aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* websocket: `ndpi_set_detected_protocol()` should be called only onceHEADdevIvan Nardi5 days
| | | | Fix: b07a910dc
* DNS: `ndpi_match_host_subprotocol()` should be called only onceIvan Nardi5 days
|
* websocket: `ndpi_set_detected_protocol()` should be called only once (#2911)Ivan Nardi5 days
|
* Rework classification in `ndpi_match_host_subprotocol()`-like functions (#2910)Ivan Nardi5 days
|
* Jabber: proper subclassification of TruPhoneIvan Nardi6 days
|
* Remove some hack for Google traffic in `ndpi_reconcile_protocols()`Ivan Nardi6 days
|
* Fix `ndpi_reconcile_protocols` with classification by port/ipIvan Nardi6 days
|
* Fix classification with nBPF rulesIvan Nardi6 days
|
* TypoLuca Deri6 days
|
* fuzz: extend fuzzing coverageIvan Nardi13 days
| | | | Remove some unused code
* Bittorrent: update default ports (#2902)Ivan Nardi13 days
|
* STUN: don't check `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` flow risk (#2901)Ivan Nardi13 days
|
* Viber: fix categoryIvan Nardi13 days
|
* TypoLuca Deri13 days
|
* TypoLuca Deri13 days
|
* Classify Tracking/ADS/Analytics traffic only via category (#2900)Ivan Nardi13 days
| | | See 3a243bb40 for similar work about porn and LLM
* Added new protocol categoriesLuca Deri13 days
|
* IndentLuca Deri13 days
|
* If `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` risk is disabled, avoid some ↵Ivan Nardi13 days
| | | | work (#2899)
* Create a wrapper to check for `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` ↵Ivan Nardi14 days
| | | | | risk (#2898) No real change
* New API to enable/disable protocols. Removed ↵Ivan Nardi14 days
| | | | | | | | | | | | | | | | | | | | | | | | | | `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2894) Change the API to enable/disable protocols: you can set that via the standard `ndpi_set_config()` function, as every configuration parameters. By default, all protocols are enabled. Split the (local) context initialization into two phases: * `ndpi_init_detection_module()`: generic part. It does not depend on the configuration and on the protocols being enabled or not. It also calculates the real number of internal protocols * `ndpi_finalize_initialization()`: apply the configuration. All the initialization stuff that depend on protocols being enabled or not must be put here This is the last step to have the protocols number fully calculated at runtime Remove a (now) useless fuzzer. Important API changes: * remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` define * remove `ndpi_get_num_internal_protocols()`. To get the number of configured protocols (internal and custom) you must use `ndpi_get_num_protocols()` after having called `ndpi_finalize_initialization()`
* Fix heap-buffer-overflow (#2896)Ivan Nardi2025-06-22
| | | | | | | | | | | | | | ``` ================================================================= ==33955==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x742759c04838 at pc 0x6202855bdeda bp 0x7ffcfb602bf0 sp 0x7ffcfb602be8 READ of size 2 at 0x742759c04838 thread T0 #0 0x6202855bded9 in ndpi_handle_rule /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5513:40 #1 0x6202855b9b7a in load_protocols_file_fd /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6333:8 #2 0x62028556b29e in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols.c:18:3 #3 0x62028546684f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/ivan/svnrepos/nDPI/fuzz/fuzz_filecfg_protocols+0x70484f) (BuildId: 24c11efa0800dbd23c38b07e76cdc510388e6f85) ``` Found by oss-fuzzer. See: https://issues.oss-fuzz.com/issues/426164365?pli=1
* Rework default ports initialization (#2893)Ivan Nardi2025-06-20
| | | | | | | Default ports trees are initialized during `ndpi_finalize_initialization()` Make `ndpi_init_detection_module()` less likely to fail, because there are less memory allocations.
