| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
* detect `chisel` SSH-over-HTTP-WebSocket
* use `strncasecmp()` for `LINE_*` matching macros
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
| |
In very old (G)QUIC versions by Google, the user agent was available on
plain text. That is not true anymore, since about end of 2021.
See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7
|
| |
|
| |
Add a new variable to keep track of internal partial classification
|
| |
|
|
|
| |
Classification "by-port" is the latest possible shot at getting a
classification, when everything else failed: we should always use
the configured ports (as expected by the users, IMO)
|
| | |
|
| |
|
|
|
| |
Even if it is only the proposed value by the client (and not the
negotiated one), it might be use as hint for timeout by the (external)
flows manager
|
| |
|
|
| |
We should set it also for "obsolete"/"insecure" ciphers, not only for
the "weak" ones.
|
| |
|
|
|
| |
ESNI has been superseded by ECH for years, now.
See: https://blog.cloudflare.com/encrypted-client-hello/
Set the existing flow risk if we still found this extension.
|
| |
|
| |
We should use the existing helper
|
| | |
|
| |
|
|
| |
messages when used to browse (old) network devices
|
| |
|
|
|
|
| |
ipv6 addresses already containing "::" token shall
not be searched for ":0:" nor patched
Close #1890
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
```
Running: /home/ivan/Downloads/clusterfuzz-testcase-minimized-fuzz_ndpi_reader_pl7m_simplest_internal-5759495480868864
protocols/dns.c:482:5: runtime error: index 4 out of bounds for type 'u_int8_t[4]' (aka 'unsigned char[4]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:482:5
protocols/dns.c:483:5: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:483:5
protocols/dns.c:490:12: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]')
```
Found by oss-fuzz
See: https://issues.oss-fuzz.com/issues/383911300?pli=1
|
| | |
|
| | |
|
| |
|
| |
Updtae pl7m code (Fix swap-direction mutation)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm>
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Fix: 1bda2bf41
|
| | |
|
| | |
|
| | |
|
| |
|
| |
In the same flow, we can have multiple multimedia types
|
| | |
|
| | |
|
| |
|
|
| |
port that was supposed to be used as default
|
| | |
|
| |
|
|
| |
Let's see if we are able to tell audio from video calls only looking at
RTP Payload Type field...
|
| |
|
|
| |
See #2595 (no sure about the best way to handle the two domains about
games...)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
```
=================================================================
==30923==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50400023cc34 at pc 0x591f8b5dd546 bp 0x7ffe5ffc3530 sp 0x7ffe5ffc3528
READ of size 1 at 0x50400023cc34 thread T0
#0 0x591f8b5dd545 in is_sfu_5 /home/ivan/svnrepos/nDPI/src/lib/protocols/zoom.c:146:6
#1 0x591f8b5dda11 in zoom_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/zoom.c:166:6
#2 0x591f8b22182f in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8156:9
#3 0x591f8b236f88 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8793:5
```
Found by oss-fuzz
See: https://issues.oss-fuzz.com/issues/379072455
|
| |
|
|
| |
Implemented Mikrotik JSON serialization
|
| | |
|
| |
|
|
| |
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
|
| |
|
|
| |
(#2618)
|
| | |
|
| |
|
| |
Extend content match list
|