aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/stun.c
Commit message (Collapse)AuthorAge
* Minor dissector optimizationsLuca Deri2024-05-20
|
* Viber: add detection of voip calls and avoid false positives (#2434)Ivan Nardi2024-05-11
|
* Raknet/RTP: avoid Raknet false positives and harden RTP heuristic (#2427)Ivan Nardi2024-05-09
| | | | | | | | | There is some overlap between RTP and Raknet detection: give precedence to RTP logic. Consequences: * Raknet might require a little bit more packets for some flows (not a big issue) * some very small (1-2 pkts) Raknet flows are not classified (not sure what do do about that..)
* Merge RTP and RTCP logic (#2416)Ivan Nardi2024-05-06
| | | | | | | | | Avoid code duplication between these two protocols. We remove support for RTCP over TCP; it is quite rare to find this kind of traffic and, more important, we have never had support for RTP over TCP: we should try to add both detecion as follow-up. Fix a message log in the LINE code
* STUN: slightly faster sub-classification with DTLS (#2404)Ivan Nardi2024-04-23
|
* STUN: fix attributes list iteration (#2391)Ivan Nardi2024-04-13
| | | We need to check all the attributes, to look for any possible metadata
* STUN: try to stop extra dissection earlier, if possible (#2390)Ivan Nardi2024-04-13
|
* STUN: add support for ipv6 in some metadata (#2389)Ivan Nardi2024-04-13
|
* STUN: simplify ip/port parsing (#2388)Ivan Nardi2024-04-13
| | | Add other 2 configuration options
* STUN: fix boundary checks on attribute list parsing (#2387)Ivan Nardi2024-04-12
| | | | | Restore all unit tests. Add some configuration knobs. Fix the endianess.
* Implemented STUN peer_address, relayed_address, response_origin, ↵Luca Deri2024-04-12
| | | | | | | other_address parsing Added code to ignore invalid STUN realm Extended JSON output with STUN information
* fix invalid readToni Uhlig2024-04-12
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated unit test resultsToni Uhlig2024-04-12
| | | | | | * fixed invalid read Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN:Luca Deri2024-04-12
| | | | | - Fixed issue with XOR-MAPPED-ADDRESS decoding - Implemented MAPPED_ADDRESS (IPv4 only)
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* STUN: rework sub-classification (#2361)Ivan Nardi2024-04-04
| | | | | The main goal is to have the "real" application (if any; i.e. Signal/Whatsapp/Telegram/...) always as "application" protocol and not as "master" one
* Added support for STUN Mapped IP addressLuca Deri2024-04-03
|
* Disable `-Wno-unused-parameter -Wno-unused-function`. (#2358)Toni2024-04-03
| | | | | * unused parameters and functions pollute the code and decrease readability Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN: remove workaround to identify RTP trafficNardi Ivan2024-03-20
| | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector
* STUN: fix fallback when DTL dissection failsNardi Ivan2024-03-20
|
* STUN: dissection of TURN Channel DataNardi Ivan2024-03-20
|
* STUN: add dissection of XOR-PEER-ADDRESS with ipv6 addressNardi Ivan2024-03-20
|
* STUN: improve heurstic to detect old classic-stunNardi Ivan2024-03-20
|
* STUN: update demultiplexing logic according to RFC9443 (#2349)Ivan Nardi2024-03-19
|
* LRU cache: move to 64 bits long keys (#2346)Ivan Nardi2024-03-15
| | | | | | Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key length. At least in the ipv4 cases, we have no more different entries with the same key.
* STUN: fix parsing of DATA attribute (#2345)Ivan Nardi2024-03-14
|
* STUN: add a parameter to configure how long the extra dissection lasts (#2336)Ivan Nardi2024-03-07
| | | Tradeoff: performance (i.e. number of packets) vs sub-classification
* Add a specific protocol id for audio/video calls made using Google apps (#2341)Ivan Nardi2024-03-07
| | | Same logic already used for Signal/Whatsapp/Line/Facebook/...
