aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
* Merge remote-tracking branch 'origin/dev' into fix/unused-params-and-fnsfix/unused-params-and-fnsToni Uhlig2024-04-02
|\
| * Improve LoL: Wild Rift detection (#2359)Vladimir Gavrilov2024-03-28
| |
| * Add LoL: Wild Rift detection (#2356)Vladimir Gavrilov2024-03-26
| |
| * Add more TencentGames signatures (#2354)Vladimir Gavrilov2024-03-21
| |
| * Improve TencentGames detection (#2353)Vladimir Gavrilov2024-03-20
| | | | | | | | | | * Improve TencentGames detection * Add more signatures
* | Disable `-Wno-unused-parameter -Wno-unused-function`.Toni Uhlig2024-04-02
|/ | | | | | * unused parameters and functions pollute the code and decrease readability Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN: remove workaround to identify RTP trafficNardi Ivan2024-03-20
| | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector
* STUN: fix fallback when DTL dissection failsNardi Ivan2024-03-20
|
* STUN: dissection of TURN Channel DataNardi Ivan2024-03-20
|
* STUN: add dissection of XOR-PEER-ADDRESS with ipv6 addressNardi Ivan2024-03-20
|
* STUN: improve heurstic to detect old classic-stunNardi Ivan2024-03-20
|
* STUN: update demultiplexing logic according to RFC9443 (#2349)Ivan Nardi2024-03-19
|
* Add FLUTE protocol dissector (#2351)Vladimir Gavrilov2024-03-19
| | | | | * Add FLUTE protocol dissector * Add flute.c to MSVC project
* LRU cache: move to 64 bits long keys (#2346)Ivan Nardi2024-03-15
| | | | | | Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key length. At least in the ipv4 cases, we have no more different entries with the same key.
* STUN: fix parsing of DATA attribute (#2345)Ivan Nardi2024-03-14
|
* Add PFCP protocol dissector (#2342)Vladimir Gavrilov2024-03-13
|
* STUN: add a parameter to configure how long the extra dissection lasts (#2336)Ivan Nardi2024-03-07
| | | Tradeoff: performance (i.e. number of packets) vs sub-classification
* Add a specific protocol id for audio/video calls made using Google apps (#2341)Ivan Nardi2024-03-07
| | | Same logic already used for Signal/Whatsapp/Line/Facebook/...
* Fix memory leak (#2340)Ivan Nardi2024-03-07
| | | | | | | | | | | | | | | | ``` Direct leak of 12 byte(s) in 1 object(s) allocated from: #0 0x55779e1a46ff in malloc (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x8706ff) (BuildId: 14c2fc626744710d49d652ea1c5bbb24a8cbab4f) #1 0x55779e2120c7 in ndpi_malloc_wrapper /home/ivan/svnrepos/nDPI/example/ndpiReader.c:298:10 #2 0x55779e5fa215 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #3 0x55779e5fa500 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #4 0x55779e42153c in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2554:46 #5 0x55779e4359a1 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:908:5 #6 0x55779e432de7 in ndpi_search_tls_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1097:2 #7 0x55779e4133f9 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2913:5 ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67250
* Add Path of Exile protocol dissector (#2337)Vladimir Gavrilov2024-03-06
| | | | | * Add Path of Exile protocol dissector * Update protocols.rst
* Improved alert on suspicious DNS trafficLuca Deri2024-03-05
|
* Add NetEase Games detection support (#2335)Vladimir Gavrilov2024-03-05
|
* Add Naraka Bladepoint detection support (#2334)Vladimir Gavrilov2024-03-04
|
* Add BFD protocol dissector (#2332)Vladimir Gavrilov2024-02-29
|
* TLS: avoid setting some flow risks for webrtc trafficNardi Ivan2024-02-26
| | | | | Is quite rare to have a SNI or an ALPN on Client Hello of STUN/DTLS/SRTP traffic
* Telegram: improve identificationNardi Ivan2024-02-26
| | | | | | | | | | | | | | | | | Follow up of 31c706c3dbbf0afc4c8e0a6d0bb6f20796296549 and 75485e177ccc4fafcc62dd46c6917d5b735cf7d2. Allow fast classification by ip, but give time to other dissectors to kick in (for example, the TLS code for the Telegram Web flows). Even if we don't classify it anymore at the very first packet (i.e. SYN) we fully classify Telegram traffic at the first packet with payload, as *any* other protocol. This way, we always have the proper category, the proper confidence for the UDP flows and we don't overwrite previous classifications (TLS or ICMP) Remove old and stale identification logic for TCP flows
