| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new version is about 25% faster with -O2 and 45% faster with -O3.
No recursion is used (smaller stack size required).
Uses less memory (by valgrind info)
bigram:
- original 1796 allocs, 247864 bytes allocated
- new 1232 allocs, 158880 bytes allocated
host_match:
- original 18038 allocs, 3004576 bytes allocated
- new 6861 allocs, 396624 bytes allocated
The function ac_automata_search() is thread safe.
Optional case-insensitive comparison.
Matching at the beginning and at the end of the string is supported.
One code file and one header file.
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Facebook is still using its own ALPN for HTTP2 as well
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Added ndpi_dump_risks_score() API score
|
| |
|
|
| |
Added ndpi_get_upper_proto() API call
|
| |
|
|
| |
Removed fragment manager code
|
| | |
|
| | |
|
| |
|
|
| |
Added Fortigate protocol
|
| | |
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
```
In file included from protocols/fasttrack.c:29:
../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers]
1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk);
| ^~~~~
In file included from protocols/amazon_video.c:28:
../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers]
1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk);
| ^~~~~
...
ndpi_utils.c: In function ‘ndpi_risk2severity’:
ndpi_utils.c:1834:1: warning: control reaches end of non-void function [-Wreturn-type]
1834 | }
| ^
```
|
| |
|
|
|
|
|
|
|
|
| |
```
==69562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6100009000fb at pc 0x7f41882003a7 bp 0x7f4183cfbfc0 sp 0x7f4183cfb768
READ of size 32 at 0x6100009000fb thread T1
#0 0x7f41882003a6 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
#1 0x560b2d7462a1 in processClientServerHello protocols/tls.c:1647
#2 0x560b2d73be6a in processTLSBlock protocols/tls.c:712
#3 0x560b2d73e61f in ndpi_search_tls_udp protocols/tls.c:968
```
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Error detected with valgrind.
==13127== Conditional jump or move depends on uninitialised value(s)
==13127== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==13127== by 0x1A93B6: ndpi_strdup (ndpi_main.c:159)
==13127== by 0x1C07CC: processClientServerHello (tls.c:1678)
==13127== by 0x1C0C4C: processTLSBlock (tls.c:712)
==13127== by 0x1C0C4C: ndpi_search_tls_tcp.part.0 (tls.c:849)
See also 8c3674e9
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Increased risk bitmask to 64bit (instead of 32bit).
* Removed annoying "Unknown datalink" error message for fuzzers.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
int ndpi_get_geoip_asn(struct ndpi_detection_module_struct *ndpi_str,
char *ip, u_int32_t *asn);
int ndpi_get_geoip_country_continent(struct ndpi_detection_module_struct *ndpi_str, char *ip,
char *country_code, u_int8_t country_code_len,
char *continent, u_int8_t continent_len);
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error detected with valgrind.
==125883== Conditional jump or move depends on uninitialised value(s)
==125883== at 0x438F57: processClientServerHello (tls.c:1421)
==125883== by 0x43B35A: processTLSBlock (tls.c:712)
==125883== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125883== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426)
==125883== by 0x42E920: ndpi_detection_process_packet (ndpi_main.c:5301)
==125916== Conditional jump or move depends on uninitialised value(s)
==125916== at 0x438D7D: processClientServerHello (tls.c:1379)
==125916== by 0x43B35A: processTLSBlock (tls.c:712)
==125916== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125916== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426)
==125932== Conditional jump or move depends on uninitialised value(s)
==125932== at 0x438C1D: processClientServerHello (tls.c:1298)
==125932== by 0x43B35A: processTLSBlock (tls.c:712)
==125932== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125932== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426)
==125950== Conditional jump or move depends on uninitialised value(s)
==125950== at 0x438D4F: processClientServerHello (tls.c:1371)
==125950== by 0x43B35A: processTLSBlock (tls.c:712)
==125950== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125950== by 0x42C079: check_ndpi_detection_func (ndpi_main.c:4443)
|
| |
|
| |
See #1148
|
| | |
|
| |
|
|
| |
remote assistance sessions
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Message length checks and basic headers are not uniform across GTP-U,
GTP-C and GTP-PRIME.
Note that, even if the length checks were wrong, the GTP sessions were almost
always correctly classified because of the "guessing" algorithm.
This patch has been tested with GTP-U, GTP-C-V1, GTP-C-V2 and GPT-PRIME-V2
traffic using ndpiReader with "-d" flag (to avoid "guessing" algorithm) and
without "-t" flag (to avoid GTP-U de-tunneling).
See #1148
|
| | |
|
| |
|
| |
Fix memory error with ipv6 traffic
|
| | |
|
| | |
|
| | |
|
| | |
|