aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/bittorrent.c
Commit message (Collapse)AuthorAge
* Bittorrent: improve detection of UTPv1 and avoid false positivesNardi Ivan2024-09-03
|
* Bittorrent: fix extra dissectionNardi Ivan2024-09-03
| | | | | | | On extra-dissection data-path we only need to look for the hash (the flow is already classified as Bittorrent). As a nice side-effect, the confidence is now always with the right value.
* Minor dissector optimizationsLuca Deri2024-05-20
|
* Disable `-Wno-unused-parameter -Wno-unused-function`. (#2358)Toni2024-04-03
| | | | | * unused parameters and functions pollute the code and decrease readability Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* LRU cache: move to 64 bits long keys (#2346)Ivan Nardi2024-03-15
| | | | | | Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key length. At least in the ipv4 cases, we have no more different entries with the same key.
* Bittorrent: improve detection of UTPv1 (#2259)Ivan Nardi2024-01-12
| | | | | | * fix header length check: we must take into account optional extension header * it seems the check on UTPv1 header is weak only in the DATA case: wait for multiple packets only in that case
* Improved uTorrent via utp (TCP-like streams over UDP). (#2255)Toni2024-01-11
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Keep separating public and private API (#2157)Ivan Nardi2023-11-29
| | | See: b08c787fe
* Have a clear distinction between public and private/internal API (#2137)Ivan Nardi2023-11-09
| | | | | | 1) Public API/headers in `src/include/` [as it has always been] 2) Private API/headers in `src/lib/` Try to keep the "ndpi_" prefix only for the public functions
* Make Bittorrent LRU cache IPv6 aware. (#1909)Ivan Nardi2023-04-29
| | | | It was the only remaining LRU cache without IPv6 support. See 81e1ea545ca465cda064e7cc80333fe7f0ef2aff
* Bittorrent: fix detection over TCP (#1868)Ivan Nardi2023-01-19
| | | Close #1866
* Bittorrent: fix heap-buffer-overflow (#1863)Ivan Nardi2023-01-19
| | | | | | | | | | | | | | | | | ``` ==258287==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600068ff9d at pc 0x5653a6e35def bp 0x7ffeef5aa620 sp 0x7ffeef5a9dc8 READ of size 22 at 0x60600068ff9d thread T0 #0 0x5653a6e35dee in strncmp (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x4d2dee) (BuildId: 133b8c3c8ff99408109fcb9be2538bb8341f07f7) #1 0x5653a70d6624 in ndpi_search_bittorrent /home/ivan/svnrepos/nDPI/src/lib/protocols/bittorrent.c:500:71 #2 0x5653a6ff255a in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5686:6 #3 0x5653a6ff331b in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5722:10 #4 0x5653a6ff2cbc in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5755:12 #5 0x5653a70016bf in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6578:15 #6 0x5653a6f1836d in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1678:31 #7 0x5653a6f140a1 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2256:10 ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55218 Fix: 470eaa6f
* LRU caches: add a generic (optional and configurable) expiration logic (#1855)Ivan Nardi2023-01-18
| | | Two caches already implemented a similar mechanism: make it generic.
* Add Meraki Cloud protocol and improve other protocols (#1854)Ivan Nardi2023-01-17
| | | | | Avoid some LineCall and Jabber false positives. Detect Discord mid flows. Fix Bittorrent detection.
* Add protocol disabling feature (#1808)Ivan Nardi2022-12-18
| | | | | | | | | | | | | | | | | | | | | | The application may enable only some protocols. Disabling a protocol means: *) don't register/use the protocol dissector code (if any) *) disable classification by-port for such a protocol *) disable string matchings for domains/certificates involving this protocol *) disable subprotocol registration (if any) This feature can be tested with `ndpiReader -B list_of_protocols_to_disable`. Custom protocols are always enabled. Technically speaking, this commit doesn't introduce any API/ABI incompatibility. However, calling `ndpi_set_protocol_detection_bitmask2()` is now mandatory, just after having called `ndpi_init_detection_module()`. Most of the diffs (and all the diffs in `/src/lib/protocols/`) are due to the removing of some function parameters. Fix the low level macro `NDPI_LOG`. This issue hasn't been detected sooner simply because almost all the code uses only the helpers `NDPI_LOG_*`
* Sizes of LRU caches are now configurableNardi Ivan2022-09-23
| | | | | | | | 0 as size value disable the cache. The diffs in unit tests are due to the fact that some lookups are performed before the first insert: before this change these lookups weren't counted because the cache was not yet initialized, now they are.
