aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
Commit message (Collapse)AuthorAge
* Add Gearman protocol dissector (#2297)Vladimir Gavrilov2024-02-01
|
* Allow multiple `struct ndpi_detection_module_struct` to share some state (#2271)Ivan Nardi2024-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the concept of "global context". Right now every instance of `struct ndpi_detection_module_struct` (we will call it "local context" in this description) is completely independent from each other. This provide optimal performances in multithreaded environment, where we pin each local context to a thread, and each thread to a specific CPU core: we don't have any data shared across the cores. Each local context has, internally, also some information correlating **different** flows; something like: ``` if flow1 (PeerA <-> Peer B) is PROTOCOL_X; then flow2 (PeerC <-> PeerD) will be PROTOCOL_Y ``` To get optimal classification results, both flow1 and flow2 must be processed by the same local context. This is not an issue at all in the far most common scenario where there is only one local context, but it might be impractical in some more complex scenarios. Create the concept of "global context": multiple local contexts can use the same global context and share some data (structures) using it. This way the data correlating multiple flows can be read/write from different local contexts. This is an optional feature, disabled by default. Obviously data structures shared in a global context must be thread safe. This PR updates the code of the LRU implementation to be, optionally, thread safe. Right now, only the LRU caches can be shared; the other main structures (trees and automas) are basically read-only: there is little sense in sharing them. Furthermore, these structures don't have any information correlating multiple flows. Every LRU cache can be shared, independently from the others, via `ndpi_set_config(ndpi_struct, NULL, "lru.$CACHE_NAME.scope", "1")`. It's up to the user to find the right trade-off between performances (i.e. without shared data) and classification results (i.e. with some shared data among the local contexts), depending on the specific traffic patterns and on the algorithms used to balance the flows across the threads/cores/local contexts. Add some basic examples of library initialization in `doc/library_initialization.md`. This code needs libpthread as external dependency. It shouldn't be a big issue; however a configure flag has been added to disable global context support. A new CI job has been added to test it. TODO: we should need to find a proper way to add some tests on multithreaded enviroment... not an easy task... *** API changes *** If you are not interested in this feature, simply add a NULL parameter to any `ndpi_init_detection_module()` calls.
* Provide a u64 wrapper for `ndpi_set_config()` (#2292)Toni2024-01-30
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial ↵Luca Deri2024-01-29
| | | | protocol
* Fix RESP detection (#2289)Vladimir Gavrilov2024-01-27
| | | | | * Rename redis_net.c to resp.c * Fix RESP detection
* Check DGA on domain name (as it should be) rather than on the host nameLuca Deri2024-01-27
|
* Add Raft protocol dissector. (#2286)Toni2024-01-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Radmin protocol dissector (#2283)Vladimir Gavrilov2024-01-25
| | | | | * Add Radmin protocol dissector * Update test results
* fuzz: extend fuzzing coverage (#2281)Ivan Nardi2024-01-24
|
* Add STOMP protocol dissector (#2280)Vladimir Gavrilov2024-01-23
|
* Improve handling of custom rules (#2276)Ivan Nardi2024-01-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid collisions between user-ids and internal-ids protocols in the `example/protos.txt` file. Add a new value for the classification confidence: `NDPI_CONFIDENCE_CUSTOM_RULE` With `./example/ndpiReader -p example/protos.txt -H` we now see also the custom protocols and their internal/external ids: ``` nDPI supported protocols: Id Userd-id Protocol Layer_4 Nw_Proto Breed Category 0 0 Unknown TCP X Unrated Unspecified ... 387 387 Mumble UDP X Fun VoIP 388 388 iSCSI TCP Acceptable Unspecified 389 389 Kibana TCP Acceptable Unspecified 390 390 TestProto TCP Acceptable Unspecified 391 391 HomeRouter TCP Acceptable Unspecified 392 392 CustomProtocol TCP Acceptable Unspecified 393 393 AmazonPrime TCP Acceptable Unspecified 394 394 CustomProtocolA TCP Acceptable Unspecified 395 395 CustomProtocolB TCP Acceptable Unspecified 396 800 CustomProtocolC TCP Acceptable Unspecified 397 1024 CustomProtocolD TCP Acceptable Unspecified 398 2048 CustomProtocolE TCP Acceptable Unspecified 399 2049 CustomProtocolF TCP Acceptable Unspecified 400 2050 CustomProtocolG TCP Acceptable Unspecified 401 65535 CustomProtocolH TCP Acceptable Unspecified ``` We likely need to take a better look in general at the iteration between internal and external protocols ids... This PR fixes the issue observed in https://github.com/ntop/nDPI/pull/2274#discussion_r1460674874 and in https://github.com/ntop/nDPI/pull/2275.
