aboutsummaryrefslogtreecommitdiff
path: root/src/lib
Commit message (Collapse)AuthorAge
* Exteended cybersecurity listLuca Deri2022-02-10
|
* Invalid prototupe fixLuca Deri2022-02-10
|
* HSRP: fix dissection over IPv6 (#1443)Ivan Nardi2022-02-10
| | | Handle all message types.
* Added cybersecurity category mapping to stringLuca Deri2022-02-10
|
* Added cybersecurity protocol and category that groups traffic towards ↵Luca Deri2022-02-10
| | | | leading cybersecurity companies and CDNs, useful to make destinations that should be marked as trusted in firewalls and security gateways
* HSRP: add support for IPv6 (#1440)Ivan Nardi2022-02-09
|
* Added VXLAN dissector (#1439)Dmytrii Vitman2022-02-09
| | | * RFC 7348
* Fix memory access in ndpi_strnstr() (#1438)Ivan Nardi2022-02-09
| | | | | | | Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44482 It should be the same error reported (and only partially fixed) in 79968f32
* Add few scripts to easily update some IPs lists (#1436)Ivan Nardi2022-02-09
| | | | | | | | | | | | | | | | | | | | | | | | * Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Added ndpi_serialize_string_string_len() APi callLuca Deri2022-02-08
| | | | Fixed CSV string serialization
* Added HSRP protocol detectionLuca Deri2022-02-08
| | | | Removed attic directory now obsolete
* Added check to ignore multicast packets marking the as SkypeLuca Deri2022-02-08
|
* Improved MDNS/LLMNR detection. (#1437)Toni2022-02-07
| | | | | | * Checking for port 5353/5355 is not enough. * Added additional multicast address and header checks. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TLS: fix parsing of certificate elements (#1435)Ivan Nardi2022-02-07
| | | | | | | | | | | | | | Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44280 ``` ==263603==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x592478 in ndpi_is_printable_string ndpi/src/lib/ndpi_utils.c:2200:9 #1 0x5b047c in processCertificateElements ndpi/src/lib/protocols/tls.c:400:7 #2 0x5ac880 in processCertificate ndpi/src/lib/protocols/tls.c:790:7 #3 0x5c3a32 in processTLSBlock ndpi/src/lib/protocols/tls.c:844:13 #4 0x5c2c61 in ndpi_search_tls_tcp ndpi/src/lib/protocols/tls.c:973:2 #5 0x5c117d in ndpi_search_tls_wrapper ndpi/src/lib/protocols/tls.c:2367:5 #6 0x552a50 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:4792:6 ```
* Sync utests (#1433)Ivan Nardi2022-02-04
| | | | | | | * Sync utest results * Fix read-heap-buffer-overflow error reported by CI See: https://github.com/ntop/nDPI/runs/5055876515?check_suite_focus=true
* Added NDPI_ERROR_CODE_DETECTED riskLuca Deri2022-02-03
|
* Renamed DCERPC to more generic RPC protocol so we can use also for other ↵Luca Deri2022-02-03
| | | | | | | types of RPCs (not limited to DCE) Extended HTTP plugin to support RPC Improved HTTP crear text detection to limit it to Basic and Digest
* Added new IDN/Punycode risk for spotting internationalized domain namesLuca2022-02-03
|
* Remove `struct ndpi_id_struct` (#1427)Ivan Nardi2022-01-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the last uses of `struct ndpi_id_struct`. That code is not really used and it has not been updated for a very long time: see #1279 for details. Correlation among flows is achieved via LRU caches. This change allows to further reduce memory consumption (see also 91bb77a8). At nDPI 4.0 (more precisly, at a6b10cf, because memory stats were wrong until that commit): ``` nDPI Memory statistics: nDPI Memory (once): 221.15 KB Flow Memory (per flow): 2.94 KB ``` Now: ``` nDPI Memory statistics: nDPI Memory (once): 235.27 KB Flow Memory (per flow): 688 B <-------- ``` i.e. memory usage per flow has been reduced by 77%. Close #1279
* Remove Playstation VUE protocol (#1426)Ivan Nardi2022-01-30
| | | | PS VUE service has been discontinued on January 30, 2020 https://en.wikipedia.org/wiki/PlayStation_Vue
* Commented old code (see https://github.com/ntop/nDPI/pull/1425)Luca Deri2022-01-30
|
* Improve protocol stacks (#1425)Ivan Nardi2022-01-30
| | | | | | | | | | | | | | | | | We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
* Extend protocols support (#1422)Ivan Nardi2022-01-29
| | | | | | | | | | | | | | | | | | Add detection of AccuWeather site/app and Google Classroom. Improve detection of Azure, Zattoo, Whatsapp, MQTT and LDAP. Fix some RX false positives. Fix some "Uncommon TLS ALPN"-risk false positives. Fix "confidence" value for some Zoom/Torrent classifications. Minor fix in Lua script for Wireshark extcap. Update .gitignore file. Let GitHub correctly detect the language type of *.inc files. Zattoo example has been provided by @subhajit-cdot in #1148.
