aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Rework default ports initialization (#2893)Ivan Nardi2025-06-20
| | | | | | | Default ports trees are initialized during `ndpi_finalize_initialization()` Make `ndpi_init_detection_module()` less likely to fail, because there are less memory allocations.
* Merged protocols (now free to use) into existing categoriesLuca Deri2025-06-17
| | | | | - AdultContent -> Category Adult Content - LLM -> Category Artificial Intelligence
* Renamed custom protocol labelsLuca Deri2025-06-17
|
* Rework `ndpi_init_detection_module_ext()` (#2888)Ivan Nardi2025-06-17
|
* Faster configuration (#2887)Ivan Nardi2025-06-17
|
* Move dissectors initialization to `ndpi_finalize_initialization()` (#2886)Ivan Nardi2025-06-17
|
* Fix double-free on domain reloadIvan Nardi2025-06-17
| | | | | | | | | | | | | | ``` ==20045==ERROR: AddressSanitizer: attempting double-free on 0x7c95733e1c00 in thread T0: #0 0x5648d814034a in free build-llvm/tools/clang/stage2-bins/runtimes/runtimes-bins/compiler-rt/lib/asan/asan_malloc_linux.cpp:51:3 #1 0x7f457408532f in _IO_deallocate_file libio/libioP.h:958:3 #2 0x7f457408532f in fclose libio/iofclose.c:74:3 #3 0x5648d8102b90 in fclose build-llvm/tools/clang/stage2-bins/runtimes/runtimes-bins/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6434:13 #4 0x5648d81b00d4 in ndpi_load_domain_suffixes /home/ivan/svnrepos/nDPI/src/lib/ndpi_domains.c:79:3 #5 0x5648d8188a6f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_config.cpp:103:5 ``` Found by oss-fuzz
* Prelimary work to remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2885)Ivan Nardi2025-06-16
|
* Added missing ndpi_is_custom_category() the ndpi_api.hLuca Deri2025-06-16
| | | | Fixed ndpi_is_custom_category() and ndpi_is_custom_protocol(0 prototypes so that now return a bool
* No limits on the number of (custom) protocols (#2875)Ivan Nardi2025-06-16
| | | | | | | | | | | | | | | | The hard limit of total number of protocols (internal and custom) is ~65535, because protocol ids are `u_int16_t`... API changes: 1. From `NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS` to `ndpi_get_num_protocols()` (after having called `ndpi_finalize_initialization()`); 2. From `proto_id >= NDPI_MAX_SUPPORTED_PROTOCOLS` to `ndpi_is_custom_protocol(proto_id)` (after having called `ndpi_finalize_initialization()`); Close #2136 Close #2545
* Check `ndpi_finalize_initialization()` return value (#2884)Ivan Nardi2025-06-14
|
* Rework sanity checks and remove some functions from API (#2882)Ivan Nardi2025-06-12
|
* TCP fingerprint: fix an undefined-shiftIvan Nardi2025-06-11
| | | | | | | | | ``` ndpi_main.c:7905:33: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' ``` Found by oss-fuzz. See: https://issues.oss-fuzz.com/issues/423959691
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
* Simplify `ndpi_internal_detection_process_packet()` (#2877)Ivan Nardi2025-06-10
| | | Simplify process of each packet
* TCP fingerprint: fix an heap-buffer-overflow (#2876)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | ``` ================================================================= ==17655==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x71053b8a702a at pc 0x5e6f1ed825a2 bp 0x7095389f1d10 sp 0x7095389f1d08 READ of size 1 at 0x71053b8a702a thread T1 #0 0x5e6f1ed825a1 in ndpi_init_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7890:10 #1 0x5e6f1ed94bb2 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:9768:6 #2 0x5e6f1ed92f9f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:10065:22 #3 0x5e6f1ebe7a2e in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1985:31 #4 0x5e6f1ebdffd2 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2730:10 #5 0x5e6f1ea5da49 in ndpi_process_packet /home/ivan/svnrepos/nDPI/example/ndpiReader.c:4751:7 #6 0x74953c48763e (/lib/x86_64-linux-gnu/libpcap.so.0.8+0x2d63e) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) #7 0x74953c4688e7 in pcap_loop (/lib/x86_64-linux-gnu/libpcap.so.0.8+0xe8e7) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) ``` Found by oss-fuzz
