aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
...
* Minor code cleanupLuca Deri2024-04-11
|
* Add The Elder Scrolls Online support (#2376)Vladimir Gavrilov2024-04-10
| | | | | | | | | | | * Add The Elder Scrolls Online support * Use ndpi_memmem instead of memmem from libc * Add protocol description * Change selection bitmask to V4_V6 * Update protocols.rst
* Add Shellscript risk detection. (#2375)Toni2024-04-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix a warning and restore a unit test result (#2379)Ivan Nardi2024-04-10
|
* Tuned DNS risk valuesLuca Deri2024-04-09
| | | | Modified NDPI_BINARY_TRANSFER_ATTEMPT in NDPI_BINARY_DATA_TRANSFER
* Fixed false positives on binary application transfer riskLuca Deri2024-04-08
|
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* Get rid of Apache Kafka false positives (#2372)Vladimir Gavrilov2024-04-06
|
* Fix: 3 typos (#2366)RoboSchmied2024-04-04
| | | Signed-off-by: RoboSchmied <github@roboschmie.de>
* STUN: rework sub-classification (#2361)Ivan Nardi2024-04-04
| | | | | The main goal is to have the "real" application (if any; i.e. Signal/Whatsapp/Telegram/...) always as "application" protocol and not as "master" one
* Added support for STUN Mapped IP addressLuca Deri2024-04-03
|
* Added binary data transfer risk alertLuca2024-04-03
|
* Disable `-Wno-unused-parameter -Wno-unused-function`. (#2358)Toni2024-04-03
| | | | | * unused parameters and functions pollute the code and decrease readability Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve LoL: Wild Rift detection (#2359)Vladimir Gavrilov2024-03-28
|
* Add LoL: Wild Rift detection (#2356)Vladimir Gavrilov2024-03-26
|
* Add more TencentGames signatures (#2354)Vladimir Gavrilov2024-03-21
|
* Improve TencentGames detection (#2353)Vladimir Gavrilov2024-03-20
| | | | | * Improve TencentGames detection * Add more signatures
* STUN: remove workaround to identify RTP trafficNardi Ivan2024-03-20
| | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector
* STUN: fix fallback when DTL dissection failsNardi Ivan2024-03-20
|
* STUN: dissection of TURN Channel DataNardi Ivan2024-03-20
|
* STUN: add dissection of XOR-PEER-ADDRESS with ipv6 addressNardi Ivan2024-03-20
|
* STUN: improve heurstic to detect old classic-stunNardi Ivan2024-03-20
|
* STUN: update demultiplexing logic according to RFC9443 (#2349)Ivan Nardi2024-03-19
|
* Add FLUTE protocol dissector (#2351)Vladimir Gavrilov2024-03-19
| | | | | * Add FLUTE protocol dissector * Add flute.c to MSVC project
* LRU cache: move to 64 bits long keys (#2346)Ivan Nardi2024-03-15
| | | | | | Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key length. At least in the ipv4 cases, we have no more different entries with the same key.
* STUN: fix parsing of DATA attribute (#2345)Ivan Nardi2024-03-14
|
* Add PFCP protocol dissector (#2342)Vladimir Gavrilov2024-03-13
|
* STUN: add a parameter to configure how long the extra dissection lasts (#2336)Ivan Nardi2024-03-07
| | | Tradeoff: performance (i.e. number of packets) vs sub-classification
* Add a specific protocol id for audio/video calls made using Google apps (#2341)Ivan Nardi2024-03-07
| | | Same logic already used for Signal/Whatsapp/Line/Facebook/...
