aboutsummaryrefslogtreecommitdiff
path: root/src/lib
Commit message (Collapse)AuthorAge
...
* Add a new specific ID for generic Ubiquity traffic (#2796)Ivan Nardi2025-04-16
|
* Update all IP/domain lists (#2795)Ivan Nardi2025-04-16
| | | | | | | | | | | | | | | | | | ProtonVPN script have been not working in the last week. ``` Error "Invalid access token" ``` ProtonVPN is doing a major upgrade in its infrastructure: ``` In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Apr 09, 2025 - 11:30 CEST Scheduled - In the following period from the 9th of April up to the 30th of April, various Proton VPN dedicated servers will be in temporary maintenance mode, for a short duration period, in order to allow us to perform a major infrastructure upgrade, paving the way for overall increased performance and efficiency of our Proton VPN infrastructure. We apologize for the occasional inconvenience. Apr 9, 2025 11:30 - Apr 30, 2025 23:30 CEST ``` Let's wait if it works again in the future...
* Enhanced Cybersecurity protocolLuca Deri2025-04-12
|
* UBNTAC2,Ookla: improve detection (#2793)Ivan Nardi2025-04-10
|
* FPC: save all addresses from DNS to `fpc_dns` cache (#2792)Ivan Nardi2025-04-10
|
* Follow-up of latest Signal call change (see: 4d41588a7)Ivan Nardi2025-04-05
|
* Extend list of domains for SNI matching (#2791)Ivan Nardi2025-04-05
|
* Add a resonable TTL (!=0) for all LRU caches (#2790)Ivan Nardi2025-04-04
| | | Be sure that entries expire sooner or later
* Added check while dissecting non-TCP packets ndpi_search_tls_tcpLuca Deri2025-04-04
| | | | Renamed ndpi_search_tls_udp to ndpi_search_dtls
* Implemented detection of the latest Signal video/audio calls leveraging on ↵Luca Deri2025-04-02
| | | | Cloudflare CDN
* OS fingerprint code cleanupLuca Deri2025-03-31
|
* blizzard: improve detection of generic battle.net trafficIvan Nardi2025-03-30
|
* blizzard: add detection of Overwatch2Ivan Nardi2025-03-30
|
* WoW: update detectionIvan Nardi2025-03-30
| | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
* Wireguard: fix configuration of sub-classificationIvan Nardi2025-03-28
|
* TLS: avoid exporting TLS heuristic fingerprint as metadata (#2783)Ivan Nardi2025-03-27
|
* Add safety checksAlfredo Cardigliano2025-03-27
|
* Add support for UTF-8 encoding in JSON serializationAlfredo Cardigliano2025-03-27
|
* Fix a stack-buffer-overflow error (#2782)Ivan Nardi2025-03-27
| | | | | | | | | | | | | | ``` ==40795==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7dd7ff94a6a0 at pc 0x5f2e95e21423 bp 0x7ffccfe0f110 sp 0x7ffccfe0e8d0 READ of size 129 at 0x7dd7ff94a6a0 thread T0 #0 0x5f2e95e21422 in StrtolFixAndCheck(void*, char const*, char**, char*, int) asan_interceptors.cpp.o #1 0x5f2e95e0ceb1 in __isoc23_strtol (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_config+0x7bfeb1) (BuildId: 2cfb818387b5d84d6fa1447db291acb2595493d4) #2 0x5f2e95f1d036 in __get_flowrisk_id /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:11524:9 #3 0x5f2e95f1c3c7 in _set_param_flowrisk_enable_disable /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:11793:17 #4 0x5f2e95e9e17f in ndpi_set_config /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:12051:12 #5 0x5f2e95e9cbe5 in load_config_file_fd /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:4985:14 ``` Found by oss-fuzz. See: https://issues.oss-fuzz.com/issues/406446504
* Added ndpi_str_to_utf8() API call to convert an ISO 8859 stirng to UTF-8Luca2025-03-27
|
* Use the proper helper to exclude protocols (#2781)Ivan Nardi2025-03-26
|
* Improved configuration to enable/disable export of flow risk info (#2780)Ivan Nardi2025-03-25
| | | | Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the configuration is for flow-risk, not global
* Warning fixLuca Deri2025-03-25
|
* Added API calls to load TCP fingeprintsLuca Deri2025-03-25
| | | | | | | int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str, char *fingerprint, enum operating_system_hint os); int load_tcp_fingerprint_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); int ndpi_load_tcp_fingerprint_file(struct ndpi_detection_module_struct *ndpi_str, const char *path);
* Rework the old Starcraft code to identify traffic from generic Blizzard ↵Ivan Nardi2025-03-25
| | | | | games (#2776) Remove `NDPI_PROTOCOL_STARCRAFT` and add a generic `NDPI_PROTOCOL_BLIZZARD`.
* Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779)Ivan Nardi2025-03-25
| | | | | | | Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk. Disable fully-encryption detection by default, like all the obfuscation heuristics.
