aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
Commit message (Collapse)AuthorAge
* Rework default ports initialization (#2893)Ivan Nardi2025-06-20
| | | | | | | Default ports trees are initialized during `ndpi_finalize_initialization()` Make `ndpi_init_detection_module()` less likely to fail, because there are less memory allocations.
* Merged protocols (now free to use) into existing categoriesLuca Deri2025-06-17
| | | | | - AdultContent -> Category Adult Content - LLM -> Category Artificial Intelligence
* Renamed custom protocol labelsLuca Deri2025-06-17
|
* Rework `ndpi_init_detection_module_ext()` (#2888)Ivan Nardi2025-06-17
|
* Faster configuration (#2887)Ivan Nardi2025-06-17
|
* Move dissectors initialization to `ndpi_finalize_initialization()` (#2886)Ivan Nardi2025-06-17
|
* Prelimary work to remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2885)Ivan Nardi2025-06-16
|
* Added missing ndpi_is_custom_category() the ndpi_api.hLuca Deri2025-06-16
| | | | Fixed ndpi_is_custom_category() and ndpi_is_custom_protocol(0 prototypes so that now return a bool
* No limits on the number of (custom) protocols (#2875)Ivan Nardi2025-06-16
| | | | | | | | | | | | | | | | The hard limit of total number of protocols (internal and custom) is ~65535, because protocol ids are `u_int16_t`... API changes: 1. From `NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS` to `ndpi_get_num_protocols()` (after having called `ndpi_finalize_initialization()`); 2. From `proto_id >= NDPI_MAX_SUPPORTED_PROTOCOLS` to `ndpi_is_custom_protocol(proto_id)` (after having called `ndpi_finalize_initialization()`); Close #2136 Close #2545
* Check `ndpi_finalize_initialization()` return value (#2884)Ivan Nardi2025-06-14
|
* Rework sanity checks and remove some functions from API (#2882)Ivan Nardi2025-06-12
|
* TCP fingerprint: fix an undefined-shiftIvan Nardi2025-06-11
| | | | | | | | | ``` ndpi_main.c:7905:33: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' ``` Found by oss-fuzz. See: https://issues.oss-fuzz.com/issues/423959691
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
* Simplify `ndpi_internal_detection_process_packet()` (#2877)Ivan Nardi2025-06-10
| | | Simplify process of each packet
* TCP fingerprint: fix an heap-buffer-overflow (#2876)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | ``` ================================================================= ==17655==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x71053b8a702a at pc 0x5e6f1ed825a2 bp 0x7095389f1d10 sp 0x7095389f1d08 READ of size 1 at 0x71053b8a702a thread T1 #0 0x5e6f1ed825a1 in ndpi_init_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7890:10 #1 0x5e6f1ed94bb2 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:9768:6 #2 0x5e6f1ed92f9f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:10065:22 #3 0x5e6f1ebe7a2e in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1985:31 #4 0x5e6f1ebdffd2 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2730:10 #5 0x5e6f1ea5da49 in ndpi_process_packet /home/ivan/svnrepos/nDPI/example/ndpiReader.c:4751:7 #6 0x74953c48763e (/lib/x86_64-linux-gnu/libpcap.so.0.8+0x2d63e) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) #7 0x74953c4688e7 in pcap_loop (/lib/x86_64-linux-gnu/libpcap.so.0.8+0xe8e7) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) ``` Found by oss-fuzz
* Cosmetic changesLuca Deri2025-06-09
| | | | Added ndpi finalization in case protocols are dumped
* Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`Ivan Nardi2025-06-09
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* Add category and breed support for custom rules (#2872)Vladimir Gavrilov2025-06-08
| | | Close #2594
* Normalize breed/category names: use _ instead of spaces and slashes (#2873)Vladimir Gavrilov2025-06-07
|
* Compilation fix on old platformsLuca Deri2025-06-06
|
* Added IMO and Badoo filesLuca Deri2025-06-06
|
* Dynamic allocation of `ndpi_struct->proto_defaults[]` (#2866)Ivan Nardi2025-06-06