* Fix memory leak (#2340)Ivan Nardi2024-03-07
| | | | | | | | | | | | | | | | ``` Direct leak of 12 byte(s) in 1 object(s) allocated from: #0 0x55779e1a46ff in malloc (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x8706ff) (BuildId: 14c2fc626744710d49d652ea1c5bbb24a8cbab4f) #1 0x55779e2120c7 in ndpi_malloc_wrapper /home/ivan/svnrepos/nDPI/example/ndpiReader.c:298:10 #2 0x55779e5fa215 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #3 0x55779e5fa500 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #4 0x55779e42153c in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2554:46 #5 0x55779e4359a1 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:908:5 #6 0x55779e432de7 in ndpi_search_tls_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1097:2 #7 0x55779e4133f9 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2913:5 ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67250
* Add Path of Exile protocol dissector (#2337)Vladimir Gavrilov2024-03-06
| | | | | * Add Path of Exile protocol dissector * Update protocols.rst
* Improved alert on suspicious DNS trafficLuca Deri2024-03-05
|
* Add NetEase Games detection support (#2335)Vladimir Gavrilov2024-03-05
|
* Add Naraka Bladepoint detection support (#2334)Vladimir Gavrilov2024-03-04
|
* Add BFD protocol dissector (#2332)Vladimir Gavrilov2024-02-29
|
* TLS: avoid setting some flow risks for webrtc trafficNardi Ivan2024-02-26
| | | | | Is quite rare to have a SNI or an ALPN on Client Hello of STUN/DTLS/SRTP traffic
* Telegram: improve identificationNardi Ivan2024-02-26
| | | | | | | | | | | | | | | | | Follow up of 31c706c3dbbf0afc4c8e0a6d0bb6f20796296549 and 75485e177ccc4fafcc62dd46c6917d5b735cf7d2. Allow fast classification by ip, but give time to other dissectors to kick in (for example, the TLS code for the Telegram Web flows). Even if we don't classify it anymore at the very first packet (i.e. SYN) we fully classify Telegram traffic at the first packet with payload, as *any* other protocol. This way, we always have the proper category, the proper confidence for the UDP flows and we don't overwrite previous classifications (TLS or ICMP) Remove old and stale identification logic for TCP flows
* STUN: fix category when sub-classification is set in "extra-dissection" data ↵Ivan Nardi2024-02-24
| | | | path (#2320)
* Add DLEP protocol dissector (#2326)Vladimir Gavrilov2024-02-20
|
* TLS: fix disabling of JA3C fingerprint (#2319)Ivan Nardi2024-02-19
|
* Improved modbus dissection to discard false positivesLuca Deri2024-02-16
|
* Add ANSI C12.22 protocol dissector (#2317)Vladimir Gavrilov2024-02-15
| | | | | * Add ANSI C12.22 protocol dissector * Add UDP sample
* Skype: remove old detection logic (#1954)Ivan Nardi2024-02-12
| | | | | | | Skype has been using standard protocols (STUN/ICE or TLS) for a long, long time, now. Long gone are the days of Skype as a distribuited protocol. See: #2166
* TLS: add configuration of JA* fingerprints (#2313)Ivan Nardi2024-02-10
|
* fuzz: improve fuzzing coverage (#2309)Ivan Nardi2024-02-09
|
* Add detection of Gaijin Entertainment games (#2311)Vladimir Gavrilov2024-02-09
| | | | | | | | | * Add detection of Gaijin Entertainment games * Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN * Add default UDP port for Gaijin Entertainment games * Remove NDPI_PROTOCOL_CROSSOUT protocol id
* Improve normalization of `flow->host_server_name` (#2310)Ivan Nardi2024-02-09
| | | | | | | | | | | | | Follow-up of 4543385d107fcc5a7e8632e35d9a60bcc40cb4f4 Remove trailing spaces for any HTTP header (we already remove leading spaces) We want: * a "normalized" string in `flow->host_server_name`, but * to parse the original string for flow risk checking `ndpi_hostname_sni_set()` is a private function, so there is no need to export its flags.
* Add TencentGames protocol dissector (#2306)Vladimir Gavrilov2024-02-08
|
* Normalization of host_server_name (#2299)Vitaly Lavrov2024-02-05
| | | | | | | | | * Normalization of host_server_name The ndpi_hostname_sni_set() function replaces all non-printable characters with the "?" character and removing whitespace characters at the end of the line. * Added conditional hostname normalization.
* collectd: fix extraction of hostname (#2301)Ivan Nardi2024-02-03
|
Powered by cgit, Themed by Ted Yin.