* Remove `NDPI_TLS_SUSPICIOUS_ESNI_USAGE` flow risk (#2778)Ivan Nardi2025-03-25
| | | | | | That flow risk was introduced in 79b89d286605635f15edfe3c21297aaa3b5f3acf but we can now use the generic `NDPI_TLS_SUSPICIOUS_EXTENSION` instead: ESNI is quite suspicious nowadays in itself (i.e. even without SNI). Note that ESNI support has been removed in cae9fb9989838f213eeb857b8fc4bbeac6940049
* armagetron: update code (#2777)Ivan Nardi2025-03-25
|
* Added initial LLM traffic recognitionLuca Deri2025-03-24
|
* Added secondary singl eexponential smoothing implementationLuca Deri2025-03-24
|
* Rework the old MapleStory code to identify traffic from generic Nexon games ↵Ivan Nardi2025-03-19
| | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON`
* FastCGI: use specific metadata, not the HTTP ones (#2774)Ivan Nardi2025-03-19
| | | | We are going to use HTTP metadata only for real HTTP traffic; FastCGI should be the only protocol using them improperly
* Avoid duplicated Microsoft domains (#2770)Ivan Nardi2025-03-18
| | | | | Update the list Close #2767
* TLS: avoid sub-classification for RDP flows (#2769)Ivan Nardi2025-03-14
| | | | | | | | | | | | | | | | These flows are already classified as TLS.RDP. This change also fix a memory leak ``` Direct leak of 62 byte(s) in 1 object(s) allocated from: #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46 #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13 #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46 #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10 #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/5244512192757760
* Added extra check to trap application that mix on the same flow different ↵Luca Deri2025-03-12
| | | | | | protocols Fixes #2762
* Merge pull request #2760 from IvanNardi/internal_giveupIvan Nardi2025-03-11
|\ | | | | Add a new internal function `internal_giveup()`
| * Add a new internal function `internal_giveup()`Ivan Nardi2025-03-05
| | | | | | | | | | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets)
* | Update ndpi_utils.cIvan Kapranov2025-03-11
| |
* | Add GearUP Booster protocol dissector (heuristic based). (#2765)Toni2025-03-07
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Add GearUP Booster application protocol. (#2764)Toni2025-03-06
| | | | | | | | | | protocol dissector will follow Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Add Autonomous System Organization to geoip (#2763)Leonardo Teixeira Alves2025-03-06
|/ | | Co-authored-by: Leonardo Teixeira Alves <leonardo.alves@zerum.com>
* Add configuration parameter to enable/disable export of flow risk info (#2761)Ivan Nardi2025-03-05
| | | | For the most common protocols, avoid creating the string message if we are not going to use it
* Fix function checking if a packet is multicastIvan Nardi2025-03-04
|
* custom rules: try to have a coherent behaviourIvan Nardi2025-03-04
| | | | | | | | | | | | | Custom rules with *new* protocols are checked "first": if there is a match, the first packet of the flow provides a complete and final classification. The same logic should apply to custom rules with "existing" protocols: if there is match, nDPI shouldn't do anything else. Remove the `tcp:3000@ntop` custom rule. Fix the default port for ElasticSearch (in the protocol file)
* Flow risk infos are always exported "in order" (by flow risk id)Ivan Nardi2025-03-04
| | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order.
* Address cache: fix a use-of-uninitialized-value error on cache restoreIvan Nardi2025-03-03
| | | | | | | | | | | | ``` ==29602==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x563af77d47ac in ndpi_address_cache_restore /home/ivan/svnrepos/nDPI/src/lib/ndpi_cache.c:450:8 #1 0x563af77d6b52 in ndpi_cache_address_restore /home/ivan/svnrepos/nDPI/src/lib/ndpi_cache.c:518:10 #2 0x563af77c73e5 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ds_address_cache.cpp:100:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/6653546833707008
* DNS: remove never-trigger checkIvan Nardi2025-03-03
| | | | This `if` check is always false
* Flute: fix heap-buffer-overflowIvan Nardi2025-03-02
| | | | | | | | | | | | | | | | ``` ==13852==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5150000027da at pc 0x5fa4b65d08ac bp 0x7ffc4c57ed60 sp 0x7ffc4c57e508 READ of size 4 at 0x5150000027da thread T0 #0 0x5fa4b65d08ab in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_pl7m_64k+0x78c8ab) (BuildId: 15b63a623e404a4a0be658cae7336391fc8353db) #1 0x5fa4b65d0d80 in memcmp (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_pl7m_64k+0x78cd80) (BuildId: 15b63a623e404a4a0be658cae7336391fc8353db) #2 0x5fa4b68bfe7e in ndpi_search_flute /home/ivan/svnrepos/nDPI/src/lib/protocols/flute.c:52:9 #3 0x5fa4b6764406 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7571:6 #4 0x5fa4b67bf703 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7606:10 ``` Found by oss-fuzz See: https://oss-fuzz.com/testcase-detail/5261204335689728
* Address cache: fix some bugs on cache traversalIvan Nardi2025-03-01
| | | | Add a new fuzzer to test it
* ICMP: move all the logic to the proper dissector fileIvan Nardi2025-02-28
| | | | | | | There are no reasons to keep entropy calculation and sanity checks code on the "guessing" algorithm. BTW, this change also fix the entropy calculation for non TCP/UDP/ICMP flows
Powered by cgit, Themed by Ted Yin.