aboutsummaryrefslogtreecommitdiff
path: root/src/lib
Commit message (Collapse)AuthorAge
* Warning fixesLuca Deri2023-10-30
|
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* Custom rules: fix a stack overflow (#2128)Ivan Nardi2023-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` ==19255==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f515bb3bf80 at pc 0x55796e01394a bp 0x7fff4fb5c050 sp 0x7fff4fb5b7e0 WRITE of size 58 at 0x7f515bb3bf80 thread T0 #0 0x55796e013949 in scanf_common(void*, int, bool, char const*, __va_list_tag*) asan_interceptors.cpp.o #1 0x55796e0147df in __isoc99_sscanf (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x77f7df) (BuildId: a88601afb2c538ead3968648f39b9aa4da53427c) #2 0x55796e0fc74a in ndpi_add_host_ip_subprotocol /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:2771:13 #3 0x55796e0fb029 in ndpi_handle_rule /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:4411:16 #4 0x55796e103738 in ndpi_load_protocols_file_fd /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:4901:8 #5 0x55796e0ca96d in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols.c:38:3 #6 0x55796dfd78e0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x7428e0) (BuildId: a88601afb2c538ead3968648f39b9aa4da53427c) #7 0x55796dfc0e93 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x72be93) (BuildId: a88601afb2c538ead3968648f39b9aa4da53427c) #8 0x55796dfc6d96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x731d96) (BuildId: a88601afb2c538ead3968648f39b9aa4da53427c) #9 0x55796dff1672 in main (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x75c672) (BuildId: a88601afb2c538ead3968648f39b9aa4da53427c) #10 0x7f515df19082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x55796dfbbb0d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x726b0d) (BuildId: a88601afb2c538ead3968648f39b9aa4da53427c) Address 0x7f515bb3bf80 is located in stack of thread T0 at offset 128 in frame #0 0x55796e0fb977 in ndpi_add_host_ip_subprotocol /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:2703 This frame has 4 object(s): [32, 36) 'pin' (line 2705) [48, 64) 'pin6' (line 2706) [80, 96) 'd' (line 2769) [112, 128) 'tail' (line 2770) <== Memory access at offset 128 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow asan_interceptors.cpp.o in scanf_common(void*, int, bool, char const*, __va_list_tag*) Shadow bytes around the buggy address: ```
* Disbling AES-NI on FreeBSD as the feature checke does not work wellLuca Deri2023-10-30
| | | | and it enables it by mistake on IntelB. Coreb" i3-3240 Processor
* FreeBSD compilation fix (missingcvg #include <netdb.h>)Luca Deri2023-10-29
|
* Implements support for symbolic host names (#2123)Luca Deri2023-10-29
|
* Added checkLuca Deri2023-10-29
|
* Rename some functions with more useful/clear names (#2127)Ivan Nardi2023-10-29
|
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for custom rules (#2120)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* Improved Protobuf dissector. (#2119)Toni2023-10-27
| | | | | * tag extraction/validation was done wrong Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Jabber: remove support for UDP (#2115)Ivan Nardi2023-10-26
| | | | | | Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp` suggests that...). Bug introduced in 5266c726f
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* Fixed endian issue while DEBUG_PROTOBUF is enabled. (#2112)Toni2023-10-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved detection as non DGA for hostnames belnging to a CDN (#2068)Luca Deri2023-10-23
|
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved CryNetwork protocol dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Remote Management Control Protocol (RMCP).Toni Uhlig2023-10-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved Steam detection by adding steamdiscover pattern. (#2105)Toni2023-10-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed OpenWRT arm related build issues. (#2104)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed two OpenWRT arm related build issues. (#2103)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fuzz: extend fuzzing coverageNardi Ivan2023-10-15
|
* Added NDPI_MALWARE_HOST_CONTACTED flow riskLuca Deri2023-10-13
|
* Fix for buffer overflow in serializationLuca2023-10-11
|
* Improved MGCP detection by allowing '\r' as line feed.lns2023-10-11
| | | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: export QUIC version as metadataNardi Ivan2023-10-11
|
* Serialization fixLuca Deri2023-10-11
|
* fuzzing: extend fuzzing coverageNardi Ivan2023-10-09
| | | | | Try fuzzing some functions which write to file/file descriptor; to avoid slowing the fuzzer, close its stdout
* fuzz: extend fuzzing coverageNardi Ivan2023-10-07
|
* version of dirent.c that is liked by both VC++ and MinGWLuca Deri2023-10-05
|
* Windows code reworkLuca Deri2023-10-05
|
* Windows compilation fixesLuca Deri2023-10-05
|
* Win include changeLuca Deri2023-10-05
|
* Added HAProxy protocol. (#2088)Toni2023-10-02
| | | | | | * fixed tests/do.sh.in failure print Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cleaned up mining datastructureLuca2023-09-27
|
* Added printf/fprintf replacement for some internal modules. (#1974)Toni2023-09-26
| | | | | | * logging is instead redirected to `ndpi_debug_printf` Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Renamed HTTP/2 to HTTP2 as the '/' can have side effects with applications ↵Luca Deri2023-09-20
| | | | sitting on top of nDPI
* Add support for (un-encrypted) HTTP/2 (#2087)Ivan Nardi2023-09-18
| | | | Plaintext HTTP/2 is quite rare on the general "internet" but it is used in some private networks (example: 5G core network)
* fuzz: extend fuzzing coverageNardi Ivan2023-09-16
|
* Add `ndpi_domain_classify_finalize()` function (#2084)Ivan Nardi2023-09-12
| | | | | | | | | The "domain classify" data structure is immutable, since it uses "bitmap64". Allow to finalize it before starting to process packets (i.e. before calling `ndpi_domain_classify_contains()`) to avoid, in the data-path, all the memory allocations due to compression. Calling `ndpi_domain_classify_finalize()` is optional.
* tftp: check incrementation for DATA and ACK packetsThomas Winter2023-09-12
| | | | | | | | | | | | | The 2 bytes following the opcode for DATA and ACK packets are the block number and this should be incrementing every packet. We should check to see that this is occurring otherwise false matches can occur, eg L2TPv3 over UDP matches the DATA opcode but the next two bytes are always zero. Remove the DATA max block size assumption since this can be false if the blksize option is used to increase it. Fixes #2070
* tftp: check for Option AcknowledgementsThomas Winter2023-09-12
| | | | | | | | | TFTP Option Acknowledgement packets were being excluded. When a read/write request contains options, an Option Acknowledgement is returned that contains the option strings that the transaction will use. The options sent in the request are not compared with what was acknowledged.
* tftp: rework request checking to account for optionsThomas Winter2023-09-12
| | | | | | | | | | | | | | | | | Read and write requests were not handling options. The existing code inspecting request messages assumed that the string before the end of the payload was the mode and that the filename length depended on the mode length. However the first two strings are the filename and mode which can be followed by any number of option strings. Rework the checking of the filename and mode to just search the first two strings which should always exist. Any options after that are ignored. Absence of the filename or mode is now excludes the TFTP protocol. Absence of the filename no longer is considered malformed packet because it can match other protocols falsely.
* Fixes matches with domain name strings that start with a dotLuca Deri2023-09-11
|
* fuzz: add fuzzers to test bitmap64 and domain_classify data structures (#2082)Ivan Nardi2023-09-10
|
* fuzz: add fuzzers to test reader_util code (#2080)Ivan Nardi2023-09-10
|
Powered by cgit, Themed by Ted Yin.