aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
...
* STUN: fix Skype/MsTeams detection and monitoring logic (#2028)Ivan Nardi2023-07-03
|
* STUN: tell RTP from RTCP while in monitoring state (#2027)Ivan Nardi2023-06-27
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* Simplify the report of streaming multimedia info (#2026)Ivan Nardi2023-06-26
| | | | | The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are pretty much identical: rename the former in `flow->flow_multimedia_type` and remove the latter.
* Thrift: fix heap-buffer-overflow (#2024)Ivan Nardi2023-06-26
|
* Optimizes and fixes possible out0of0boundary write in ndpi_fill_prefix_v4()Luca Deri2023-06-23
|
* RTP: rework code (#2021)Ivan Nardi2023-06-23
| | | | | | | Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
* minor fixes (#2023)Ivan Kapranov2023-06-22
| | | | | fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* removed useless call of ndpi_set_risk func (#2022)Ivan Kapranov2023-06-22
|
* Compilation fixLuca Deri2023-06-22
|
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Waring fixLuca Deri2023-06-21
|
* Gnutella: improve detection (#2019)Ivan Nardi2023-06-21
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
| | | | TCP framing is optional
* STUN: improve WhatsappCall detectionNardi Ivan2023-06-21
|
* Line: fix heap-buffer-overflow error (#2015)Ivan Nardi2023-06-21
|
* STUN: keep monitoring/processing STUN flows (#2012)Ivan Nardi2023-06-21
| | | | Look for RTP packets in the STUN sessions. TODO: tell RTP from RTCP
* Fix access to packet/flow information (#2013)Ivan Nardi2023-06-17
| | | We can't access to `ndpi_str->packet` from `ndpi_detection_giveup()`
* Reworked teams handlingLuca Deri2023-06-15
|
* Fix compilation (#2011)Ivan Nardi2023-06-15
|
* Implemented Zoom/Teams stream type detectionLuca Deri2023-06-14
|
* Improved line protocol dissection with heuristicLuca Deri2023-06-13
|
* Refreshed ASN listsLuca Deri2023-06-13
| | | | Enhanced the Line IP list with https://ipinfo.io/AS23576/125.209.252.0/24 used by line
* Added check to avoid skype heuristic false positivesLuca Deri2023-06-12
|
* Set _DEFAULT_SOURCE and _GNU_SOURCE globally. (#2010)Toni2023-06-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix missing u_char, u_short and u_int typedefs for some platforms e.g.: (#2009)Toni2023-06-12
| | | | | | | | | | In file included from ../include/ndpi_main.h:34, from ../include/ndpi_api.h:28, from protocols/activision.c:26: ../include/ndpi_typedefs.h:294:3: error: unknown type name 'u_char' 294 | u_char h_dest[6]; /* destination eth addr */ | ^~~~~~ Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added vlan_id in ndpi_flow2json() prototypeLuca Deri2023-06-09
|
* QUIC: fix dissection of packets forcing VNNardi Ivan2023-06-08
|
* QUIC: fix a memory access errorNardi Ivan2023-06-08
| | | | Found while fuzzing
* QUIC: add support for QUIC version 2Nardi Ivan2023-06-08
| | | | | | See: https://www.rfc-editor.org/rfc/rfc9369.txt Old v2-01 version has been removed, since it has never been really used.
