aboutsummaryrefslogtreecommitdiff
path: root/src/lib
Commit message (Collapse)AuthorAge
...
* fuzz: extend fuzzing coverage (#2750)Ivan Nardi2025-02-28
|
* Added valid TLS extensions that used to trigger invalid risksLuca Deri2025-02-27
|
* Fix a crash reported by fuzzing (#2749)Ivan Nardi2025-02-27
| | | | | | | | | | | | | ``` ==17==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8d7c8bc915 bp 0x7ffd25039910 sp 0x7ffd250390c8 T0) ==17==The signal is caused by a READ memory access. ==17==Hint: address points to the zero page. SCARINESS: 10 (null-deref) #0 0x7f8d7c8bc915 (/lib/x86_64-linux-gnu/libc.so.6+0x188915) (BuildId: 0323ab4806bee6f846d9ad4bccfc29afdca49a58) #1 0x55f437be04a3 in strlen /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc #2 0x55f437cfa3cb in ndpi_get_host_domain /src/ndpi/src/lib/ndpi_domains.c:144:9 #3 0x55f437caf21e in LLVMFuzzerTestOneInput /src/ndpi/fuzz/fuzz_config.cpp:703:3 ```
* TOR: fix ip lists (#2748)Ivan Nardi2025-02-27
| | | | One list is from ingress nodes (used for protocol classification) and the second one is from exit nodes (used for flow risk check)
* Fix csv serializationAlfredo Cardigliano2025-02-26
|
* Improved Tor detectionLuca Deri2025-02-24
|
* Improved Tor exit node download and added IPv6 supportLuca Deri2025-02-24
|
* Add city as a geoip possibility (#2746)Leonardo Teixeira Alves2025-02-24
|
* Improved Google PlayStore detectionLuca Deri2025-02-24
|
* UBNTAC2: rework detection (#2744)Ivan Nardi2025-02-23
|
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Create a new protocol id to handle Mozilla/Firefox generic traffic (#2740)Ivan Nardi2025-02-21
| | | Close #2738
* Move `rtp` info out of `flow->protos` (#2739)Ivan Nardi2025-02-21
| | | | | Thiw way, the code is ready to handle rtp info from STUN flows too. And, most important, this change works as workaround to fix some crashes reported by oss-fuzz
* Fix build error due to an unused static function in the p17m fuzzer. (#2737)Toni2025-02-21
| | | | | * fixed buffer overflow in RTP dissector Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added checkLuca2025-02-21
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* Further domain checksLuca Deri2025-02-19
|
* Fixed bug in domain name computationLuca Deri2025-02-17
|
* SSDP: add configuration for disabling metadata extraction (#2736)Ivan Nardi2025-02-17
|
* DNS: rework "extra-dissection" code (#2735)Ivan Nardi2025-02-17
|
* added metadata fields for M-NOTIFY (#2733)Ivan Kapranov2025-02-17
|
* Fix/restore some public defines (#2734)Ivan Nardi2025-02-17
| | | See 6899f6c17 and 9bf513b34
* Reworked memory allocationLuca Deri2025-02-16
|
* DNS: fix message parsing (#2732)Ivan Nardi2025-02-16
|
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* DNS: fix parsing of hostname for empty response messages (#2731)Ivan Nardi2025-02-16
|
* DNS: rework adding entries to the FPC-DNS cache (#2730)Ivan Nardi2025-02-16
| | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support
* DNS: improved detection and handling of TCP packets (#2728)Ivan Nardi2025-02-15
|
* DNS: rework code (#2727)Ivan Nardi2025-02-15
|
* Added RUTUBE (#2725)Ivan Kapranov2025-02-15
|
* DNS: fix dissection (#2726)Ivan Nardi2025-02-15
|
* DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724)Ivan Nardi2025-02-15
| | | We already set the same flow risk for invalid request messages
* reworked ntp info extraction (#2723)Ivan Kapranov2025-02-15
|
* DNS: rework code parsing responses (#2722)Ivan Nardi2025-02-14
|
* DNS: rework/isolate code to process domain name (#2721)Ivan Nardi2025-02-13
|
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
* DNS: try to simplify the code (#2718)Ivan Nardi2025-02-12
| | | Set the classification in only one place in the code.
* DNS: fix check for DGA domain (#2716)Ivan Nardi2025-02-11
| | | | If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
* DNS: disable subclassification by default (#2715)Ivan Nardi2025-02-11
| | | | Prelimary change to start supporting multiple DNS transactions on the same flow
* DNS: evaluate all flow risks even if sub-classification is disabled (#2714)Ivan Nardi2025-02-11
|
* dns: fix writing to `flow->protos.dns`Ivan Nardi2025-02-11
| | | | | We can't write to `flow->protos.dns` until we are sure it is a valid DNS flow
* DNS: fix dissection when there is only the response messageIvan Nardi2025-02-11
|
* Removed traceLuca Deri2025-02-10
|
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* Introduced QoE (Quality of Experience) protocol classificationLuca Deri2025-02-06
|
* Updated SNI for YandexMetrica and YandexAlice (#2711)Ivan Kapranov2025-02-06
| | | Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* Preliminary work to rework `struct ndpi_flow_struct` (#2705)Ivan Nardi2025-02-04
| | | | | | | | No significant changes: * Move around some fields to avoid holes in the structures. * Some fields are about protocols based only on TCP. * Remove some unused (or set but never read) fields. See #2631
* DNS: another fix about the relationship between FPC and subclassification ↵Ivan Nardi2025-01-31
| | | | | (#2709) See: c669bb314
Powered by cgit, Themed by Ted Yin.