aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Move `rtp` info out of `flow->protos` (#2739)Ivan Nardi2025-02-21
| | | | | Thiw way, the code is ready to handle rtp info from STUN flows too. And, most important, this change works as workaround to fix some crashes reported by oss-fuzz
* Fix build error due to an unused static function in the p17m fuzzer. (#2737)Toni2025-02-21
| | | | | * fixed buffer overflow in RTP dissector Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added checkLuca2025-02-21
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* Further domain checksLuca Deri2025-02-19
|
* Fixed bug in domain name computationLuca Deri2025-02-17
|
* SSDP: add configuration for disabling metadata extraction (#2736)Ivan Nardi2025-02-17
|
* DNS: rework "extra-dissection" code (#2735)Ivan Nardi2025-02-17
|
* added metadata fields for M-NOTIFY (#2733)Ivan Kapranov2025-02-17
|
* Fix/restore some public defines (#2734)Ivan Nardi2025-02-17
| | | See 6899f6c17 and 9bf513b34
* Added definesLuca Deri2025-02-16
|
* Reworked memory allocationLuca Deri2025-02-16
|
* DNS: fix message parsing (#2732)Ivan Nardi2025-02-16
|
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* DNS: fix parsing of hostname for empty response messages (#2731)Ivan Nardi2025-02-16
|
* DNS: rework adding entries to the FPC-DNS cache (#2730)Ivan Nardi2025-02-16
| | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support
* DNS: improved detection and handling of TCP packets (#2728)Ivan Nardi2025-02-15
|
* DNS: rework code (#2727)Ivan Nardi2025-02-15
|
* Added RUTUBE (#2725)Ivan Kapranov2025-02-15
|
* DNS: fix dissection (#2726)Ivan Nardi2025-02-15
|
* DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724)Ivan Nardi2025-02-15
| | | We already set the same flow risk for invalid request messages
* reworked ntp info extraction (#2723)Ivan Kapranov2025-02-15
|
* DNS: rework code parsing responses (#2722)Ivan Nardi2025-02-14
|
* DNS: rework/isolate code to process domain name (#2721)Ivan Nardi2025-02-13
|
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
* DNS: try to simplify the code (#2718)Ivan Nardi2025-02-12
| | | Set the classification in only one place in the code.
* DNS: fix check for DGA domain (#2716)Ivan Nardi2025-02-11
| | | | If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
* DNS: disable subclassification by default (#2715)Ivan Nardi2025-02-11
| | | | Prelimary change to start supporting multiple DNS transactions on the same flow
* DNS: evaluate all flow risks even if sub-classification is disabled (#2714)Ivan Nardi2025-02-11
|
* dns: fix writing to `flow->protos.dns`Ivan Nardi2025-02-11
| | | | | We can't write to `flow->protos.dns` until we are sure it is a valid DNS flow
* DNS: fix dissection when there is only the response messageIvan Nardi2025-02-11
|
* Removed traceLuca Deri2025-02-10
|
* Added max element number in ndpi_protocol_qoe_category_tLuca Deri2025-02-10
|
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* Introduced QoE (Quality of Experience) protocol classificationLuca Deri2025-02-06
|
* Updated SNI for YandexMetrica and YandexAlice (#2711)Ivan Kapranov2025-02-06
| | | Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* Preliminary work to rework `struct ndpi_flow_struct` (#2705)Ivan Nardi2025-02-04
| | | | | | | | No significant changes: * Move around some fields to avoid holes in the structures. * Some fields are about protocols based only on TCP. * Remove some unused (or set but never read) fields. See #2631
* DNS: another fix about the relationship between FPC and subclassification ↵Ivan Nardi2025-01-31
| | | | | (#2709) See: c669bb314
* Added ndpi_network_ptree6_match() API callLuca Deri2025-01-31
|
* bittorrent: add configuration for "hash" metadata (#2706)Ivan Nardi2025-01-31
| | | Fix confidence value for same TCP flows
* microsoft: another follow-up about auto-generated list of domainsIvan Nardi2025-01-31
|
* HTTP: add configuration for some metadata (#2704)Ivan Nardi2025-01-31
| | | Extend file configuration for just subclassification.
* microsoft: follow-up of 62d64afde about auto-generated list of domains (#2707)Ivan Nardi2025-01-31
|
* Auto-generate Microsoft-related list of domains (#2688)Ivan Nardi2025-01-31
|
* Create a specific configuration for classification only (#2689)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.
* DNS: fix extraction of transactionID field (#2703)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | We can't write to `flow->protos.dns` until we are sure this is a valid DNS packet ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==14729==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x60e876372a86 bp 0x000000000000 sp 0x79392fdf90e0 T1) ==14729==The signal is caused by a READ memory access. ==14729==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x60e876372a86 in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x8b0a86) (BuildId: a9c4718bcd5c3947812b6fd704e203b8bb6f633c) #1 0x60e87640b29f in free (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x94929f) (BuildId: a9c4718bcd5c3947812b6fd704e203b8bb6f633c) #2 0x60e87647b0ec in free_wrapper /home/ivan/svnrepos/nDPI/example/ndpiReader.c:348:3 #3 0x60e876865454 in ndpi_free /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:82:7 #4 0x60e8767f0d4f in ndpi_free_flow_data /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6752:2 #5 0x60e8767abd67 in ndpi_free_flow /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:10449:5 ``` Found by oss-fuzz
* Exported DNS transactionIdLuca Deri2025-01-30
|
* DNS: fix relationship between FPC and subclassification (#2702)Ivan Nardi2025-01-30
| | | Allow optimal FPC even if DNS subclassification is disabled
* Added ndpi_data_jitter() API callLuca Deri2025-01-29
|
Powered by cgit, Themed by Ted Yin.