| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
Improved lists file parsing
|
| | |
|
| |
|
|
| |
Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
|
| |
|
|
|
| |
Add some new tests about these configuration parameters.
Close #2858
|
| | |
|
| |
|
| |
Ad a trivial example, update SIP configuration to use range
|
| | |
|
| | |
|
| |
|
| |
Callback functions are about dissectors, not protocols
|
| | |
|
| | |
|
| |
|
| |
See #2827
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use `registr_dissector()` instead of
`ndpi_set_bitmask_protocol_detection()`.
Every file in `src/lib/protocols/*.c` is a dissector.
Every dissector can handle multiple protocols.
The real goal is this small change:
```
struct call_function_struct {
- NDPI_PROTOCOL_BITMASK detection_bitmask;
```
i.e. getting rid of another protocol bitmask: this is mandatory to try
to fix #2136 (see also e845e8205b68752c997d05224d8b2fd45acde714)
As a nice side effect, we remove a bitmask comparison in the hot function
`check_ndpi_detection_func()`
TODO: change logging configuration from per-protocol to per-dissector
|
| |
|
|
|
|
|
|
|
| |
- default (0) is the native nDPI format
- MuonOF (1) has been added
The format can be changed using metadata.tcp_fingerprint_format
Added ability to identify mass scanners using TCP fingerprint
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use the same id for the same protocol identified via L3 info or
via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port
2604)
Before:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
79 79 IPSec UDP X Safe VPN 500,4500 500
85 85 OSPF X Acceptable Network - 2604
```
After:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
79 79 IPSec UDP X Safe VPN 500,4500 500
85 85 IP_OSPF X Acceptable Network - -
116 116 AH X Safe VPN - -
117 117 ESP X Safe VPN - -
184 184 OSPF TCP X Safe Network - 2604
```
|
| |
|
| |
See: c590dc495
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- ndpi_is_master_only_protocol()
- ndpi_normalize_protocol()
These two APi calls are used to normalize mater/app nDPI protocols
|
| | |
|
| |
|
|
|
|
|
| |
Proton doesn't provide anymore the list of egress and ingress addresses.
Remove the (stale) lists and the relative configuration parameters.
See: https://www.reddit.com/r/ProtonVPN/comments/1k3lrl5/great_the_httpsapiprotonvpnchvpnlogicals_api_has/
See also 470a479eb
|
| |
|
| |
Close #2818
|
| | |
|
| |
|
|
|
|
| |
In the flow, we should keep track of state of "dissectors", not
"protocols". This way, flow structure doesn't depend anymore on
the max number of protocols.
This is also the first step into fixing #2136
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* added raw tcp fingerprint to json
* removed unnecessary change
* fixed key for json
* added configuration option for raw tcp fingerprint
* fixed typos
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NDPI_PROTOCOL_CATEGORY_FINANCE
NDPI_PROTOCOL_CATEGORY_NEWS
NDPI_PROTOCOL_CATEGORY_SPORT
NDPI_PROTOCOL_CATEGORY_BUSINESS
NDPI_PROTOCOL_CATEGORY_INTERNET_HOSTING
NDPI_PROTOCOL_CATEGORY_BLOCKCHAIN_CRYPTO
NDPI_PROTOCOL_CATEGORY_BLOG_FORUM
NDPI_PROTOCOL_CATEGORY_GOVERNMENT
NDPI_PROTOCOL_CATEGORY_EDUCATION
NDPI_PROTOCOL_CATEGORY_CND_PROXY
NDPI_PROTOCOL_CATEGORY_HARDWARE_SOFTWARE
NDPI_PROTOCOL_CATEGORY_DATING
NDPI_PROTOCOL_CATEGORY_TRAVEL
|
| |
|
| |
Be sure that entries expire sooner or later
|
| |
|
|
| |
Cloudflare CDN
|
| | |
|
| |
|
|
|
| |
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
```
==40795==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7dd7ff94a6a0 at pc 0x5f2e95e21423 bp 0x7ffccfe0f110 sp 0x7ffccfe0e8d0
READ of size 129 at 0x7dd7ff94a6a0 thread T0
#0 0x5f2e95e21422 in StrtolFixAndCheck(void*, char const*, char**, char*, int) asan_interceptors.cpp.o
#1 0x5f2e95e0ceb1 in __isoc23_strtol (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_config+0x7bfeb1) (BuildId: 2cfb818387b5d84d6fa1447db291acb2595493d4)
#2 0x5f2e95f1d036 in __get_flowrisk_id /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:11524:9
#3 0x5f2e95f1c3c7 in _set_param_flowrisk_enable_disable /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:11793:17
#4 0x5f2e95e9e17f in ndpi_set_config /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:12051:12
#5 0x5f2e95e9cbe5 in load_config_file_fd /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:4985:14
```
Found by oss-fuzz.
See: https://issues.oss-fuzz.com/issues/406446504
|
| |
|
|
| |
Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the
configuration is for flow-risk, not global
|
| | |
|
| |
|
|
|
|
|
| |
int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
char *fingerprint, enum operating_system_hint os);
int load_tcp_fingerprint_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd);
int ndpi_load_tcp_fingerprint_file(struct ndpi_detection_module_struct *ndpi_str, const char *path);
|