* ProtonVPN: add basic detection (#2006)Ivan Nardi2023-06-08
|
* Numeric truncation at `tls.c:1010` (#2005)headshog2023-06-08
| | | | | * fixed numtrunc error in protocols/tls.c * fixed build error for tls.c
* added new domain names (#2002)zehraIn2023-06-01
| | | | | | | | | * added new domain names * Sync unit tests results --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add bitcoing protocol dissector. (#1992)Maatuq2023-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add bitcoing protocol dissector. * remove bitcoin protcol detection from mining.c * add a new bitcoin deissector. * add a new category: Cryptocurrency. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * Remove useless checks and add missing windows and docs file. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update affected tests. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * add a brief version. Add notes on the difference between normal bitcoin protocol and the mining protocol. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> * update enable_payload_stat test after dev rebasing. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com> --------- Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Numeric truncation at `ndpi_analyze.c` at lines 101, 104, 107, 110 (#1999)headshog2023-05-30
| | | | | | | | | | | * fixed numeric truncation error in ndpi_analyze.c * fixed numeric truncation error in ndpi_analyze.c x2 * fixed numeric truncation error in ndpi_analyze.c x3 * fixed numeric truncation error in ndpi_analyze.c and printf format * fixed tests
* Changed logging callback function sig. (#2000)Toni2023-05-30
| | | | | * make user data available for any build config Signed-off-by: lns <matzeton@googlemail.com>
* fixed numeric truncation error in ndpi_main.c:6837 (#1998)headshog2023-05-29
|
* Fix some memory errors triggered by allocation failures (#1995)Ivan Nardi2023-05-29
| | | | | | | | | | | | Some low hanging fruits found using nallocfuzz. See: https://github.com/catenacyber/nallocfuzz See: https://github.com/google/oss-fuzz/pull/9902 Most of these errors are quite trivial to fix; the only exception is the stuff in the uthash. If the insertion fails (because of an allocation failure), we need to avoid some memory leaks. But the only way to check if the `HASH_ADD_*` failed, is to perform a new lookup: a bit costly, but we don't use that code in any critical data-path.
* Avoid calling `ndpi_reconcile_protocols()` twice in ↵Ivan Nardi2023-05-29
| | | | | | `ndpi_detection_giveup()` (#1996) `ndpi_reconcile_protocols()` is already called by `ndpi_set_detected_protocol()`
* Fix an heap-buffer-overflow (#1994)Ivan Nardi2023-05-29
| | | | | | | | | | | | | | | | | | ``` ==32439==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000000080 at pc 0x564a9a1639ac bp 0x7ffc77d42e20 sp 0x7ffc77d42e18 READ of size 1 at 0x604000000080 thread T0 #0 0x564a9a1639ab in ndpi_check_punycode_string /home/ivan/svnrepos/nDPI/src/lib/ndpi_utils.c:98:12 #1 0x564a9a26025a in ndpi_match_host_subprotocol /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8652:6 #2 0x564a9a33e45c in ndpi_http_parse_subprotocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:446:9 #3 0x564a9a3354b8 in check_content_type_and_change_protocol /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:921:3 #4 0x564a9a32dc8b in process_request /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1237:3 #5 0x564a9a329a9c in ndpi_check_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1351:5 #6 0x564a9a3293ed in ndpi_search_http_tcp /home/ivan/svnrepos/nDPI/src/lib/protocols/http.c:1425:3 #7 0x564a9a21c64a in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5906:6 #8 0x564a9a21d057 in check_ndpi_tcp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5954:12 ``` Found by oss-fuzzer. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59393
* Remove some useless checks (#1993)Ivan Nardi2023-05-28
| | | | | | In the main dissector callbacks the flow protocols are (almost) always unknown. Only two exceptions: * extra dissection data path * HTTP sub-protocols
* Add support for Epic Games and GeForceNow/Nvidia (#1990)Ivan Nardi2023-05-27
|
* Improve detection of Alibaba flows (#1991)Ivan Nardi2023-05-27
|
* Fixed invalid use of ndpi_free(). Sorry, my fault. (#1988)Toni2023-05-24
| | | | | | | | | | | | | | | * Fixed invalid use of ndpi_free(). Sorry, my fault. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Fine tuned symbol check script. * added check for expected syms in modules Signed-off-by: Toni Uhlig <matzeton@googlemail.com> --------- Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cosmetic changesLuca Deri2023-05-23
|
* Improved missing usage of nDPIs malloc wrapper. Fixes #1978. (#1979)Toni2023-05-20
| | | | | * added CI check Signed-off-by: lns <matzeton@googlemail.com>
* Made VK protocol detection more strictLuca Deri2023-05-20
|
* Added scripts to auto generate hostname/SNI *.inc files. (#1984)Toni2023-05-20
| | | | | * add illegal gambling sites (Belgium) Signed-off-by: lns <matzeton@googlemail.com>
* fixed numeric truncation errorheadshog2023-05-20
|
Powered by cgit, Themed by Ted Yin.