aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
* Add Microsoft Delivery Optimization protocol (#2799)Vladimir Gavrilov2025-04-28
|
* STUN/RTP: extend extracted metadata (#2798)Ivan Nardi2025-04-17
|
* UBNTAC2,Ookla: improve detection (#2793)Ivan Nardi2025-04-10
|
* FPC: save all addresses from DNS to `fpc_dns` cache (#2792)Ivan Nardi2025-04-10
|
* Added check while dissecting non-TCP packets ndpi_search_tls_tcpLuca Deri2025-04-04
| | | | Renamed ndpi_search_tls_udp to ndpi_search_dtls
* Implemented detection of the latest Signal video/audio calls leveraging on ↵Luca Deri2025-04-02
| | | | Cloudflare CDN
* blizzard: improve detection of generic battle.net trafficIvan Nardi2025-03-30
|
* blizzard: add detection of Overwatch2Ivan Nardi2025-03-30
|
* WoW: update detectionIvan Nardi2025-03-30
| | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
* Wireguard: fix configuration of sub-classificationIvan Nardi2025-03-28
|
* TLS: avoid exporting TLS heuristic fingerprint as metadata (#2783)Ivan Nardi2025-03-27
|
* Use the proper helper to exclude protocols (#2781)Ivan Nardi2025-03-26
|
* Improved configuration to enable/disable export of flow risk info (#2780)Ivan Nardi2025-03-25
| | | | Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the configuration is for flow-risk, not global
* Rework the old Starcraft code to identify traffic from generic Blizzard ↵Ivan Nardi2025-03-25
| | | | | games (#2776) Remove `NDPI_PROTOCOL_STARCRAFT` and add a generic `NDPI_PROTOCOL_BLIZZARD`.
* Remove `NDPI_TLS_SUSPICIOUS_ESNI_USAGE` flow risk (#2778)Ivan Nardi2025-03-25
| | | | | | That flow risk was introduced in 79b89d286605635f15edfe3c21297aaa3b5f3acf but we can now use the generic `NDPI_TLS_SUSPICIOUS_EXTENSION` instead: ESNI is quite suspicious nowadays in itself (i.e. even without SNI). Note that ESNI support has been removed in cae9fb9989838f213eeb857b8fc4bbeac6940049
* armagetron: update code (#2777)Ivan Nardi2025-03-25
|
* Rework the old MapleStory code to identify traffic from generic Nexon games ↵Ivan Nardi2025-03-19
| | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON`
* FastCGI: use specific metadata, not the HTTP ones (#2774)Ivan Nardi2025-03-19
| | | | We are going to use HTTP metadata only for real HTTP traffic; FastCGI should be the only protocol using them improperly
* TLS: avoid sub-classification for RDP flows (#2769)Ivan Nardi2025-03-14
| | | | | | | | | | | | | | | | These flows are already classified as TLS.RDP. This change also fix a memory leak ``` Direct leak of 62 byte(s) in 1 object(s) allocated from: #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46 #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13 #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46 #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10 #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/5244512192757760
* Add GearUP Booster protocol dissector (heuristic based). (#2765)Toni2025-03-07
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add configuration parameter to enable/disable export of flow risk info (#2761)Ivan Nardi2025-03-05
| | | | For the most common protocols, avoid creating the string message if we are not going to use it
* DNS: remove never-trigger checkIvan Nardi2025-03-03
| | | | This `if` check is always false
* Flute: fix heap-buffer-overflowIvan Nardi2025-03-02
| | | | | | | | | | | | | | | | ``` ==13852==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5150000027da at pc 0x5fa4b65d08ac bp 0x7ffc4c57ed60 sp 0x7ffc4c57e508 READ of size 4 at 0x5150000027da thread T0 #0 0x5fa4b65d08ab in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_pl7m_64k+0x78c8ab) (BuildId: 15b63a623e404a4a0be658cae7336391fc8353db) #1 0x5fa4b65d0d80 in memcmp (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_pl7m_64k+0x78cd80) (BuildId: 15b63a623e404a4a0be658cae7336391fc8353db) #2 0x5fa4b68bfe7e in ndpi_search_flute /home/ivan/svnrepos/nDPI/src/lib/protocols/flute.c:52:9 #3 0x5fa4b6764406 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7571:6 #4 0x5fa4b67bf703 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7606:10 ``` Found by oss-fuzz See: https://oss-fuzz.com/testcase-detail/5261204335689728
* ICMP: move all the logic to the proper dissector fileIvan Nardi2025-02-28
| | | | | | | There are no reasons to keep entropy calculation and sanity checks code on the "guessing" algorithm. BTW, this change also fix the entropy calculation for non TCP/UDP/ICMP flows
* Added valid TLS extensions that used to trigger invalid risksLuca Deri2025-02-27
|
* Improved Tor detectionLuca Deri2025-02-24
|
* UBNTAC2: rework detection (#2744)Ivan Nardi2025-02-23
|
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Move `rtp` info out of `flow->protos` (#2739)Ivan Nardi2025-02-21
| | | | | Thiw way, the code is ready to handle rtp info from STUN flows too. And, most important, this change works as workaround to fix some crashes reported by oss-fuzz
* Fix build error due to an unused static function in the p17m fuzzer. (#2737)Toni2025-02-21
| | | | | * fixed buffer overflow in RTP dissector Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added checkLuca2025-02-21
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* SSDP: add configuration for disabling metadata extraction (#2736)Ivan Nardi2025-02-17
|
* DNS: rework "extra-dissection" code (#2735)Ivan Nardi2025-02-17
|
* added metadata fields for M-NOTIFY (#2733)Ivan Kapranov2025-02-17
|
* Fix/restore some public defines (#2734)Ivan Nardi2025-02-17
| | | See 6899f6c17 and 9bf513b34
* DNS: fix message parsing (#2732)Ivan Nardi2025-02-16
|
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* DNS: fix parsing of hostname for empty response messages (#2731)Ivan Nardi2025-02-16
|
* DNS: rework adding entries to the FPC-DNS cache (#2730)Ivan Nardi2025-02-16
| | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support
* DNS: improved detection and handling of TCP packets (#2728)Ivan Nardi2025-02-15
|
* DNS: rework code (#2727)Ivan Nardi2025-02-15
|
* DNS: fix dissection (#2726)Ivan Nardi2025-02-15
|
* DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724)Ivan Nardi2025-02-15
| | | We already set the same flow risk for invalid request messages
* reworked ntp info extraction (#2723)Ivan Kapranov2025-02-15
|
* DNS: rework code parsing responses (#2722)Ivan Nardi2025-02-14
|
* DNS: rework/isolate code to process domain name (#2721)Ivan Nardi2025-02-13
|
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
Powered by cgit, Themed by Ted Yin.