aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
...
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* HTTP: fix extraction of filename (#2046)Ivan Nardi2023-07-14
|
* HTTP: fix heap-buffer-overflow (#2044)Ivan Nardi2023-07-13
| | | | | | | | | | | | | | | | | | | | | | | ``` ================================================================= ==673246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5080000002fd at pc 0x555c6a22eca2 bp 0x7ffe1db9b290 sp 0x7ffe1db9aa48 READ of size 1 at 0x5080000002fd thread T0 #0 0x555c6a22eca1 in strncpy (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet+0x53aca1) (BuildId: 464e7474cde3de91c01588c7ea0161a05ddd6b63) #1 0x555c6a462a9d in ndpi_http_check_content /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:309:8 #2 0x555c6a45a9a0 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:901:46 #3 0x555c6a4526ce in process_response /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1280:3 #4 0x555c6a44f90f in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1373:9 #5 0x555c6a44f475 in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1459:3 #6 0x555c6a348520 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5949:6 #7 0x555c6a348f2f in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5997:12 #8 0x555c6a348bcf in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6016:12 #9 0x555c6a359e26 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7017:15 #10 0x555c6a355f6f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7184:22 #11 0x555c6a284958 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:5 ``` Found by oss-fuzz. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60557 Fix: 0b0f255cc
* RDP: improve detection over UDP (#2043)Ivan Nardi2023-07-13
|
* Minor code cleanupLuca Deri2023-07-11
|
* added feature to extract filename from http attachment (#2037)Chiara Maggi2023-07-11
| | | | | | | | | | | | | | | | | | | * added feature to extract filename from http attachment * fixed some issues * added check for filename format * added check for filename format * remove an unnecessary print * changed the size from 952 to 960 * modified some test result files * small changes string size * comment removed and mallocs checked
* fuzz: extend fuzzing coverage (#2040)Ivan Nardi2023-07-11
| | | | | | | | | Some notes: * libinjection: according to https://github.com/libinjection/libinjection/issues/44, it seems NULL characters are valid in the input string; * RTP: `rtp_get_stream_type()` is called only for RTP packets; if you want to tell RTP from RTCP you should use `is_rtp_or_rtcp()`; * TLS: unnecessary check; we already make the same check just above, at the beginning of the `while` loop
* Fixed heap-overflow if compiled with `--enable-tls-sigs`. (#2038)Toni2023-07-07
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN: fix detection of Google Voip apps (#2031)Ivan Nardi2023-07-05
| | | Fix: 2c7fb9179
* fixed numeric truncation error in diameter.c (#2034)headshog2023-07-05
|
* fixed numeric truncation error in rtcp.c (#2033)headshog2023-07-05
|
* fixed numeric truncation error in kerberos.c (#2032)headshog2023-07-05
|
* STUN: avoid FacebookVoip false positives (#2029)Ivan Nardi2023-07-03
| | | | Attribute 0xC057 is defined in the Google public implementation of webrtc (which is used by Google products but also by other applications)
* STUN: fix Skype/MsTeams detection and monitoring logic (#2028)Ivan Nardi2023-07-03
|
* STUN: tell RTP from RTCP while in monitoring state (#2027)Ivan Nardi2023-06-27
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* Simplify the report of streaming multimedia info (#2026)Ivan Nardi2023-06-26
| | | | | The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are pretty much identical: rename the former in `flow->flow_multimedia_type` and remove the latter.
* Thrift: fix heap-buffer-overflow (#2024)Ivan Nardi2023-06-26
|
* RTP: rework code (#2021)Ivan Nardi2023-06-23
| | | | | | | Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
* minor fixes (#2023)Ivan Kapranov2023-06-22
| | | | | fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* removed useless call of ndpi_set_risk func (#2022)Ivan Kapranov2023-06-22
|
* Compilation fixLuca Deri2023-06-22
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Waring fixLuca Deri2023-06-21
|
* Gnutella: improve detection (#2019)Ivan Nardi2023-06-21
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
| | | | TCP framing is optional
* STUN: improve WhatsappCall detectionNardi Ivan2023-06-21
|
* Line: fix heap-buffer-overflow error (#2015)Ivan Nardi2023-06-21
|
* STUN: keep monitoring/processing STUN flows (#2012)Ivan Nardi2023-06-21
| | | | Look for RTP packets in the STUN sessions. TODO: tell RTP from RTCP
* Reworked teams handlingLuca Deri2023-06-15
|
* Implemented Zoom/Teams stream type detectionLuca Deri2023-06-14
|
* Improved line protocol dissection with heuristicLuca Deri2023-06-13
|
* Added check to avoid skype heuristic false positivesLuca Deri2023-06-12
|
* QUIC: fix dissection of packets forcing VNNardi Ivan2023-06-08
|
* QUIC: fix a memory access errorNardi Ivan2023-06-08
| | | | Found while fuzzing
* QUIC: add support for QUIC version 2Nardi Ivan2023-06-08
| | | | | | See: https://www.rfc-editor.org/rfc/rfc9369.txt Old v2-01 version has been removed, since it has never been really used.
