aboutsummaryrefslogtreecommitdiff
path: root/src/lib
Commit message (Collapse)AuthorAge
...
* TLS: avoid zeroing large structures (#1300)Ivan Nardi2021-09-16
| | | | | | | | | | Zeroing large structures (i.e. size > KB) is quite costly (from a CPU point of view): we can safely avoid doing that for a couple of big structures. Standard and Valgrind tests have been diverging quite a lot: it is time to re-sync them. Use the same script and enable Valgrind via an enviroment variable: NDPI_TESTS_VALGRIND=1 ./tests/do.sh
* Hangout: fix usage of STUN function (#1299)Ivan Nardi2021-09-13
|
* Fix some ndpi_malloc/ndpi_free pairs (#1298)Ivan Nardi2021-09-13
|
* Update the list of default ports for QUIC protocol (#1297)Ivan Nardi2021-09-13
| | | There are no reasons to register UDP/80 as a default port for QUIC
* Bittorrent: fix a potential use-of-uninitialized-value error (#1296)Ivan Nardi2021-09-13
| | | | | | Not sure if this is the right fix (from a logical point-of-view): this code hasn't changed since OpenDPI era (!) and I have't found a trace triggering this code path. Anyway, the use-of-uninitialized-value error itself should be fixed.
* Cassandra: fix compilation when "--enable-debug-messages" option is used (#1294)Ivan Nardi2021-09-11
| | | | Let's try adding a dedicated compilation in GitHub Actions to easily detect this kind of errors in the future
* Added new risk for clear text credentialsLuca Deri2021-09-10
|
* Add Cassandra protocol dissector (#1285)lucasbaile2021-09-09
| | | Co-authored-by: Lucas Santos <lucas.santos@zerum.com>
* ARM fixesLuca Deri2021-08-25
|
* Fix access to some TLS fields in flow structure (#1277)Ivan Nardi2021-08-20
| | | | Fields 'tls.hello_processed` and `tls.subprotocol_detected` are used by QUIC (i.e UDP...), too.
* Compile everything with "-W -Wall -Wno-unused-parameter" flags (#1276)Ivan Nardi2021-08-20
| | | | | | | | | | | | | | | | Fix all the warnings. Getting rid of "-Wno-unused-parameter" is quite complex because some parameters usage depends on compilation variable (i.e. `--enable-debug-messages`). The "-Werror" flag has been added only in Travis builds to avoid breaking the builds to users using uncommon/untested OS/compiler/enviroment. Tested on: * x86_64; Ubuntu 20.04; gcc 7,8,9,10,11; clang 7,8,9,10,11,12 * x86_64; CentOS 7.7; gcc 4.8.5 (with "--disable-gcrypt" flag) * Raspberry 4; Debian 10.10; gcc 8.3.0
* Fixed Mingw64 build, SonerCloud-CI and more. (#1273)Toni2021-08-18
| | | | | | | | | | | | | * Added ARM build and unit test run for SonarCloud-CI. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Fixed Mingw64 build. * adapted to SonarCloud-CI workflow * removed broken and incomplete Windows example (tested on VS2017/VS2019) * removed unnecessary include (e.g. pthread.h for the library which does not make use of it) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixes a crash on ARM (Raspberry Pi 4 Model B Rev 1.1)Luca Deri2021-08-18
|
* Fixed some invalid TLS guessesLuca Deri2021-08-17
|
* Added check to avoid clases on similar protocols (FTP adn SMTP) on setting ↵Luca Deri2021-08-11
| | | | hostname
* Added extraction of hostname in SMTPLuca Deri2021-08-11
| | | | Fixed mail incalid subprotocol calculation
* Clode cleanup (after last merge)Luca Deri2021-08-08
|
* Added entropy calculation to check for suspicious (encrypted) payload. (#1270)Toni2021-08-08
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Skip whitespaces between HTTP method and URL. (#1271)Toni2021-08-08
| | | | | * be less case-restrictive, RFC2616 wants it that way Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added TLS fatal alert flow riskLuca Deri2021-08-07
|
* Added ability to report whether a protocol is encryptedLuca Deri2021-08-07
| | | | | | | | | Added new API calls - u_int8_t ndpi_is_valid_protoId(u_int16_t protoId); Cleaned up code and organized in a function. - u_int8_t ndpi_is_encrypted_proto(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto); Check whether a protocol is encrypted or not based on master and app protocols
* Win fixLuca Deri2021-08-03
|
* Added legacy whatsapp rules used to match old pcaps that need to be removed ↵Luca Deri2021-07-31
| | | | in the future
* Improved RTSP detection and fixed HTTP false-positive. Fixes #1229. (#1266)Toni2021-07-31
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated WhatsAPP and Instagram addresses (#1264)Fábio Depin2021-07-31
| | | | | * Updated WhatsAPP addresses * Added Instagram addresses
* Improved libm check via Autoconf. (#1263)Toni2021-07-28
| | | | | * libm will now be part of @ADDITIONAL_LIBS@ (if required) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved risk detection mask algorithmLuca Deri2021-07-26
|
* Improved TFTP detection. Fixes #1242, #1256 (#1262)Toni2021-07-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Implemented ALPN automa for checking uncommon ALPNsLuca Deri2021-07-24
|
* Risk check improvementLuca Deri2021-07-24
|
* Reworked flow risk implementationLuca Deri2021-07-23
|
* Implemented function to retrieve flow information. #1253 (#1254)Toni2021-07-23
| | | | | * fixed [h]euristic typo Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed risk mask implementationLuca Deri2021-07-23
|
* Implementation of flow risk eception (work in progress)Luca Deri2021-07-22
|
* Added risk: TLS_EXTENSION_SUSPICIOUS (#1252)Toni2021-07-19
| | | | | | * validates client/server hello TLS extensions * inspects content for some extensions Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated download category nameLuca Deri2021-07-16
|
* Bug fix. (#1250)Vitaly Lavrov2021-07-16
| | | Restore part of the fields flow->packet after cleaning flow structure.
