.
* fuzz: extend fuzzing coverage (#2696)Ivan Nardi2025-01-23
|
* TLS: remove JA3C (#2679)Ivan Nardi2025-01-14
| | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551
* Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678)Ivan Nardi2025-01-14
| | | | | | | | | It might be usefull to be able to match traffic against a list of suspicious JA4C fingerprints Use the same code/logic/infrastructure used for JA3C (note that we are going to remove JA3C...) See: #2551
* fuzz: add 2 new fuzzers for KD-trees and Ball-trees (#2670)Ivan Nardi2025-01-13
|
* Add the ability to enable/disable every specific flow risks (#2653)Ivan Nardi2025-01-06
|
* fuzz: improve fuzzing coverage (#2642)Ivan Nardi2024-12-11
| | | Updtae pl7m code (Fix swap-direction mutation)
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* fuzz: extend fuzzing coverage (#2626)Ivan Nardi2024-11-20
|
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* Unify ndpi debug logging to always use a u16 protocol id (#2613)Toni2024-11-11
| | | | | * fixes SonarCloud complaint Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fuzz: improve coverage (#2612)Ivan Nardi2024-11-01
| | | Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()`
* Add configuration of TCP fingerprint computation (#2598)Ivan Nardi2024-10-18
| | | Extend configuration of raw format of JA4C fingerprint
* Add monitoring capability (#2588)Ivan Nardi2024-10-14
| | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583