* STUN: fix category when sub-classification is set in "extra-dissection" data ↵Ivan Nardi2024-02-24
| | | | path (#2320)
* Normalization of host_server_name (#2299)Vitaly Lavrov2024-02-05
| | | | | | | | | * Normalization of host_server_name The ndpi_hostname_sni_set() function replaces all non-printable characters with the "?" character and removing whitespace characters at the end of the line. * Added conditional hostname normalization.
* STUN: fix flow risks when DTLS packets are found (#2266)Ivan Nardi2024-01-19
| | | | | When switching to (D)TLS dissector from the STUN one, we need to clear any flow risks set from the latter (because we don't have anymore `NDPI_PROTOCOL_STUN` in the classification results)
* config: move cfg of aggressiviness and opportunistic TLS to the new APINardi Ivan2024-01-18
|
* STUN: fix detection of Google Meet over IPv6 (#2241)Ivan Nardi2024-01-02
|
* Remove Google Hangouts/Duo stuff (#2233)Vladimir Gavrilov2024-01-02
| | | | | * Remove Google Hangouts/Duo support * Update protocols.rst
* STUN: rework extra dissection (#2202)Ivan Nardi2023-12-11
| | | | | | | Keep looking for RTP packets but remove the monitoring concept. We will re-introduce a more general concept of "flow in monitoring state" later. The function was disabled by default. Some configuration knobs will be provided when/if #2190 is merged.
* STUN: parsing of DATA attribute (#2179)Ivan Nardi2023-12-01
|
* STUN: fix detection of DTLS (#2187)Ivan Nardi2023-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a memory leak ``` ==97697==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x55a6967cfa7e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x701a7e) (BuildId: c7124999fa1ccc54346fa7bd536d8eab88c3ea01) #1 0x55a696972ab5 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #2 0x55a696972da0 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #3 0x55a696b7658d in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2394:46 #4 0x55a696b86e81 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:897:5 #5 0x55a696b80649 in ndpi_search_tls_udp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1262:11 #6 0x55a696b67a57 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2751:5 #7 0x55a696b67758 in switch_to_tls /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1408:3 #8 0x55a696c47810 in stun_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/stun.c:422:4 #9 0x55a6968a22af in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7247:9 #10 0x55a6968acd6f in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7746:5 #11 0x55a6968aba3f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8013:22 #12 0x55a69683d30e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1723:31 #13 0x55a69683d30e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2440:10 #14 0x55a69680f08f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:135:7 [...] SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). ``` Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64564
* Keep separating public and private API (#2157)Ivan Nardi2023-11-29
| | | See: b08c787fe
* STUN: improve demultiplexing of DTLS packets (#2153)Ivan Nardi2023-11-27
| | | | | | Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones. We might end up processing the session a little longer, because we will process the STUN/RTP/RTCP packets after the DTLS handshake.
* Have a clear distinction between public and private/internal API (#2137)Ivan Nardi2023-11-09
| | | | | | 1) Public API/headers in `src/include/` [as it has always been] 2) Private API/headers in `src/lib/` Try to keep the "ndpi_" prefix only for the public functions
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* STUN: fix detection of Google Voip apps (#2031)Ivan Nardi2023-07-05
| | | Fix: 2c7fb9179
* STUN: avoid FacebookVoip false positives (#2029)Ivan Nardi2023-07-03
| | | | Attribute 0xC057 is defined in the Google public implementation of webrtc (which is used by Google products but also by other applications)
* STUN: fix Skype/MsTeams detection and monitoring logic (#2028)Ivan Nardi2023-07-03
|
* STUN: tell RTP from RTCP while in monitoring state (#2027)Ivan Nardi2023-06-27
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
| | | | TCP framing is optional
* STUN: improve WhatsappCall detectionNardi Ivan2023-06-21
|
* STUN: keep monitoring/processing STUN flows (#2012)Ivan Nardi2023-06-21
| | | | Look for RTP packets in the STUN sessions. TODO: tell RTP from RTCP
Powered by cgit, Themed by Ted Yin.