* Fixed TLS certificate threshold (#1248)pacant2021-07-16
| | | Co-authored-by: pacant <a.pace97@outlook.com>
* Code cleanup. (#1246)Vitaly Lavrov2021-07-16
| | | | ndpi_utils.c: use ndpi_malloc,ndpi_calloc,ndpi_free genshin_impact.c, git.c, hpvirtgrp.c, http.c, z3950.c: removed "#include stdlib.h"
* hulu and netflix dissection improvementsLuca Deri2021-07-14
|
* Code cleanupLuca Deri2021-07-14
|
* TLS Risks - Certificate Validity Too Long (#1239)pacant2021-07-14
| | | | | | | | | | | * Added flow risk: TLS certificate too long * Added flow risk: TLS certificate too long * Date for TLS limit added * TLS certificate check fixed Co-authored-by: pacant <a.pace97@outlook.com>
* Added AVAST SecureDNS protocol. (#1244)Toni2021-07-14
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved Steam detection (Steam Datagram Relay - SDR). (#1243)Toni2021-07-14
| | | | | * improved DNSCrypt midstream detection again (sufficient for all tested use-cases) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved dnscrypt midstream detection. (#1241)Toni2021-07-13
| | | | | * fixed skype false-positive detection of dnscrypt traffic Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ahoсorasick. Code review. Part 2. (#1236)Vitaly Lavrov2021-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Simplified the process of adding lines to AC_AUTOMATA_t. Use the ndpi_string_to_automa() function to add patterns with domain names. For other cases can use ndpi_add_string_value_to_automa(). ac_automata_feature(ac_automa, AC_FEATURE_LC) allows adding and compare data in a case insensitive manner. For mandatory pattern comparison from the end of the line, the "ac_pattern.rep.at_end=1" flag is used. This eliminated unnecessary conversions to lowercase and adding "$" for end-of-line matching in domain name patterns. ac_match_handler() has been renamed ac_domain_match_handler() and has been greatly simplified. ac_domain_match_handler() looks for the template with the highest domain level. For special cases it is possible to manually specify the domain level. Added test for checking ambiguous domain names like: - short.weixin.qq.com is QQ, not Wechat - instagram.faae1-1.fna.fbcdn.net is Instagram, not Facebook If you specify a NULL handler when creating the AC_AUTOMATA_t structure, then a pattern with the maximum length that satisfies the search conditions will be found (exact match, from the beginning of the string, from the end of the string, or a substring). Added debugging for ac_automata_search. To do this, you need to enable debugging globally using ac_automata_enable_debug(1) and enable debugging in the AC_AUTOMATA_t structure using ac_automata_name("name", AC_FEATURE_DEBUG). The search will display "name" and a list of matching patterns. Running "AHO_DEBUG=1 ndpiReader ..." will show the lines that were searched for templates and which templates were found. The ac_automata_dump() prototype has been changed. Now it outputs data to a file. If it is specified as NULL, then the output will be directed to stdout. If you need to get data as a string, then use open_memstream(). Added the ability to run individual tests via the do.sh script
* Fixed false positives in Z39.50Luca Deri2021-07-09
|
* Updated category labelsLuca Deri2021-07-08
|
* Fix for #1230 (#1235)Vitaly Lavrov2021-07-07
| | | | | | | | | | | | | | | * Revert "Fix return value of ndpi_match_string_subprotocol() (#1230)" This reverts commit 58665e93a98d014b53d131b2481ccab074efc9ff. * Checking the return code after calling ndpi_match_string_subprotocol() ndpi_api.h: Description of the returned error codes for the ndpi_match_string_subprotocol() function. If the ndpi_match_string_subprotocol() function returned an error, then return NDPI_PROTOCOL_UNKNOWN. http: The "Content-type" header is only checked if it is not empty.
* Improved RTSP detection the second. (#1232) (#1233)Toni2021-07-07
| | | | | | | * RTSP is no subprotocol of HTTP (most of the time) * detection patterns should stay in rtsp.c * set detected HTTP protocol only if at least a valid HTTP method detected Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.