| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
| |
as mining
Implements #503
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The recent revert commit applied to ndpi_parse_packet_line_info resurrects an old bug where the last lines in packets that end with a CR+NL will not be parsed. This revert commit is an attempt to prevent invalid reads past the end of the packet buffer. This PR moves the end-of-bounds test to before the 16-bit read and returns if true. This fixes the case where a text line ends aligned to the buffer-end boundary, and it fixes the invalid read issue.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(#589)
* if one protocol do not have it's regex (pattern_to_match)
then parse it's string (string_to_match) into hex
so we can match every protocol with hyperscan
* fix string2hex()
* fix init_hyperscan():
check return value of string2hex()
|
| | |
|
| | |
|
| |
|
|
| |
Fixes warning
|
| |\
| |
| | |
Move the configure include file inclusion and code depending on it in…
|
| | |
| |
| |
| | |
protected by the NDPI_LIB_COMPILATION define, this should avoid it polluting the environment when including this file from ntopng.
|
| |/
|
|
|
| |
Added optimization for TCP flows that do not start with a SYN packet: early giveup is performed
Code cleanup
|
| |\
| |
| |
| | |
https://github.com/eglooca/ndpi-pr into eglooca-pr-remove-autoconf-include
|
| | |
| |
| |
| |
| |
| | |
Including this file in any "public" API header breaks all projects that also use autotools because macros such as PACKAGE_VERSION will be redefined.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| | |
| |
| |
| | |
.c in ndpi_main.c
|
| |\ \
| | |
| | | |
Include <sys/types.h> for u_int16_t.
|
| | |/
| |
| |
| |
| |
| | |
On various embedded environments (OpenWrt, EdgeOS), <sys/types.h> must be included for u_intX_t types. The Hyperscan changes made recently introducted a u_int16_t member in actypes.h which is undeclared in certainly environments without this include.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/ |
|
| |
|
|
| |
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |\
| |
| | |
Fix end-of-line bounds handling.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The existing implementation misses ending lines and as a result, fails
to match certain protocols (SMTP for example, which needs to see at
least 3 commain/response matches). It appears from the commit history
that an attempt was made (end-1) to prevent reads past payload length.
This can be ensured by simply not reading any payload that is < 3 bytes.
The updated logic for this loop is:
- Payload length is >= 3 bytes, or return.
- Loop over payload, compare for EOL (CR + NL) sequence.
- If found, process string.
- If index 'a' plus two is less than payload length, increment 'a' by
one and continue.
- Loop return always increments index 'a' by one.
|
| | |
| |
| |
| |
| | |
Fixed missing LOG_ERR initialization
Fixed logging warnings
|
| | | |
|
| |/
|
|
| |
Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
New ports taken from
https://support.viber.com/customer/portal/articles/1506350-opening-ports-for-viber-desktop
|
| | |
|
| |
|
| |
Added support for SMTPS on port 587
|
| |
|
|
| |
Code cleanup
|
| |
|
|
| |
Optimized memory usage
|
| |
|
|
|
|
| |
https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/
Discontinued filetopia protocol
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Skype.SkypeCallOut
Skype.SkypeCallIn
|
| |
|
|
| |
Introduced intitial Skype in/out support
|
| | |
|
| | |
|
| |
|
|
| |
Modified ndpiReader with -c <file> (use mining_hosts.txt as example) for loading name-based categories
|
| | |
|