* HTTP, Bittorrent, Kerberos: fix stopping of extra dissection (#1700)Ivan Nardi2022-08-06
| | | | | | | The return value of the extra-dissection callback indicates if the extra dissection needs to be called again. In the HTTP cose, this setting to NULL of the callabck is wrong since we stop extra dissection only if we have a hostname *and* a return code.
* Bittorrent: don't use absolute time reference (#1701)Ivan Nardi2022-08-06
|
* Further simplification of `ndpi_process_extra_packet()` (#1698)Ivan Nardi2022-08-05
| | | | | | | | See 95e16872. After c0732eda, we can safely remove the protocol list from `ndpi_process_extra_packet()`. The field `flow->check_extra_packets` is redundant; remove it.
* HTTP: improve sub-classification (#1696)Ivan Nardi2022-08-05
| | | | | | | | | | Content-matched sub-protocols (DASH, IPP, MPEGDASH...) shouldn't ovewrite the previous master protocol (if any; usually HTTP). Furthermore. the HTTP dissector shouldn't update the classification (in the extra-dissection code path) if a content-matched sub-protocols has already been found. This commit should address the first part of the changes described in #1687.
* Update the protocol bitmask for some protocols (#1675)Ivan Nardi2022-07-27
| | | | | | | Tcp retransmissions should be ignored. Remove some unused protocol bitmasks. Update script to download Whatsapp IP list.
* Add support for flow client/server information (#1671)Ivan Nardi2022-07-24
| | | | | | | | | | | | | | | | | | In a lot of places in ndPI we use *packet* source/dest info (address/port/direction) when we are interested in *flow* client/server info, instead. Add basic logic to autodetect this kind of information. nDPI doesn't perform any "flow management" itself but this task is delegated to the external application. It is then likely that the application might provide more reliable hints about flow client/server direction and about the TCP handshake presence: in that case, these information might be (optionally) passed to the library, disabling the internal "autodetect" logic. These new fields have been used in some LRU caches and in the "guessing" algorithm. It is quite likely that some other code needs to be updated.
* Bittorrent: fix keys in cache code (#1670)Ivan Nardi2022-07-22
|
* BITTORRENT: fix confidence (#1664)Ivan Nardi2022-07-20
| | | Remove two unused parameters.
