aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
...
* SIP: improve detection (#1654)Ivan Nardi2022-07-09
|
* TFTP: fix memory access (#1653)Ivan Nardi2022-07-08
|
* LDAP: rewrite dissection (#1649)Ivan Nardi2022-07-08
|
* SMB: add (partial) support for messages split into multiple TCP segments (#1644)Ivan Nardi2022-07-07
|
* SMTP: add support for X-ANONYMOUSTLS comamnd (#1650)Ivan Nardi2022-07-07
|
* Kerberos: add support for Krb-Error messages (#1647)Ivan Nardi2022-07-07
|
* Spotify: remove some useless ip ranges (#1646)Ivan Nardi2022-07-07
| | | | | | | These AS numbers are no more related to Spotify (or, if they are, they don't have any prefixes anyway). Even if we find some valid Spotify AS, we should handle them via the generic "autogenerated logic" used for every AS, and not in the dissector code.
* MONGODB: avoid false positivesNardi Ivan2022-07-07
|
* TLS: ignore invalid Content Type valuesNardi Ivan2022-07-07
|
* Added Threema Messenger. (#1643)Toni2022-07-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added another RiotGames signature.Toni Uhlig2022-07-06
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639)Toni2022-07-06
| | | | | | | | | | | | | | | | | * Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Revert "SMTP with STARTTLS is now identified as SMTPS" This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482. * Revert "Compilation fix" This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5. * Sync unit tests. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* SMTP with STARTTLS is now identified as SMTPSLuca Deri2022-07-05
|
* Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes ↵Toni2022-07-05
| | | | | | | #1630. (#1637) * FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Exported username in flow informationLuca Deri2022-07-04
|
* Cleaned-up issuer DN check code addingLuca Deri2022-07-04
| | | | | | | | | u_int8_t ndpi_check_issuerdn_risk_exception(struct ndpi_detection_module_struct *ndpi_str, char *issuerDN); Added new API function for checking nDPI-configured exceptions u_int8_t ndpi_check_flow_risk_exception(struct ndpi_detection_module_struct *ndpi_str, u_int num_params, ndpi_risk_params **params);
* Replaced malicious JA3-md5/SSL-cert-sha1 ac automata with hashmaps.Toni Uhlig2022-07-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added UltraSurf protocol dissector. (#1618)Toni2022-07-04
| | | | | * TLSv1.3 UltraSurf flows are not detected by now Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added i3D and RiotGames protocol dissectors. (#1609)Toni2022-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TargusDataspeed: avoid false positives (#1628)Ivan Nardi2022-07-03
| | | | | TargusDataspeed dissector doesn't perform any real DPI checks but it only looks at the TCP/UDP ports. Delete it, and use standard logic to classify these flows by port.
* Skinny: rework and improve classification (#1625)Ivan Nardi2022-07-03
|
* Skype_Teams, Mining, SnapchatCall: fix flow category (#1624)Ivan Nardi2022-07-03
|
* Usenet: improve dissection (#1622)Ivan Nardi2022-07-03
|
* TLS: add support for old DTLS versions and for detection of mid-sessions (#1619)Ivan Nardi2022-07-03
|
* Improved TFTP. Dissect Read/Write Request filenames. (#1617)Toni2022-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Removed space from "Genshin Impact"Luca Deri2022-06-30
|
* Renamed Z39.50 -> Z3950 as the '.' breaks the naming conventionLuca2022-06-28
| | | | QUIC is a network protocol
* Enhanced TLS risk info reported to usersLuca Deri2022-06-28
|
* Improved SOAP via HTTP. (#1605)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved GenshinImpact protocol dissector. (#1604)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added collectd dissector (again). (#1601)Toni2022-06-17
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved IPSec/ISAKMP detection. (#1600)Toni2022-06-16
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Add support for PIM (Protocol Indipendent Multicast) protocol (#1599)Ivan Nardi2022-06-15
| | | Close #1598
* Improved WhatsApp detection. (#1595)Toni2022-06-14
| | | Signed-off-by: lns <matzeton@googlemail.com>
* DNS: fix TTL check and sync unit test results (#1594)Ivan Nardi2022-06-14
|
* Updated DNS alert triggered only with TTL == 0Luca Deri2022-06-14
|
* Added check for DGA names that resolve to a valid recordLuca Deri2022-06-13
|
* Improved DNS traffic analysisLuca Deri2022-06-13
| | | | Added ability to identify application and network protocols
* Added DNS record TTL checkLuca Deri2022-06-13
|
* Added Pragmatic General Multicast (PGM) protocol detectionLuca Deri2022-06-08
|
* Dissect host line if SSDP contains such. (#1586)Toni2022-06-07
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Fixed syslog false negatives. (#1582)Toni2022-06-05
| | | | | - RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns <matzeton@googlemail.com>
* Fix some debug messages (#1583)Ivan Nardi2022-06-05
| | | Increase max number of flows handled during fuzzing
* Fixed invalid DHCP dissectionLuca Deri2022-06-05
|
* Fixed DHCP dissection bugLuca Deri2022-06-05
|
* Added RSH dissector. Fixes #202. (#1581)Toni2022-06-04
| | | | | | - added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations Signed-off-by: lns <matzeton@googlemail.com>
* Fix syslog heap overflow introduced in ↵Toni2022-06-04
| | | | | | | 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c. (#1579) - fixes #1578 Signed-off-by: lns <matzeton@googlemail.com>
* Fixed syslog false positives. (#1577)Toni2022-06-03
| | | | | | | * syslog: removed unnecessary/unreliable printable string check * added `ndpi_isalnum()` * splitted `ndpi_is_printable_string()` into `ndpi_is_printable_buffer()` and `ndpi_normalize_printable_string()` Signed-off-by: lns <matzeton@googlemail.com>
* Fix heap buffer overflow mentioned in #1574. (#1576)Toni2022-06-02
| | | Signed-off-by: lns <matzeton@googlemail.com>
* TLS: fix use-of-uninitialized-value error (#1573)Ivan Nardi2022-06-02
| | | | | | | | | | | | | | | | | | | | | | Proper fix for the error already reported in 9040bc74 ``` Uninitialized bytes in __interceptor_strlen at offset 3 inside [0x7ffc7a147390, 4) ==111876==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55e3e4f32e5b in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:268:13 #1 0x55e3e4ef7391 in ndpi_set_risk /home/ivan/svnrepos/nDPI/src/lib/ndpi_utils.c:2254:12 #2 0x55e3e5022fdf in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1523:8 #3 0x55e3e503af44 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:865:5 #4 0x55e3e50397cd in ndpi_search_tls_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1024:2 #5 0x55e3e503570c in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2453:5 #6 0x55e3e4f84a6a in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5150:6 #7 0x55e3e4f85778 in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5198:12 #8 0x55e3e4f851e1 in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5217:12 #9 0x55e3e4f96c7a in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6076:15 #10 0x55e3e4ed91ef in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:29:5 #11 0x55e3e4eda27e in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:101:17 #12 0x7f5cb3146082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #13 0x55e3e4e5140d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0xa340d) (BuildId: 0c02c433e039970dd13a60382b94dd5a8e19f625) ```
Powered by cgit, Themed by Ted Yin.