| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
|
| |
|
|
| |
prevented Skype calls to be properly identified
|
| | |
|
| | |
|
| |
|
| |
STUN traffic doesn't use multicast addresses
|
| |
|
|
| |
defined (#1109)
|
| |
|
|
|
|
|
|
|
| |
Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00
In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
|
| |
|
|
|
| |
* QUIC: fix heap-buffer-overflow
* TLS: fix parsing of QUIC Transport Parameters
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name
Close #1077
* QUIC: fix matching of custom categories
* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions
* QUIC: fix serialization
* QUIC: add DGA check for older GQUIC versions
|
| |
|
|
| |
be present with POSTs and not with other methods such as GET
|
| | |
|
| |
|
| |
QUIC (final!?) constants for v1 are defined in draft-33
|
| |
|
|
|
|
| |
FB_ZERO was an experimental protocol run by Facebook.
They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but
them so it is definitely dead.
See: https://engineering.fb.com/2018/08/06/security/fizz/
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
invalidate dissection
|
| | |
|
| | |
|
| |
|
| |
Close #1082
|
| | |
|
| |
|
|
|
| |
START_TLS used. (#1079)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* Add connectionless DCE/RPC detection
* Add DCE/RPC pcap file as well as its test result
Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
|
| |
|
|
|
|
|
|
|
| |
Most of the QUIC crypto code has been "copied-and-pasted" from Wireshark;
try to stay in sync with the original sources to ease backporting of fixes.
Only cosmetic changes and code refactoring; no behaviour changes or bugfixes.
See:
https://gitlab.com/wireshark/wireshark/-/commit/5e45f770fd79ca979c41ed397fee72d2e8fb5f1e
https://gitlab.com/wireshark/wireshark/-/commit/5798b91c1526747bf688b6746b33562c1b24a9e0
|
| | |
|
| |
|
|
|
|
|
| |
* QUIC: fix return value on error path on quic_cipher_init()
* QUIC: allow dissection of sessions forcing version negotiation
Enhance heuristic to avoid false positives.
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Syntax error caused buffer pointer to equal 0x1
Possible copy-paste from lines 141-142?
* Another comma operator
* whitespace matching
* another comma operator
* another comma operator
* another comma operator
* Check for non-zero payload
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one
* QUIC: fix a memory leak
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* Add new skype pcap
PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap)
* Improve skype detection
|
| |
|
|
| |
Removed heuristic from CiscoVPN as it leads to false positives
|
| |
|
|
|
|
| |
application data TLS blocks are now ignored when exchanged before
- the end of certificate negotiation (up to TLS 1.2)
- change cipher
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The "offset" field is a variable-length integer.
This bug hasn't any practical effects right now, since we are ignoring any
packet with "offset" != 0 (and the value 0 is always encoded in only one byte).
But extracting a correct "offset" is important if we are ever going to handle
fragmented Client Hello messages.
|
| | |
|
| | |
|
| |
|
|
|
| |
Optimized various UDP dissectors
Removed dead protocols such as pando and pplive
|
| | |
|
| | |
|
| | |
|