libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Replaced malicious JA3-md5/SSL-cert-sha1 ac automata with hashmaps.	Toni Uhlig	2022-07-04
\| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Update host content list match (#1633)	Ivan Nardi	2022-07-04
\| \| \| \|	Improve classifications of Outlook, Cachefly, Cloudflare, Tiktok and Cybersecurity.
*	Added Psiphon detection patterns. See #566 and #1099. (#1631)	Toni	2022-07-04
\| \| \| \| \|	* The traces are not up to date, but this is the best we got so far. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	OCSP: improve detection (#1629)	Ivan Nardi	2022-07-04
\|
*	Added i3D and RiotGames protocol dissectors. (#1609)	Toni	2022-07-03
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	TargusDataspeed: avoid false positives (#1628)	Ivan Nardi	2022-07-03
\| \| \| \| \|	TargusDataspeed dissector doesn't perform any real DPI checks but it only looks at the TCP/UDP ports. Delete it, and use standard logic to classify these flows by port.
*	Update ASN/IPs lists (#1627)	Ivan Nardi	2022-07-03
\|
*	bins: add support for 64bit bins (#1626)	Ivan Nardi	2022-07-03
\|
*	Skinny: rework and improve classification (#1625)	Ivan Nardi	2022-07-03
\|
*	Skype_Teams, Mining, SnapchatCall: fix flow category (#1624)	Ivan Nardi	2022-07-03
\|
*	Minor changes in how classification results are set (#1623)	Ivan Nardi	2022-07-03
\| \| \| \| \|	Protocol classification should always be set via `ndpi_set_detected_protocol()`: this way, the values in `flow->detected_protocol_stack[]` are always coherent.
*	Usenet: improve dissection (#1622)	Ivan Nardi	2022-07-03
\|
*	Fix category for mail sessions (#1621)	Ivan Nardi	2022-07-03
\| \| \|	Close #629
*	TLS: add support for old DTLS versions and for detection of mid-sessions (#1619)	Ivan Nardi	2022-07-03
\|
*	Fix a compilation warning (#1620)	Ivan Nardi	2022-07-03
\| \| \| \| \| \| \| \|	With clang-15 (nightly build) ``` In file included from ndpi_bitmap.c:39: ./third_party/src/roaring.cc:14233:13: warning: variable 'run_count' set but not used [-Wunused-but-set-variable] int run_count = 0; ```
*	Improved TFTP. Dissect Read/Write Request filenames. (#1617)	Toni	2022-07-03
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Added Cloudflare WARP detection patterns. (#1615) (#1616)	Toni	2022-07-02
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Fixed SMTP default port 587	Luca Deri	2022-07-02
\|
*	Added TunnelBear VPN detection patterns. (#1615)	Toni	2022-07-01
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Updated (C)	Luca Deri	2022-06-30
\|
*	Removed space from "Genshin Impact"	Luca Deri	2022-06-30
\|
*	Renamed Z39.50 -> Z3950 as the '.' breaks the naming convention	Luca	2022-06-28
\| \| \| \|	QUIC is a network protocol
*	Enhanced TLS risk info reported to users	Luca Deri	2022-06-28
\|
*	Added default port for syslog TCP	Luca Deri	2022-06-27
\|
*	Fix compilation and sync unit tests results (#1606)	Ivan Nardi	2022-06-20
\|
*	Added unidirectional traffic flow risk	Luca Deri	2022-06-20
\|
*	Improved SOAP via HTTP. (#1605)	Toni	2022-06-18
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Improved GenshinImpact protocol dissector. (#1604)	Toni	2022-06-18
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Added collectd dissector (again). (#1601)	Toni	2022-06-17
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Replaced nDPI's internal hashmap with uthash. (#1602)	Toni	2022-06-17
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Improved IPSec/ISAKMP detection. (#1600)	Toni	2022-06-16
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Add support for PIM (Protocol Indipendent Multicast) protocol (#1599)	Ivan Nardi	2022-06-15
\| \| \|	Close #1598
*	Improved WhatsApp detection. (#1595)	Toni	2022-06-14
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Fix invalid memory access (#1596)	Ivan Nardi	2022-06-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We can access `flow->protos` union only after checking the protocol. Checking `flow->detected_protocol.master_protocol` is redundant because we already check it in `is_ndpi_proto` ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==29739==ERROR: AddressSanitizer: SEGV on unknown address 0x000000353820 (pc 0x7f9b64dd2717 bp 0x7fff161a52f0 sp 0x7fff161a4aa8 T0) ==29739==The signal is caused by a READ memory access. #0 0x7f9b64dd2717 /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/strlen-avx2.S:96 #1 0x555c65e597d8 in __interceptor_strlen (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x6407d8) (BuildId: 11ac8ec30f1d49fb0276c9b03368e491505d2bba) #2 0x555c65fd85fa in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:269:13 #3 0x555c65f3e8c6 in process_ndpi_collected_info /home/ivan/svnrepos/nDPI/example/reader_util.c:1188:36 #4 0x555c65f52cab in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1567:2 #5 0x555c65f4b632 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2110:10 #6 0x555c65f04d29 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:109:7 #7 0x555c65f054bb in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:181:17 #8 0x7f9b64c6e082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #9 0x555c65e4253d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x62953d) (BuildId: 11ac8ec30f1d49fb0276c9b03368e491505d2bba) ``` Found by oss-fuzzer. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48020
*	DNS: fix TTL check and sync unit test results (#1594)	Ivan Nardi	2022-06-14
\|
*	Updated DNS alert triggered only with TTL == 0	Luca Deri	2022-06-14
\|
*	Restored ndpi_set_proto_defaults() prototype	Luca Deri	2022-06-13
\| \| \| \|	Updated test results
*	Added check for DGA names that resolve to a valid record	Luca Deri	2022-06-13
\|
*	Improved DNS traffic analysis	Luca Deri	2022-06-13
\| \| \| \|	Added ability to identify application and network protocols
*	Added DNS record TTL check	Luca Deri	2022-06-13
\|
*	Added gprof CPU/HEAP profiling support. (#1592)	Toni	2022-06-12
\| \| \| \| \|	* Some small auto{conf,make} improvements Signed-off-by: lns <matzeton@googlemail.com>
*	Added Pragmatic General Multicast (PGM) protocol detection	Luca Deri	2022-06-08
\|
*	Dissect host line if SSDP contains such. (#1586)	Toni	2022-06-07
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Reimplemented 1kxun application protocol. (#1585)	Toni	2022-06-06
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Fixed syslog false negatives. (#1582)	Toni	2022-06-05
\| \| \| \| \|	- RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns <matzeton@googlemail.com>
*	Fix some debug messages (#1583)	Ivan Nardi	2022-06-05
\| \| \|	Increase max number of flows handled during fuzzing
*	Fixed invalid DHCP dissection	Luca Deri	2022-06-05
\|
*	Fixed DHCP dissection bug	Luca Deri	2022-06-05
\|
*	Added RSH dissector. Fixes #202. (#1581)	Toni	2022-06-04
\| \| \| \| \| \|	- added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations Signed-off-by: lns <matzeton@googlemail.com>
*	Add support for GoTo products (mainly GoToMeeting) (#1580)	Ivan Nardi	2022-06-04
\| \| \|	There is some overlap with Citrix protocol.