aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
* Replace my personal email with my corporate one in all my contributions (#2399)0x41CEA552024-04-20
|
* Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398)0x41CEA552024-04-19
|
* Add KNXnet/IP protocol support (#2397)0x41CEA552024-04-19
| | | | | * Add KNXnet/IP protocol support * Improve KNXnet/IP over TCP detection
* Domain Classification Improvements (#2396)Luca Deri2024-04-18
| | | | | | | | | | | | | | | | | | | * Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list
* STUN: fix attributes list iteration (#2391)Ivan Nardi2024-04-13
| | | We need to check all the attributes, to look for any possible metadata
* STUN: try to stop extra dissection earlier, if possible (#2390)Ivan Nardi2024-04-13
|
* STUN: add support for ipv6 in some metadata (#2389)Ivan Nardi2024-04-13
|
* STUN: simplify ip/port parsing (#2388)Ivan Nardi2024-04-13
| | | Add other 2 configuration options
* STUN: fix boundary checks on attribute list parsing (#2387)Ivan Nardi2024-04-12
| | | | | Restore all unit tests. Add some configuration knobs. Fix the endianess.
* Implemented STUN peer_address, relayed_address, response_origin, ↵Luca Deri2024-04-12
| | | | | | | other_address parsing Added code to ignore invalid STUN realm Extended JSON output with STUN information
* fix invalid readToni Uhlig2024-04-12
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Label Distribution Protocol support (#2385)Vladimir Gavrilov2024-04-12
| | | | | | | * Add Label Distribution Protocol support * Fix typo * Update unit test results
* Updated unit test resultsToni Uhlig2024-04-12
| | | | | | * fixed invalid read Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN:Luca Deri2024-04-12
| | | | | - Fixed issue with XOR-MAPPED-ADDRESS decoding - Implemented MAPPED_ADDRESS (IPv4 only)
* Minor code cleanupLuca Deri2024-04-11
|
* Add The Elder Scrolls Online support (#2376)Vladimir Gavrilov2024-04-10
| | | | | | | | | | | * Add The Elder Scrolls Online support * Use ndpi_memmem instead of memmem from libc * Add protocol description * Change selection bitmask to V4_V6 * Update protocols.rst
* Add Shellscript risk detection. (#2375)Toni2024-04-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix a warning and restore a unit test result (#2379)Ivan Nardi2024-04-10
|
* Tuned DNS risk valuesLuca Deri2024-04-09
| | | | Modified NDPI_BINARY_TRANSFER_ATTEMPT in NDPI_BINARY_DATA_TRANSFER
* Fixed false positives on binary application transfer riskLuca Deri2024-04-08
|
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* Get rid of Apache Kafka false positives (#2372)Vladimir Gavrilov2024-04-06
|
* Fix: 3 typos (#2366)RoboSchmied2024-04-04
| | | Signed-off-by: RoboSchmied <github@roboschmie.de>
* STUN: rework sub-classification (#2361)Ivan Nardi2024-04-04
| | | | | The main goal is to have the "real" application (if any; i.e. Signal/Whatsapp/Telegram/...) always as "application" protocol and not as "master" one
* Added support for STUN Mapped IP addressLuca Deri2024-04-03
|
* Added binary data transfer risk alertLuca2024-04-03
|
* Disable `-Wno-unused-parameter -Wno-unused-function`. (#2358)Toni2024-04-03
| | | | | * unused parameters and functions pollute the code and decrease readability Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve LoL: Wild Rift detection (#2359)Vladimir Gavrilov2024-03-28
|
* Add LoL: Wild Rift detection (#2356)Vladimir Gavrilov2024-03-26
|
* Add more TencentGames signatures (#2354)Vladimir Gavrilov2024-03-21
|
* Improve TencentGames detection (#2353)Vladimir Gavrilov2024-03-20
| | | | | * Improve TencentGames detection * Add more signatures
* STUN: remove workaround to identify RTP trafficNardi Ivan2024-03-20
| | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector
* STUN: fix fallback when DTL dissection failsNardi Ivan2024-03-20
|
* STUN: dissection of TURN Channel DataNardi Ivan2024-03-20
|
* STUN: add dissection of XOR-PEER-ADDRESS with ipv6 addressNardi Ivan2024-03-20
|
* STUN: improve heurstic to detect old classic-stunNardi Ivan2024-03-20
|
* STUN: update demultiplexing logic according to RFC9443 (#2349)Ivan Nardi2024-03-19
|
* Add FLUTE protocol dissector (#2351)Vladimir Gavrilov2024-03-19
| | | | | * Add FLUTE protocol dissector * Add flute.c to MSVC project
* LRU cache: move to 64 bits long keys (#2346)Ivan Nardi2024-03-15
| | | | | | Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key length. At least in the ipv4 cases, we have no more different entries with the same key.
* STUN: fix parsing of DATA attribute (#2345)Ivan Nardi2024-03-14
|
* Add PFCP protocol dissector (#2342)Vladimir Gavrilov2024-03-13
|
* STUN: add a parameter to configure how long the extra dissection lasts (#2336)Ivan Nardi2024-03-07
| | | Tradeoff: performance (i.e. number of packets) vs sub-classification
* Add a specific protocol id for audio/video calls made using Google apps (#2341)Ivan Nardi2024-03-07
| | | Same logic already used for Signal/Whatsapp/Line/Facebook/...
* Fix memory leak (#2340)Ivan Nardi2024-03-07
| | | | | | | | | | | | | | | | ``` Direct leak of 12 byte(s) in 1 object(s) allocated from: #0 0x55779e1a46ff in malloc (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x8706ff) (BuildId: 14c2fc626744710d49d652ea1c5bbb24a8cbab4f) #1 0x55779e2120c7 in ndpi_malloc_wrapper /home/ivan/svnrepos/nDPI/example/ndpiReader.c:298:10 #2 0x55779e5fa215 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #3 0x55779e5fa500 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #4 0x55779e42153c in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2554:46 #5 0x55779e4359a1 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:908:5 #6 0x55779e432de7 in ndpi_search_tls_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1097:2 #7 0x55779e4133f9 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2913:5 ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67250
* Add Path of Exile protocol dissector (#2337)Vladimir Gavrilov2024-03-06
| | | | | * Add Path of Exile protocol dissector * Update protocols.rst
* Improved alert on suspicious DNS trafficLuca Deri2024-03-05
|
* Add NetEase Games detection support (#2335)Vladimir Gavrilov2024-03-05
|
* Add Naraka Bladepoint detection support (#2334)Vladimir Gavrilov2024-03-04
|
* Add BFD protocol dissector (#2332)Vladimir Gavrilov2024-02-29
|
* TLS: avoid setting some flow risks for webrtc trafficNardi Ivan2024-02-26
| | | | | Is quite rare to have a SNI or an ALPN on Client Hello of STUN/DTLS/SRTP traffic
Powered by cgit, Themed by Ted Yin.