| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
Update test results
Added initialization for some free protocols
|
| |
|
|
|
| |
Removed Musical.ly protocol as the service has been merged with another one and thus it is no longer used
Improved guess for UDP protocols
|
| |
|
|
| |
implementing https://github.com/corelight/community-id-spec
|
| |\
| |
| | |
Improve SSL detection, prevent false positive SSL detection
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
|
| |
better STUP detection
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #627
|
| |\
| |
| | |
New dissector: Nest Log Sink
|
| | |
| |
| |
| |
| |
| | |
This is a dissector for the Nest Log Sink protocol which is used by the Nest Protect (https://nest.com/ca/smoke-co-alarm/overview/).
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
| |
as mining
Implements #503
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The recent revert commit applied to ndpi_parse_packet_line_info resurrects an old bug where the last lines in packets that end with a CR+NL will not be parsed. This revert commit is an attempt to prevent invalid reads past the end of the packet buffer. This PR moves the end-of-bounds test to before the 16-bit read and returns if true. This fixes the case where a text line ends aligned to the buffer-end boundary, and it fixes the invalid read issue.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(#589)
* if one protocol do not have it's regex (pattern_to_match)
then parse it's string (string_to_match) into hex
so we can match every protocol with hyperscan
* fix string2hex()
* fix init_hyperscan():
check return value of string2hex()
|
| | |
|
| | |
|
| |
|
|
| |
Fixes warning
|
| |\
| |
| | |
Move the configure include file inclusion and code depending on it in…
|
| | |
| |
| |
| | |
protected by the NDPI_LIB_COMPILATION define, this should avoid it polluting the environment when including this file from ntopng.
|
| |/
|
|
|
| |
Added optimization for TCP flows that do not start with a SYN packet: early giveup is performed
Code cleanup
|
| |\
| |
| |
| | |
https://github.com/eglooca/ndpi-pr into eglooca-pr-remove-autoconf-include
|
| | |
| |
| |
| |
| |
| | |
Including this file in any "public" API header breaks all projects that also use autotools because macros such as PACKAGE_VERSION will be redefined.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| | |
| |
| |
| | |
.c in ndpi_main.c
|
| |\ \
| | |
| | | |
Include <sys/types.h> for u_int16_t.
|
| | |/
| |
| |
| |
| |
| | |
On various embedded environments (OpenWrt, EdgeOS), <sys/types.h> must be included for u_intX_t types. The Hyperscan changes made recently introducted a u_int16_t member in actypes.h which is undeclared in certainly environments without this include.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/ |
|
| |
|
|
| |
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |\
| |
| | |
Fix end-of-line bounds handling.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The existing implementation misses ending lines and as a result, fails
to match certain protocols (SMTP for example, which needs to see at
least 3 commain/response matches). It appears from the commit history
that an attempt was made (end-1) to prevent reads past payload length.
This can be ensured by simply not reading any payload that is < 3 bytes.
The updated logic for this loop is:
- Payload length is >= 3 bytes, or return.
- Loop over payload, compare for EOL (CR + NL) sequence.
- If found, process string.
- If index 'a' plus two is less than payload length, increment 'a' by
one and continue.
- Loop return always increments index 'a' by one.
|
| | |
| |
| |
| |
| | |
Fixed missing LOG_ERR initialization
Fixed logging warnings
|
| | | |
|
| |/
|
|
| |
Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
|