* Cosmetic changesLuca Deri2025-06-09
| | | | Added ndpi finalization in case protocols are dumped
* Simplified codeLuca Deri2025-06-09
|
* Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`Ivan Nardi2025-06-09
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* Add category and breed support for custom rules (#2872)Vladimir Gavrilov2025-06-08
| | | Close #2594
* Fixes invalid SSH client/server detection based on stage and not on packet ↵Luca Deri2025-06-08
| | | | direction
* Sync unit tests results and fix `NDPI_HTTP_SUSPICIOUS_HEADER` (#2874)Ivan Nardi2025-06-08
|
* Improved HTTP risk reportLuca Deri2025-06-08
| | | | PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
* Normalize breed/category names: use _ instead of spaces and slashes (#2873)Vladimir Gavrilov2025-06-07
|
* Compilation fix on old platformsLuca Deri2025-06-06
|
* Added IMO and Badoo filesLuca Deri2025-06-06
|
* Dynamic allocation of `ndpi_struct->proto_defaults[]` (#2866)Ivan Nardi2025-06-06
| | | | | | | | Partial revert of 88bfe2cf0: in the trees we save the index and no more a pointer to `ndpi_struct->proto_defaults[]`. Remove same functions from public API See #2136
* Add ndpi_get_breed_by_name (#2870)Vladimir Gavrilov2025-06-05
|
* Speed up category lookup in ndpi_get_category_id() (#2869)Vladimir Gavrilov2025-06-05
| | | | Implements same optimization pattern as #2867 No behavior changes, just faster lookup
* Speed up protocol lookup in ndpi_get_proto_by_name (#2867)Vladimir Gavrilov2025-06-05
|
* Improved HTTP risk message reportLuca Deri2025-06-05
|
* Split `ndpi_set_proto_defaults()` logic (#2864)Ivan Nardi2025-06-03
| | | | | | | | | Split the internal logic: * update `ndpi_str->proto_defaults[]` array * update the `default_ports_tree_node_t` trees This is a preliminary work to have dynamic allocated `ndpi_str->proto_defaults[]`, because in the tree we have a pointer to the array entries
* Remove `ndpi_set_proto_defaults()` from the API (#2863)Ivan Nardi2025-06-03
| | | Add an explicit field to indicate if the protocol is custom or internal
* Hamachi: improve handshake check (#2861)Vladimir Gavrilov2025-06-03
|
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Add Hamachi protocol detection support (#2860)Vladimir Gavrilov2025-06-02
|
* Added boundary fixLuca Deri2025-05-29
|
* Updated bots and scanners listLuca Deri2025-05-29
| | | | Improved lists file parsing
* Compilation fixLuca Deri2025-05-29
|
* Added ndpi_load_protocols_dir() API call for loading IP-based protocol detectionLuca Deri2025-05-28
| | | | Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
* Fix configuration of ip lists of flow risks (#2859)Ivan Nardi2025-05-28
| | | | | Add some new tests about these configuration parameters. Close #2858
* Improved detection of TCP scannersLuca Deri2025-05-27
|
* Allow to specify default ports also via range (#2856)Ivan Nardi2025-05-27
| | | Ad a trivial example, update SIP configuration to use range
* TypoLuca Deri2025-05-27
|
* Reworked fingerprint codeLuca Deri2025-05-26
|
* Better separation between "protocols" and "dissectors" (#2855)Ivan Nardi2025-05-26
| | | Callback functions are about dissectors, not protocols
* BFCP: fix check on payload length and extract metadata (#2854)Ivan Nardi2025-05-26
| | | | | | We should be able to identified this protocol on the first packet, without keeping any state Close #2745
* Added boundary checkLuca Deri2025-05-26
|
Powered by cgit, Themed by Ted Yin.