* Numeric truncation at `tls.c:1010` (#2005)headshog2023-06-08
| | | | | * fixed numtrunc error in protocols/tls.c * fixed build error for tls.c
* Add bitcoing protocol dissector. (#1992)Maatuq2023-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add bitcoing protocol dissector. * remove bitcoin protcol detection from mining.c * add a new bitcoin deissector. * add a new category: Cryptocurrency. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * Remove useless checks and add missing windows and docs file. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update affected tests. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * add a brief version. Add notes on the difference between normal bitcoin protocol and the mining protocol. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update enable_payload_stat test after dev rebasing. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> --------- Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Remove some useless checks (#1993)Ivan Nardi2023-05-28
| | | | | | In the main dissector callbacks the flow protocols are (almost) always unknown. Only two exceptions: * extra dissection data path * HTTP sub-protocols
* Add support for Epic Games and GeForceNow/Nvidia (#1990)Ivan Nardi2023-05-27
|
* Add support for SRTP (#1977)Ivan Nardi2023-05-16
| | | | | | | The goal is to have Zoom flows classified as "Encrypted" and not as "Cleartext". Start documenting the list of protocols supported by nDPI; format, verbosity and content are still a work-in-progress.
* HTTP: rework state machine (#1966)Ivan Nardi2023-05-16
| | | | | | | | | | | | | | | | | The goal if to correlate the right request-response pair, exporting metadata from only one transaction (for example, the right url & return state pair) As a nice side effect, the code should be much cleaner, but that is a matter of taste. Two differences respect to the previous code: * as it happens in the CI, if in the flow there are only one response (before) and one request (after), only the metadata of the response are saved/exported * for performance reasons, we don't call `ndpi_parse_packet_line_info()` anymore for ALL packets triggering the HTTP dissector, but only for the packets that we already know belong to an HTTP flow. This is the reason for the changes in RTSP/SOAP/... code
* All protocols should be excluded sooner or later (#1969)Ivan Nardi2023-05-10
| | | | | For a lot of protocols, reduce the number of packets after which the protocols dissector gives up. The values are quite arbitary, tring to not impact on classification
* Improve detection of crawlers/bots (#1968)Ivan Nardi2023-05-09
| | | Add support for Facebook crawler
* Disabled query string validation in MDNS in order to avoid zapping chars ↵Luca Deri2023-05-09
| | | | that in DNS (instead) are not permitted
* HTTP: improve extraction of metadata and of flow risks (#1959)Ivan Nardi2023-05-05
|
* HTTP: remove useless code about XBOX (#1958)Ivan Nardi2023-05-04
| | | | | Old nDPI versions were able to detect XBOX flows over HTTP via user-agent matching. This feature has been removed from a long time (89d548f9d, at very least)
* Make Bittorrent LRU cache IPv6 aware. (#1909)Ivan Nardi2023-04-29
| | | | It was the only remaining LRU cache without IPv6 support. See 81e1ea545ca465cda064e7cc80333fe7f0ef2aff
* RTP: remove dead-code (#1953)Ivan Nardi2023-04-25
| | | | | | | | | | | | The checks `isValidMSRTPType(..) == 1` is a subset of `is_valid_rtp_payload_type()` so this if-branch is never reached. More importantly, the article describing how to detect Microsoft Lync and Skype for Business is from 2014. These payload types are static or they are in the dynamic range: in both cases, these values might be used (and they are used indeed) pretty much by every application. Bottom line: we can't use PT alone to identify a specific protocol. Keep the list, since it is used to tell audio streams from video ones.
Powered by cgit, Themed by Ted Yin.