* Add Yojimbo (netcode) protocol dissector (#2277)Toni2024-01-21
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* config: follow-up (#2268)Ivan Nardi2024-01-20
| | | | | | Some changes in the parameters names. Add a fuzzer to fuzz the configuration file format. Add the infrastructure to configuratin callbacks. Add an helper to map LRU cache indexes to names.
* Fix detection of new Cassandra versions (#2272)Vladimir Gavrilov2024-01-20
| | | | | | | * Fix detection of new Cassandra versions * Add Cassandra Internode Communication protocol support * Add default port for Cassandra Internode Communication protocol
* Add a dedicated dissector for Zoom (#2265)Ivan Nardi2024-01-19
| | | Move it from the RTP code and extend it
* Add Mumble detection support (#2269)Vladimir Gavrilov2024-01-19
|
* Rework Steam detection (part 1) (#2264)Vladimir Gavrilov2024-01-18
| | | | | | | | | | | | | | | | | | | | | * Clean up Steam dissector * Add Steam Datagram Relay dissector * Update docs * Update test results * Remove csgo.c from MSVC project * Small fixes * Add Steam TLS pcap sample * Merge Steam pcap samples into single one * Fix typo * Update test results
* config: allow configuration of guessing algorithmsNardi Ivan2024-01-18
|
* config: move debug/log configuration to the new APINardi Ivan2024-01-18
|
* config: DNS: add two configuration optionsNardi Ivan2024-01-18
| | | | | * Enable/disable sub-classification of DNS flows * Enable/disable processing of DNS responses
* config: HTTP: enable/disable processing of HTTP responsesNardi Ivan2024-01-18
|
* config: configure TLS certificate expiration with the new APINardi Ivan2024-01-18
|
* config: remove `enum ndpi_prefs`Nardi Ivan2024-01-18
|
* config: remove `ndpi_set_detection_preferences()`Nardi Ivan2024-01-18
|
* config: move cfg of aggressiviness and opportunistic TLS to the new APINardi Ivan2024-01-18
|
* config: move IP lists configurations to the new APINardi Ivan2024-01-18
|
* config: move LRU cache configurations to the new APINardi Ivan2024-01-18
|
* Make `ndpi_finalize_initialization()` returns an error codeNardi Ivan2024-01-18
| | | | We should check if the initialization was fine or not
* New API for library configurationNardi Ivan2024-01-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first step into providing (more) configuration options in nDPI. The idea is to have a simple way to configure (most of) nDPI: only one function (`ndpi_set_config()`) to set any configuration parameters (in the present or on in the future) and we try to keep this function prototype as agnostic as possible. You can configure the library: * via API, using `ndpi_set_config()` * via a configuration file, in a text format This way, anytime we need to add a new configuration parameter: * we don't need to add two public functions (a getter and a setter) * we don't break API/ABI compatibility of the library; even changing the parameter type (from integer to a list of integer, for example) doesn't break the compatibility. The complete list of configuration options is provided in `doc/configuration_parameters.md`. As a first example, two configuration knobs are provided: * the ability to enable/disable the extraction of the sha1 fingerprint of the TLS certificates. * the upper limit on the number of packets per flow that will be subject to inspection
* Added new API callsLuca2024-01-15
| | | | | | | | | | - ndpi_load_domain_suffixes() - ndpi_get_host_domain_suffix() whose goal is to find the domain name of a hostname. Example: www.bbc.co.uk -> co.uk mail.apple.com -> com
* Fix some warnings reported by CODESonar (#2227)Ivan Nardi2024-01-12
| | | | | | | | | | | | | | | | | | | Remove some unreached/duplicated code. Add error checking for `atoi()` calls. About `isdigit()` and similar functions. The warning reported is: ``` Negative Character Value help isdigit() is invoked here with an argument of signed type char, but only has defined behavior for int arguments that are either representable as unsigned char or equal to the value of macro EOF(-1). Casting the argument to unsigned char will avoid the undefined behavior. In a number of libc implementations, isdigit() is implemented using lookup tables (arrays): passing in a negative value can result in a read underrun. ``` Switching to our macros fix that. Add a check to `check_symbols.sh` to avoid using the original functions from libc.
