aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
...
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* Fixed endian issue while DEBUG_PROTOBUF is enabled. (#2112)Toni2023-10-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved detection as non DGA for hostnames belnging to a CDN (#2068)Luca Deri2023-10-23
|
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved CryNetwork protocol dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Remote Management Control Protocol (RMCP).Toni Uhlig2023-10-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved Steam detection by adding steamdiscover pattern. (#2105)Toni2023-10-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed OpenWRT arm related build issues. (#2104)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed two OpenWRT arm related build issues. (#2103)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Windows warning checksLuca Deri2023-10-16
|
* fuzz: extend fuzzing coverageNardi Ivan2023-10-15
|
* Added NDPI_MALWARE_HOST_CONTACTED flow riskLuca Deri2023-10-13
|
* Fix for buffer overflow in serializationLuca2023-10-11
|
* Improved MGCP detection by allowing '\r' as line feed.lns2023-10-11
| | | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: export QUIC version as metadataNardi Ivan2023-10-11
|
* Serialization fixLuca Deri2023-10-11
|
* fuzzing: extend fuzzing coverageNardi Ivan2023-10-09
| | | | | Try fuzzing some functions which write to file/file descriptor; to avoid slowing the fuzzer, close its stdout
* fuzz: extend fuzzing coverageNardi Ivan2023-10-07
|
* version of dirent.c that is liked by both VC++ and MinGWLuca Deri2023-10-05
|
* Windows code reworkLuca Deri2023-10-05
|
* Windows compilation fixesLuca Deri2023-10-05
|
* Win include changeLuca Deri2023-10-05
|
* Added HAProxy protocol. (#2088)Toni2023-10-02
| | | | | | * fixed tests/do.sh.in failure print Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cleaned up mining datastructureLuca2023-09-27
|
* Added printf/fprintf replacement for some internal modules. (#1974)Toni2023-09-26
| | | | | | * logging is instead redirected to `ndpi_debug_printf` Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Renamed HTTP/2 to HTTP2 as the '/' can have side effects with applications ↵Luca Deri2023-09-20
| | | | sitting on top of nDPI
* Fix some prototypes (#2085)Ivan Nardi2023-09-18
| | | | | ``` error: function declaration isn’t a prototype [-Werror=strict-prototypes] ```
* Add support for (un-encrypted) HTTP/2 (#2087)Ivan Nardi2023-09-18
| | | | Plaintext HTTP/2 is quite rare on the general "internet" but it is used in some private networks (example: 5G core network)
* fuzz: extend fuzzing coverageNardi Ivan2023-09-16
|
* Add `ndpi_domain_classify_finalize()` function (#2084)Ivan Nardi2023-09-12
| | | | | | | | | The "domain classify" data structure is immutable, since it uses "bitmap64". Allow to finalize it before starting to process packets (i.e. before calling `ndpi_domain_classify_contains()`) to avoid, in the data-path, all the memory allocations due to compression. Calling `ndpi_domain_classify_finalize()` is optional.
* tftp: check incrementation for DATA and ACK packetsThomas Winter2023-09-12
| | | | | | | | | | | | | The 2 bytes following the opcode for DATA and ACK packets are the block number and this should be incrementing every packet. We should check to see that this is occurring otherwise false matches can occur, eg L2TPv3 over UDP matches the DATA opcode but the next two bytes are always zero. Remove the DATA max block size assumption since this can be false if the blksize option is used to increase it. Fixes #2070
* tftp: check for Option AcknowledgementsThomas Winter2023-09-12
| | | | | | | | | TFTP Option Acknowledgement packets were being excluded. When a read/write request contains options, an Option Acknowledgement is returned that contains the option strings that the transaction will use. The options sent in the request are not compared with what was acknowledged.
* tftp: rework request checking to account for optionsThomas Winter2023-09-12
| | | | | | | | | | | | | | | | | Read and write requests were not handling options. The existing code inspecting request messages assumed that the string before the end of the payload was the mode and that the filename length depended on the mode length. However the first two strings are the filename and mode which can be followed by any number of option strings. Rework the checking of the filename and mode to just search the first two strings which should always exist. Any options after that are ignored. Absence of the filename or mode is now excludes the TFTP protocol. Absence of the filename no longer is considered malformed packet because it can match other protocols falsely.
* Fixes matches with domain name strings that start with a dotLuca Deri2023-09-11
|
* fuzz: add fuzzers to test bitmap64 and domain_classify data structures (#2082)Ivan Nardi2023-09-10
|
* fuzz: add fuzzers to test reader_util code (#2080)Ivan Nardi2023-09-10
|
* Update every ip lists (#2079)Ivan Nardi2023-09-10
|
* Fix some errors found by fuzzers (#2078)Ivan Nardi2023-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix compilation on Windows. "dirent.h" file has been taken from https://github.com/tronkko/dirent/ Fix Python bindings Fix some warnings with x86_64-w64-mingw32-gcc: ``` protocols/dns.c: In function ‘ndpi_search_dns’: protocols/dns.c:775:41: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] 775 | unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname; | ^ protocols/dns.c:775:62: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] 775 | unsigned long first_element_len = (unsigned long)dot - (unsigned long)_hostname; | ``` ``` In file included from ndpi_bitmap64.c:31: third_party/include/binaryfusefilter.h: In function ‘binary_fuse8_hash’: third_party/include/binaryfusefilter.h:160:32: error: left shift count >= width of type [-Werror=shift-count-overflow] 160 | uint64_t hh = hash & ((1UL << 36) - 1); ``` ``` In function ‘ndpi_match_custom_category’, inlined from ‘ndpi_fill_protocol_category.part.0’ at ndpi_main.c:7056:16: ndpi_main.c:3419:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] 3419 | strncpy(buf, name, name_len); ```
* Reworked initializationLuca Deri2023-09-10
|
* Added OperaVPN detectionLuca Deri2023-09-09
|
* Enhance DNS risk for long hostnames (> 32)Luca Deri2023-09-09
|
* Improved detection of invalid chars in DNS namesLuca Deri2023-09-09
|
* Win fixLuca Deri2023-09-08
|
* Added NDPI_TLS_ALPN_SNI_MISMATCH flow riskLuca Deri2023-09-07
|
* CleanupLuca2023-09-07
|
* Disabled debug messageLuca Deri2023-09-05
|
* Minor warning fixesLuca Deri2023-09-05
|
* Improved classification further reducing memory usedLuca Deri2023-09-05
|
Powered by cgit, Themed by Ted Yin.