* Fix some race conditions by using atomic operations. (#1420)Toni2022-01-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Make some protocols more "big-endian" friendly (#1402)Ivan Nardi2022-01-29
| | | See #1312
* Updated alert description caseLuca2022-01-28
|
* Fixed heap overflow in nDPI realloc wrapper if new size < old size. (#1421)Toni2022-01-27
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Kerberos, TLS, example: fix some memory errors (#1419)Ivan Nardi2022-01-27
| | | | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43823 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43921 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43925
* Added support for the .goog Google TLDLuca Deri2022-01-26
|
* Serializing empty `risk blocks' pollutes the resulting string. (#1417)Toni2022-01-26
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow riskLuca Deri2022-01-26
| | | | Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days
* Removed pandora.tv from pandora protocol as they are different services that ↵Luca Deri2022-01-25
| | | | shouldd not be mixed
* Improved pandora TV detectionLuca Deri2022-01-24
|
* Improved Zoom protocol detectionLuca Deri2022-01-23
|
* Fix ndpi_serialize_string_int64Alfredo Cardigliano2022-01-21
|
* Fix Grease values parsing (#1416)havsah2022-01-21
| | | | | | | | | | | The check for grease was too broad and filtered some valid values. In particular, the value 257 was skipped because it matched the previous check. This has been discovered while parsing tests/pcap/443-firefox.pcap expected ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256-257,0 previously generated ja3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256,0 Signed-off-by: Patrick Havelange <patrick.havelange_ext@softathome.com>
* Added JA3 in risj exceptionsLuca Deri2022-01-20
|
* Fixed certificate mismatch checkLuca Deri2022-01-19
|
* TLS, H323, examples: fix some memory errors (#1414)Ivan Nardi2022-01-18
| | | | | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26880 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26906 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43782 https://oss-fuzz.com/testcase-detail/6334089358082048
* Netbios, CSGO: fix two memory errors (#1413)Ivan Nardi2022-01-18
| | | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43754 https://oss-fuzz.com/testcase-detail/5329842395021312
* build: respect environment options more (#1392)Sam James2022-01-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * build: update m4/ax_pthread.m4 from serial 23 -> serial 31 Update ax_pthread.m4 to the latest version from the autoconf-archive project. Signed-off-by: Sam James <sam@gentoo.org> * build: properly detect AR, CC, RANLIB It's necessary to be able to override choice of AR/CC/RANLIB and other toolchain variables/tools for cross-compilation, testing with other toolchains, and to ensure the compiler chosen by the user is actually used for the build. Previously, GNU_PREFIX was kind-of used for this but this isn't a standard variable (at all) and it wasn't applied consistently anyway. We now use the standard autoconf mechanisms for finding these tools. (RANLIB is already covered by LT_INIT.) Signed-off-by: Sam James <sam@gentoo.org> * build: use $(MAKE) This ensures that parallel make works correctly, as otherwise, a fresh make job will be started without the jobserver fd, and hence not know about its parent, forcing -j1. * build: respect CPPFLAGS, LDFLAGS - CPPFLAGS is for the C preprocessor (usually for setting defines) - LDFLAGS should be placed before objects for certain flags to work (e.g. -Wl,--as-needed) Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* H323: fix a use-after-poison error (#1412)Ivan Nardi2022-01-17
| | | | | | | Detected by oss-fuzz See: https://oss-fuzz.com/testcase-detail/6730505580576768 Fix a function prototype Update a unit test results
* Improved Badoo detection (missing mobile app domain)Luca Deri2022-01-17
|
* Added Badoo detectionLuca Deri2022-01-17
|
* Adds some risk exceptions for popular services and domain namesLuca2022-01-17
| | | | via a new (internal) function named ndpi_add_domain_risk_exceptions()
* TLS: fix a use-of-uninitialized-value error (#1411)Ivan Nardi2022-01-16
| | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43705
* Zattoo: fix Null-dereference READ with ipv6 traffic (#1410)Ivan Nardi2022-01-16
| | | | | Fix: 20b5f6d7 Detected by oss-fux: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43700
* XBox, Diameter: fix dissectors initialization (#1405)Ivan Nardi2022-01-16
| | | | | | | | These dissectors have *never* been triggered because their registration functions use the wrong parameter/bitmask. Diameter code is buggy since the origianl commit (1d108234), while XBox code since 5266c726. Fix some false positives in Xbox code.
* Added performance tests toolsLuca Deri2022-01-16
|
* Kerberos: fix use-of-uninitialized-value error (#1409)Ivan Nardi2022-01-15
| | | | Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43677
Powered by cgit, Themed by Ted Yin.