* Add KCP protocol dissector. (#2257)Toni2024-01-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Roughtime protocol dissector. (#2248)Toni2024-01-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add realtime protocol output to `ndpiReader`. (#2197)Toni2024-01-09
| | | | | | * support for using a new flow callback invoked before the flow memory is free'd * minor fixes Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix default port conflicts between AJP and CiscoVPN (#2245)Ivan Nardi2024-01-08
| | | | | | | | | | | | | | | | | | | | | We shouldn't have the same default port associated with multiple protocols. The key reason is that we use only one of them (for classification by-port, for example) and which one we really use depends on the internal order of the protocolsi's initialization (which is unknown to the user). We have 3 port collisions: * 8009: AJP and CiscoVPN * 445: SMBv1 and SMBv23 * 8080: HTTP_Connect and HTTP_Proxy I think that the two last cases don't really matter... About the first one: it seems that CiscoVPN is retired from 2011/2014 (see https://www.cisco.com/c/en/us/obsolete/security/cisco-vpn-client.html) and superseded by AnyConnect, which uses different ports (see https://community.cisco.com/t5/network-security/what-protocols-are-used-on-anyconnect-mobility-client/td-p/4713525). Therefore it should be safe to remove 8009 from the CiscoVPN default ports.
* Add Ceph protocol dissector (#2242)Vladimir Gavrilov2024-01-04
| | | | | * Add Ceph protocol dissector * Update protocols.rst
* Add HL7 protocol dissector (#2240)Vladimir Gavrilov2024-01-02
| | | | | | | * Add HL7 protocol dissector * Small fixes * Small fixes
* Add IEC62056 (DLMS/COSEM) protocol dissector (#2229)Vladimir Gavrilov2024-01-02
| | | | | | | | | | | | | | | | | | | * Add IEC62056 (DLMS/COSEM) protocol dissector * Fix detection on big endian architectures * Update protocols.rst * Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c * Update pcap sample * Remove empty .out file * iec62056: add some documentation --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Remove Google Hangouts/Duo stuff (#2233)Vladimir Gavrilov2024-01-02
| | | | | * Remove Google Hangouts/Duo support * Update protocols.rst
* Add NoMachine NX protocol dissector (#2234)Vladimir Gavrilov2024-01-02
| | | | | | | | | * Add NoMachine protocol dissector * Fix detection on big endian architectures * Make NoMachine over UDP check more strict * Small fixes
* New ndpi_sha256() nDPI API call (#2230)Luca Deri2023-12-23
| | | | | * Added ndpi_sha256.c to the Windows project * Added ndpi_sha256() nDPI API call
* Add Apache Kafka protocol dissector (#2226)Vladimir Gavrilov2023-12-22
|
* Add WebDAV detection support (#2224)Vladimir Gavrilov2023-12-22
| | | | | | | | | | | | | * Add WebDAV detection support * Add pcap example * Update test results * Remove redundant checks * Add WebDAV related HTTP methods to fuzz/dictionary.dict * Add note about WebDAV
* Various MDNS flow risks fixesLuca2023-12-21
|
* Add JSON-RPC protocol dissector (#2217)Vladimir Gavrilov2023-12-20
| | | | | | | * Add JSON-RPC protocol dissector * Small fixes * Improve detection
* Add OpenFlow protocol dissector (#2222)Vladimir Gavrilov2023-12-20
|
* Rename NDPI_PROTOCOL_RPC to NDPI_PROTOCOL_MS_RPCH (#2218)Vladimir Gavrilov2023-12-19
| | | | | | | * Rename NDPI_PROTOCOL_RPC to NDPI_PROTOCOL_MS_RPCH * Add protocol description * Improve MS-RPCH detection
* Add UFTP protocol dissector (#2215)Vladimir Gavrilov2023-12-18
| | | | | | | * Add UFTP protocol dissector * Update docs * Merge pcap files
* Add HiSLIP protocol dissector (#2214)Vladimir Gavrilov2023-12-17
| | | | | * Add HiSLIP protocol dissector * Fix error
* Add PROFINET/IO protocol dissector (#2213)Vladimir Gavrilov2023-12-16
| | | | | | | | | * Add PROFINET/IO protocol dissector * Add LE (Little Endian) to the file name * Rework dissector * Remove redundant check
Powered by cgit, Themed by Ted Yin.