* Merged protocols (now free to use) into existing categoriesLuca Deri2025-06-17
| | | | | - AdultContent -> Category Adult Content - LLM -> Category Artificial Intelligence
* Renamed custom protocol labelsLuca Deri2025-06-17
|
* Rework `ndpi_init_detection_module_ext()` (#2888)Ivan Nardi2025-06-17
|
* Faster configuration (#2887)Ivan Nardi2025-06-17
|
* Move dissectors initialization to `ndpi_finalize_initialization()` (#2886)Ivan Nardi2025-06-17
|
* Fix double-free on domain reloadIvan Nardi2025-06-17
| | | | | | | | | | | | | | ``` ==20045==ERROR: AddressSanitizer: attempting double-free on 0x7c95733e1c00 in thread T0: #0 0x5648d814034a in free build-llvm/tools/clang/stage2-bins/runtimes/runtimes-bins/compiler-rt/lib/asan/asan_malloc_linux.cpp:51:3 #1 0x7f457408532f in _IO_deallocate_file libio/libioP.h:958:3 #2 0x7f457408532f in fclose libio/iofclose.c:74:3 #3 0x5648d8102b90 in fclose build-llvm/tools/clang/stage2-bins/runtimes/runtimes-bins/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6434:13 #4 0x5648d81b00d4 in ndpi_load_domain_suffixes /home/ivan/svnrepos/nDPI/src/lib/ndpi_domains.c:79:3 #5 0x5648d8188a6f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_config.cpp:103:5 ``` Found by oss-fuzz
* Prelimary work to remove `NDPI_LAST_IMPLEMENTED_PROTOCOL` (#2885)Ivan Nardi2025-06-16
|
* Added missing ndpi_is_custom_category() the ndpi_api.hLuca Deri2025-06-16
| | | | Fixed ndpi_is_custom_category() and ndpi_is_custom_protocol(0 prototypes so that now return a bool
* No limits on the number of (custom) protocols (#2875)Ivan Nardi2025-06-16
| | | | | | | | | | | | | | | | The hard limit of total number of protocols (internal and custom) is ~65535, because protocol ids are `u_int16_t`... API changes: 1. From `NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS` to `ndpi_get_num_protocols()` (after having called `ndpi_finalize_initialization()`); 2. From `proto_id >= NDPI_MAX_SUPPORTED_PROTOCOLS` to `ndpi_is_custom_protocol(proto_id)` (after having called `ndpi_finalize_initialization()`); Close #2136 Close #2545
* Check `ndpi_finalize_initialization()` return value (#2884)Ivan Nardi2025-06-14
|
* Rework sanity checks and remove some functions from API (#2882)Ivan Nardi2025-06-12
|
* TCP fingerprint: fix an undefined-shiftIvan Nardi2025-06-11
| | | | | | | | | ``` ndpi_main.c:7905:33: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' ``` Found by oss-fuzz. See: https://issues.oss-fuzz.com/issues/423959691
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
* Simplify `ndpi_internal_detection_process_packet()` (#2877)Ivan Nardi2025-06-10
| | | Simplify process of each packet
* TCP fingerprint: fix an heap-buffer-overflow (#2876)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | ``` ================================================================= ==17655==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x71053b8a702a at pc 0x5e6f1ed825a2 bp 0x7095389f1d10 sp 0x7095389f1d08 READ of size 1 at 0x71053b8a702a thread T1 #0 0x5e6f1ed825a1 in ndpi_init_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7890:10 #1 0x5e6f1ed94bb2 in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:9768:6 #2 0x5e6f1ed92f9f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:10065:22 #3 0x5e6f1ebe7a2e in packet_processing /home/ivan/svnrepos/nDPI/example/reader_util.c:1985:31 #4 0x5e6f1ebdffd2 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:2730:10 #5 0x5e6f1ea5da49 in ndpi_process_packet /home/ivan/svnrepos/nDPI/example/ndpiReader.c:4751:7 #6 0x74953c48763e (/lib/x86_64-linux-gnu/libpcap.so.0.8+0x2d63e) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) #7 0x74953c4688e7 in pcap_loop (/lib/x86_64-linux-gnu/libpcap.so.0.8+0xe8e7) (BuildId: d0c6c787d35246d7107d600c893454c1fcbaf262) ``` Found by oss-fuzz
* Cosmetic changesLuca Deri2025-06-09
| | | | Added ndpi finalization in case protocols are dumped
* Simplified codeLuca Deri2025-06-09
|
* Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`Ivan Nardi2025-06-09
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* Add category and breed support for custom rules (#2872)Vladimir Gavrilov2025-06-08
| | | Close #2594
* Fixes invalid SSH client/server detection based on stage and not on packet ↵Luca Deri2025-06-08
| | | | direction
* Sync unit tests results and fix `NDPI_HTTP_SUSPICIOUS_HEADER` (#2874)Ivan Nardi2025-06-08
|
* Improved HTTP risk reportLuca Deri2025-06-08
| | | | PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
* Normalize breed/category names: use _ instead of spaces and slashes (#2873)Vladimir Gavrilov2025-06-07
|
* Compilation fix on old platformsLuca Deri2025-06-06
|
* Added IMO and Badoo filesLuca Deri2025-06-06
|
* Dynamic allocation of `ndpi_struct->proto_defaults[]` (#2866)Ivan Nardi2025-06-06
| | | | | | | | Partial revert of 88bfe2cf0: in the trees we save the index and no more a pointer to `ndpi_struct->proto_defaults[]`. Remove same functions from public API See #2136
Powered by cgit, Themed by Ted Yin.