| | | | | | | | Partial revert of 88bfe2cf0: in the trees we save the index and no more a pointer to `ndpi_struct->proto_defaults[]`. Remove same functions from public API See #2136
* Add ndpi_get_breed_by_name (#2870)Vladimir Gavrilov2025-06-05
|
* Speed up category lookup in ndpi_get_category_id() (#2869)Vladimir Gavrilov2025-06-05
| | | | Implements same optimization pattern as #2867 No behavior changes, just faster lookup
* Speed up protocol lookup in ndpi_get_proto_by_name (#2867)Vladimir Gavrilov2025-06-05
|
* Split `ndpi_set_proto_defaults()` logic (#2864)Ivan Nardi2025-06-03
| | | | | | | | | Split the internal logic: * update `ndpi_str->proto_defaults[]` array * update the `default_ports_tree_node_t` trees This is a preliminary work to have dynamic allocated `ndpi_str->proto_defaults[]`, because in the tree we have a pointer to the array entries
* Remove `ndpi_set_proto_defaults()` from the API (#2863)Ivan Nardi2025-06-03
| | | Add an explicit field to indicate if the protocol is custom or internal
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Add Hamachi protocol detection support (#2860)Vladimir Gavrilov2025-06-02
|
* Added boundary fixLuca Deri2025-05-29
|
* Updated bots and scanners listLuca Deri2025-05-29
| | | | Improved lists file parsing
* Compilation fixLuca Deri2025-05-29
|
* Added ndpi_load_protocols_dir() API call for loading IP-based protocol detectionLuca Deri2025-05-28
| | | | Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
* Fix configuration of ip lists of flow risks (#2859)Ivan Nardi2025-05-28
| | | | | Add some new tests about these configuration parameters. Close #2858
* Improved detection of TCP scannersLuca Deri2025-05-27
|
* Allow to specify default ports also via range (#2856)Ivan Nardi2025-05-27
| | | Ad a trivial example, update SIP configuration to use range
* TypoLuca Deri2025-05-27
|
* Reworked fingerprint codeLuca Deri2025-05-26
|
* Better separation between "protocols" and "dissectors" (#2855)Ivan Nardi2025-05-26
| | | Callback functions are about dissectors, not protocols
* Added boundary checkLuca Deri2025-05-26
|
* Fingerprint fixesLuca Deri2025-05-26
|
* Dofus: update detection to version 3.X (#2852)Ivan Nardi2025-05-25
| | | See #2827
* Add ndpi_memcasecmp, refactor mail protocol dissectors (#2849)Vladimir Gavrilov2025-05-24
|
* A new interface for dissectors registration (#2843)Ivan Nardi2025-05-24
| | | | | | | | | | | | | | | | | | | | | We use `registr_dissector()` instead of `ndpi_set_bitmask_protocol_detection()`. Every file in `src/lib/protocols/*.c` is a dissector. Every dissector can handle multiple protocols. The real goal is this small change: ``` struct call_function_struct { - NDPI_PROTOCOL_BITMASK detection_bitmask; ``` i.e. getting rid of another protocol bitmask: this is mandatory to try to fix #2136 (see also e845e8205b68752c997d05224d8b2fd45acde714) As a nice side effect, we remove a bitmask comparison in the hot function `check_ndpi_detection_func()` TODO: change logging configuration from per-protocol to per-dissector
* Added the support for multiple TCP fingerprint formatLuca Deri2025-05-24
| | | | | | | | | - default (0) is the native nDPI format - MuonOF (1) has been added The format can be changed using metadata.tcp_fingerprint_format Added ability to identify mass scanners using TCP fingerprint
* Add MELSEC protocol support (#2846)Vladimir Gavrilov2025-05-23
|
* Fix `isAppProtocol` for ULTRASURFIvan Nardi2025-05-21
|
* ospf, ipsec: use different ids for protocols at layer3 (#2838)Ivan Nardi2025-05-21
| | | | | | | | | | | | | | | | | | | | | | Don't use the same id for the same protocol identified via L3 info or via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port 2604) Before: ``` ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF' 79 79 IPSec UDP X Safe VPN 500,4500 500 85 85 OSPF X Acceptable Network - 2604 ``` After: ``` ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF' 79 79 IPSec UDP X Safe VPN 500,4500 500 85 85 IP_OSPF X Acceptable Network - - 116 116 AH X Safe VPN - - 117 117 ESP X Safe VPN - - 184 184 OSPF TCP X Safe Network - 2604 ```
Powered by cgit, Themed by Ted Yin.