* Improved Zoom protocol detectionLuca Deri2022-01-23
|
* Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)Ivan Nardi2022-01-15
| | | Follow-up of 7cba34a1
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* Update copyrightAlfredo Cardigliano2022-01-03
|
* Improved bittorrent heuristicLuca Deri2021-12-21
|
* Improved bittorrent detectionLuca Deri2021-12-17
|
* Improved BitTorrent classificationLuca Deri2021-12-07
|
* Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1380)Ivan Nardi2021-12-04
| | | | | | | | | | | There are no valid reasons for a (generic) protocol to ignore IPv6 traffic. Note that: * I have not found the specifications of "CheckPoint High Availability Protocol", so I don't know how/if it supports IPv6 * all LRU caches are still IPv4 only Even if src_id/dst_id stuff is probably useless (see #1279), the right way to update the protocol classification is via `ndpi_set_detected_protocol()`
* BitTorrent dissector code cleanup and merge of ↵Luca Deri2021-11-17
| | | | https://github.com/ntop/nDPI/pull/1374
* BitTorrent detection improvementsLuca Deri2021-11-17
|
* Improved BT hashing to minimize false positivesLuca Deri2021-11-17
|
* bittorrent old code cleanup. Enlarged BT cacheLuca Deri2021-11-16
|
* Improved BitTorrent detectionLuca Deri2021-11-15
|
* BitTorrent cache debugLuca Deri2021-11-08
|
* Improved BitTorrent detectionLuca Deri2021-11-04
|
* BitTorrent detection improvementsLuca Deri2021-10-31
|
* Fix broken fuzz_process_packet fuzzer by adding a call to ↵Toni2021-10-18
| | | | | | | | | | | | ndpi_finalize_initialization(). (#1334) * fixed several memory errors (heap-overflow, unitialized memory, etc) * ability to build fuzz_process_packet with a main() allowing to replay crash data generated with fuzz_process_packet by LLVMs libfuzzer * temporarily disable fuzzing if `tests/do.sh` executed with env FUZZY_TESTING_ENABLED=1 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)Ivan Nardi2021-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet") in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid saving dissection information of "current packet" into the "flow" state, i.e. in the flow management table. The nDPI detection module processes only one packet at the time, so it is safe to save packet dissection information in `struct ndpi_detection_module_struct`, reusing always the same "packet" instance and saving a huge amount of memory. Bottom line: we need only one copy of "packet" (for detection module), not one for each "flow". It is not clear how/why "packet" ended up in "flow" in the first place. It has been there since the beginning of the GIT history, but in the original OpenDPI code `struct ipoque_packet_struct` was embedded in `struct ipoque_detection_module_struct`, i.e. there was the same exact situation this commit wants to achieve. Most of the changes in this PR are some boilerplate to update something like "flow->packet" into something like "module->packet" throughout the code. Some attention has been paid to update `ndpi_init_packet()` since we need to reset some "packet" fields before starting to process another packet. There has been one important change, though, in ndpi_detection_giveup(). Nothing changed for the applications/users, but this function can't access "packet" anymore. The reason is that this function can be called "asynchronously" with respect to the data processing, i.e in context where there is no valid notion of "current packet"; for example ndpiReader calls it after having processed all the traffic, iterating the entire session table. Mining LRU stuff seems a bit odd (even before this patch): probably we need to rethink it, as a follow-up.
* Fix how some protocols handle tcp retransmissions (#1321)Ivan Nardi2021-10-03
| | | | | | | Most (all?) protocols don't care about (tcp) retransmissions. If a protocol registers itself with a NDPI_SELECTION_BITMASK_PROTOCOL_*_WITHOUT_RETRANSMISSION value, its callback is never triggered with a retransmitted packet.
* Remove `detected_protocol_stack` field from `ndpi_packet_struct` (#1317)Ivan Nardi2021-09-29
| | | | | | | | | | | | | This field is an exact copy of `ndpi_flow_struct->detected_protocol_stack[2]`: * at the very beginning of packet dissection, the value saved in `flow->detected_protocol_stack` is copied in `packet->detected_protocol_stack` (via `ndpi_detection_process_packet()` -> `ndpi_init_packet_header()`) * every time we update `flow->detected_protocol_stack` we update `packet->detected_protocol_stack` too (via `ndpi_int_change_protocol()` -> `ndpi_int_change_packet_protocol()`) These two fields are always in sync: keeping the same value in two different places is useless.
* Bittorrent: fix a potential use-of-uninitialized-value error (#1296)Ivan Nardi2021-09-13
| | | | | | Not sure if this is the right fix (from a logical point-of-view): this code hasn't changed since OpenDPI era (!) and I have't found a trace triggering this code path. Anyway, the use-of-uninitialized-value error itself should be fixed.
* Added check for avoiding long dissectionsLuca Deri2021-02-10
|
* (C) UpdateLuca Deri2021-01-07
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Removed bittorrent false positive detectionLuca Deri2020-05-20
|
* Compilation fixLuca Deri2020-02-28
|
Powered by cgit, Themed by Ted Yin.