| Commit message (Collapse) | Author | Age |
|
|
|
| |
Remove some unused code
|
| |
|
|
|
| |
See 3a243bb40 for similar work about porn and LLM
|
| |
|
|
|
|
| |
work (#2899)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2894)
Change the API to enable/disable protocols: you can set that via the
standard `ndpi_set_config()` function, as every configuration
parameters. By default, all protocols are enabled.
Split the (local) context initialization into two phases:
* `ndpi_init_detection_module()`: generic part. It does not depend on the
configuration and on the protocols being enabled or not. It also
calculates the real number of internal protocols
* `ndpi_finalize_initialization()`: apply the configuration. All the
initialization stuff that depend on protocols being enabled or not
must be put here
This is the last step to have the protocols number fully calculated at
runtime
Remove a (now) useless fuzzer.
Important API changes:
* remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` define
* remove `ndpi_get_num_internal_protocols()`. To get the number of
configured protocols (internal and custom) you must use
`ndpi_get_num_protocols()` after having called `ndpi_finalize_initialization()`
|
|
|
|
|
|
|
| |
Default ports trees are initialized during
`ndpi_finalize_initialization()`
Make `ndpi_init_detection_module()` less likely to fail, because there
are less memory allocations.
|
|
|
|
|
| |
- AdultContent -> Category Adult Content
- LLM -> Category Artificial Intelligence
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixed ndpi_is_custom_category() and ndpi_is_custom_protocol(0 prototypes so that now return a bool
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hard limit of total number of protocols (internal and custom) is ~65535,
because protocol ids are `u_int16_t`...
API changes:
1. From `NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS` to
`ndpi_get_num_protocols()` (after having called
`ndpi_finalize_initialization()`);
2. From `proto_id >= NDPI_MAX_SUPPORTED_PROTOCOLS` to
`ndpi_is_custom_protocol(proto_id)` (after having called
`ndpi_finalize_initialization()`);
Close #2136
Close #2545
|
| |
|
|
|
| |
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
|
|
|
| |
Simplify process of each packet
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main difference is that the memory is allocated at runtime
Typical usercase:
```
struct ndpi_bitmask b;
ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols());
ndpi_bitmask_set(&b, $BIT);
ndpi_bitmask_is_set(&b, $BIT);
[...]
ndpi_bitmask_dealloc(&b);
```
See #2136
|
|
|
|
| |
PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
|
|
|
|
|
|
|
|
| |
Partial revert of 88bfe2cf0: in the trees we save the index and no more
a pointer to `ndpi_struct->proto_defaults[]`.
Remove same functions from public API
See #2136
|
| |
|
|
|
| |
Add an explicit field to indicate if the protocol is custom or internal
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and
`NDPI_MAX_NUM_CUSTOM_PROTOCOLS`.
You can use:
```
ndpi_get_num_protocols()
```
See #2136
Removed some unused functions from public API
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`ndpi_set_protocol_detection_bitmask2()` (#2853)
The main goal is not to have the bitmask depending on the total number
of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on
internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e.
custom-defined protocols are not counted.
See #2136
Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old
semantic.
Since we need to change the API (and all the application code...)
anyway, simplify the API: by default all the protocols are enabled.
If you need otherwise, please use `ndpi_init_detection_module_ext()`
instead of `ndpi_init_detection_module()` (you can find an example in
the `ndpiReader` code).
To update the application code you likely only need to remove these 3
lines from your code:
```
- NDPI_PROTOCOL_BITMASK all;
- NDPI_BITMASK_SET_ALL(all);
- ndpi_set_protocol_detection_bitmask2(ndpi_str, &all);
```
Removed an unused field and struct definition.
|
| |
|
|
|
|
| |
Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
|
|
|
| |
Ad a trivial example, update SIP configuration to use range
|
| |
|
|
|
| |
Callback functions are about dissectors, not protocols
|
|
|
|
|
|
| |
We should be able to identified this protocol on the first packet,
without keeping any state
Close #2745
|
|
|
| |
See #2827
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use `registr_dissector()` instead of
`ndpi_set_bitmask_protocol_detection()`.
Every file in `src/lib/protocols/*.c` is a dissector.
Every dissector can handle multiple protocols.
The real goal is this small change:
```
struct call_function_struct {
- NDPI_PROTOCOL_BITMASK detection_bitmask;
```
i.e. getting rid of another protocol bitmask: this is mandatory to try
to fix #2136 (see also e845e8205b68752c997d05224d8b2fd45acde714)
As a nice side effect, we remove a bitmask comparison in the hot function
`check_ndpi_detection_func()`
TODO: change logging configuration from per-protocol to per-dissector
|
|
|
|
|
|
|
|
|
| |
- default (0) is the native nDPI format
- MuonOF (1) has been added
The format can be changed using metadata.tcp_fingerprint_format
Added ability to identify mass scanners using TCP fingerprint
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use the same id for the same protocol identified via L3 info or
via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port
2604)
Before:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
79 79 IPSec UDP X Safe VPN 500,4500 500
85 85 OSPF X Acceptable Network - 2604
```
After:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
79 79 IPSec UDP X Safe VPN 500,4500 500
85 85 IP_OSPF X Acceptable Network - -
116 116 AH X Safe VPN - -
117 117 ESP X Safe VPN - -
184 184 OSPF TCP X Safe Network - 2604
```
|
| |
|
| |
|
|
|
|
|
|
|
| |
- ndpi_is_master_only_protocol()
- ndpi_normalize_protocol()
These two APi calls are used to normalize mater/app nDPI protocols
|
| |
|
|
|
|
|
|
|
| |
Proton doesn't provide anymore the list of egress and ingress addresses.
Remove the (stale) lists and the relative configuration parameters.
See: https://www.reddit.com/r/ProtonVPN/comments/1k3lrl5/great_the_httpsapiprotonvpnchvpnlogicals_api_has/
See also 470a479eb
|
|
|
| |
Close #2818
|
| |
|
|
|
|
|
|
| |
In the flow, we should keep track of state of "dissectors", not
"protocols". This way, flow structure doesn't depend anymore on
the max number of protocols.
This is also the first step into fixing #2136
|
| |
|
|
|
|
| |
This is the first, tiny, step into a better separation between
"protocols" and "dissectors"
|
| |
|