* STUN: fix category when sub-classification is set in "extra-dissection" data ↵Ivan Nardi2024-02-24
| | | | path (#2320)
* Add DLEP protocol dissector (#2326)Vladimir Gavrilov2024-02-20
|
* TLS: fix disabling of JA3C fingerprint (#2319)Ivan Nardi2024-02-19
|
* Improved modbus dissection to discard false positivesLuca Deri2024-02-16
|
* Add ANSI C12.22 protocol dissector (#2317)Vladimir Gavrilov2024-02-15
| | | | | * Add ANSI C12.22 protocol dissector * Add UDP sample
* Skype: remove old detection logic (#1954)Ivan Nardi2024-02-12
| | | | | | | Skype has been using standard protocols (STUN/ICE or TLS) for a long, long time, now. Long gone are the days of Skype as a distribuited protocol. See: #2166
* TLS: add configuration of JA* fingerprints (#2313)Ivan Nardi2024-02-10
|
* fuzz: improve fuzzing coverage (#2309)Ivan Nardi2024-02-09
|
* Add detection of Gaijin Entertainment games (#2311)Vladimir Gavrilov2024-02-09
| | | | | | | | | * Add detection of Gaijin Entertainment games * Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN * Add default UDP port for Gaijin Entertainment games * Remove NDPI_PROTOCOL_CROSSOUT protocol id
* Improve normalization of `flow->host_server_name` (#2310)Ivan Nardi2024-02-09
| | | | | | | | | | | | | Follow-up of 4543385d107fcc5a7e8632e35d9a60bcc40cb4f4 Remove trailing spaces for any HTTP header (we already remove leading spaces) We want: * a "normalized" string in `flow->host_server_name`, but * to parse the original string for flow risk checking `ndpi_hostname_sni_set()` is a private function, so there is no need to export its flags.
* Add TencentGames protocol dissector (#2306)Vladimir Gavrilov2024-02-08
|
* Normalization of host_server_name (#2299)Vitaly Lavrov2024-02-05
| | | | | | | | | * Normalization of host_server_name The ndpi_hostname_sni_set() function replaces all non-printable characters with the "?" character and removing whitespace characters at the end of the line. * Added conditional hostname normalization.
* collectd: fix extraction of hostname (#2301)Ivan Nardi2024-02-03
|
* Simplify and fix JA4 string computation. (#2298)Toni2024-02-02
| | | | | | | | | | | | * additional JA4 string buffer is not needed and may cause a string truncation warning ``` protocols/tls.c: In function ‘ndpi_compute_ja4’: protocols/tls.c:1738:3: warning: ‘strncpy’ output may be truncated copying 36 bytes from a string of length 1023 [-Wstringop-truncation] 1738 | strncpy(flow->protos.tls_quic.ja4_client, ja_str, 36); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* CIP: fix infinite-loop (#2295)Ivan Nardi2024-02-01
| | | | | Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66342 See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66320
* Add Gearman protocol dissector (#2297)Vladimir Gavrilov2024-02-01
|
* Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial ↵Luca Deri2024-01-29
| | | | protocol
* Fixes invalid skype detection on UDPLuca Deri2024-01-29
|
* Enhanced exception lists for binary application transferLuca Deri2024-01-29
|
* Add missing NDPI_LOG_DBG in some dissectors (#2290)Vladimir Gavrilov2024-01-29
| | | | | * Add missing NDPI_LOG_DBG * Add missing NDPI_LOG_DBG in yojimbo.c
* Fix RESP detection (#2289)Vladimir Gavrilov2024-01-27
| | | | | * Rename redis_net.c to resp.c * Fix RESP detection
* Add Raft protocol dissector. (#2286)Toni2024-01-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve MySQL detection (#2279)Vladimir Gavrilov2024-01-25
| | | | | * Improve MySQL detection * Update copyright
* Add Radmin protocol dissector (#2283)Vladimir Gavrilov2024-01-25
| | | | | * Add Radmin protocol dissector * Update test results
Powered by cgit, Themed by Ted Yin.