| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
See https://github.com/ntop/opnsense
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix unaligned memory accesses with get_u_int64_t at armhf
see: https://bugs.debian.org/993627
* Use get_u_int64_t to avoid unaligned memory access at armhf
see: https://bugs.debian.org/993627
* Update src/include/ndpi_define.h.in
Drop const type from get_u_int64_t, from lnslbrty
Co-authored-by: Bernhard Übelacker <bernhardu@mailbox.org>
Co-authored-by: Toni <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fields 'tls.hello_processed` and `tls.subprotocol_detected` are used by
QUIC (i.e UDP...), too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all the warnings.
Getting rid of "-Wno-unused-parameter" is quite complex because some
parameters usage depends on compilation variable (i.e.
`--enable-debug-messages`).
The "-Werror" flag has been added only in Travis builds to avoid
breaking the builds to users using uncommon/untested
OS/compiler/enviroment.
Tested on:
* x86_64; Ubuntu 20.04; gcc 7,8,9,10,11; clang 7,8,9,10,11,12
* x86_64; CentOS 7.7; gcc 4.8.5 (with "--disable-gcrypt" flag)
* Raspberry 4; Debian 10.10; gcc 8.3.0
|
| | |
|
| |
|
|
| |
Only in-order and non overlapping fragments are handled
See #1195
|
| |
|
|
|
|
|
|
|
| |
* Add support for Snapchat voip calls
Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.
* Fix tests with libgcrypt disabled
|
| |
|
|
|
| |
Reworked Tor dissector embedded in TLS (fixes #1141)
Removed false positive on HTTP User-Agent
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00
In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
|
| |
|
|
|
| |
* QUIC: fix heap-buffer-overflow
* TLS: fix parsing of QUIC Transport Parameters
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name
Close #1077
* QUIC: fix matching of custom categories
* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions
* QUIC: fix serialization
* QUIC: add DGA check for older GQUIC versions
|
| |
|
| |
QUIC (final!?) constants for v1 are defined in draft-33
|
| |
|
|
|
|
|
|
|
| |
Most of the QUIC crypto code has been "copied-and-pasted" from Wireshark;
try to stay in sync with the original sources to ease backporting of fixes.
Only cosmetic changes and code refactoring; no behaviour changes or bugfixes.
See:
https://gitlab.com/wireshark/wireshark/-/commit/5e45f770fd79ca979c41ed397fee72d2e8fb5f1e
https://gitlab.com/wireshark/wireshark/-/commit/5798b91c1526747bf688b6746b33562c1b24a9e0
|
| | |
|
| |
|
|
|
|
|
| |
* QUIC: fix return value on error path on quic_cipher_init()
* QUIC: allow dissection of sessions forcing version negotiation
Enhance heuristic to avoid false positives.
|
| |
|
|
|
| |
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one
* QUIC: fix a memory leak
|
| |
|
|
|
|
|
| |
The "offset" field is a variable-length integer.
This bug hasn't any practical effects right now, since we are ignoring any
packet with "offset" != 0 (and the value 0 is always encoded in only one byte).
But extracting a correct "offset" is important if we are ever going to handle
fragmented Client Hello messages.
|
| | |
|
| | |
|
| |\
| |
| | |
QUIC: extract User Agent information
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
QUIC versioning wasn't complex enough without T05X family...
These versions are very similar to Q050, but use TLS as their handshake
protocol.
|
| |
|
|
|
|
| |
a BUG in libgcrypt (not verified).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
LGTM found a real issue on a boundary check
Fix unit tests: a pcap ha been uploaded twice (with different names)
Fix compilation when using DPDK (see #990)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Add QUIC payload and header decryption: most of the crypto code has been
"copied-and-incolled" from Wireshark. That code has been clearly marked
as such. All credits for that code should go to the original authors.
I tried to keep the Wireshark code as similar as possible to the original,
comments included, to ease future backporting of fixes.
Inevitably, glibc data types and data structures, tvbuff abstraction and
allocation functions have been converted.
|
| |
|
|
|
| |
Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC
Still no sub-classification for Q050 and QUIC
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
since ndpi_process_extra_packet() can drive limited or full metadata export
|
| |/ |
|
| |
|
|
| |
Uodated (C)
|
| | |
|
| | |
|
| |
|
|
|
| |
Fixed QUIC dissection
Disabled debug message
|
| | |
|
| |
|
|
| |
to be included.
|
| |
|
|
|
|
|
| |
Offset in the QUIC protocol are little endian. Reading them as uint32_t
works on little endian architectures, but breaks on big endian ones.
This change applies the proper conversion and fixes running the
http_ipv6 and quic tests on big endian architectures.
|