aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/stun.pcap.out
Commit message (Collapse)AuthorAge
* Unify "Skype" and "Teams" ids (#2687)Ivan Nardi2025-01-20
| | | | | | * Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` -> `NDPI_PROTOCOL_MSTEAMS_CALL` * Rename ip list from "Skype/Teams" to "Teams"
* Remove JA3C output from ndpiReader (#2667)Ivan Nardi2025-01-12
| | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* IPv6: fix bad ipv6 format (#1890) (#2651)paolomonti2024-12-20
| | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* STUN: if the same metadata is found multiple times, keep the first value (#2591)Ivan Nardi2024-10-15
|
* FPC: add DPI information (#2514)Ivan Nardi2024-07-23
| | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* support rtp/rtcp over tcp (#2422) (#2457)Maatuq2024-05-28
| | | | | Support rtp/rtcp over tcp as per rfc4571. Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
* DTLS: fix JA4 fingerprint (#2446)Ivan Nardi2024-05-21
|
* Add extra entropy checks and more precise(?) analysis. (#2383)Toni2024-05-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Remove "zoom" cache (#2420)Ivan Nardi2024-05-06
| | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit.
* TLS: avoid setting `NDPI_TLS_SELFSIGNED_CERTIFICATE` for webrtc traffic (#2417)Ivan Nardi2024-05-06
| | | | | | See RFC8122: it is quite likely that STUN/DTLS/SRTP flows use self-signed certificates Follow-up of b287d6ec8
* STUN: add support for ipv6 in some metadata (#2389)Ivan Nardi2024-04-13
|
* STUN: fix boundary checks on attribute list parsing (#2387)Ivan Nardi2024-04-12
| | | | | Restore all unit tests. Add some configuration knobs. Fix the endianess.
* STUN:Luca Deri2024-04-12
| | | | | - Fixed issue with XOR-MAPPED-ADDRESS decoding - Implemented MAPPED_ADDRESS (IPv4 only)
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* STUN: dissection of TURN Channel DataNardi Ivan2024-03-20
|
* Add a specific protocol id for audio/video calls made using Google apps (#2341)Ivan Nardi2024-03-07
| | | Same logic already used for Signal/Whatsapp/Line/Facebook/...
* TLS: avoid setting some flow risks for webrtc trafficNardi Ivan2024-02-26
| | | | | Is quite rare to have a SNI or an ALPN on Client Hello of STUN/DTLS/SRTP traffic
* STUN: fix category when sub-classification is set in "extra-dissection" data ↵Ivan Nardi2024-02-24
| | | | path (#2320)
* STUN: fix flow risks when DTLS packets are found (#2266)Ivan Nardi2024-01-19
| | | | | When switching to (D)TLS dissector from the STUN one, we need to clear any flow risks set from the latter (because we don't have anymore `NDPI_PROTOCOL_STUN` in the classification results)
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* Remove Google Hangouts/Duo stuff (#2233)Vladimir Gavrilov2024-01-02
| | | | | * Remove Google Hangouts/Duo support * Update protocols.rst
* Implements JA4 Support (#2191)Luca Deri2023-12-22
|
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* STUN: fix detection of DTLS (#2187)Ivan Nardi2023-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a memory leak ``` ==97697==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x55a6967cfa7e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x701a7e) (BuildId: c7124999fa1ccc54346fa7bd536d8eab88c3ea01) #1 0x55a696972ab5 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #2 0x55a696972da0 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #3 0x55a696b7658d in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2394:46 #4 0x55a696b86e81 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:897:5 #5 0x55a696b80649 in ndpi_search_tls_udp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1262:11 #6 0x55a696b67a57 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2751:5 #7 0x55a696b67758 in switch_to_tls /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1408:3 #8 0x55a696c47810 in stun_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/stun.c:422:4 #9 0x55a6968a22af in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7247:9 #10 0x55a6968acd6f in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7746:5 #11 0x55a6968aba3f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8013:22 #12 0x55a69683d30e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1723:31 #13 0x55a69683d30e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2440:10 #14 0x55a69680f08f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:135:7 [...] SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). ``` Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64564
* fuzz: improve coverage and remove dead code (#2135)Ivan Nardi2023-11-07
| | | | | | | | | | We are not able to remove custom rules: remove the empty stubs (which originate from the original OpenDPI code). `ndpi_guess_protocol_id()` is only called on the first packet of the flow, so the bitmask `flow->excluded_protocol_bitmask` is always empty, since we didn't call any dissectors yet. Move another hash function to the dedicated source file.
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* Jabber: remove support for UDP (#2115)Ivan Nardi2023-10-26
| | | | | | Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp` suggests that...). Bug introduced in 5266c726f
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Remote Management Control Protocol (RMCP).Toni Uhlig2023-10-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added HAProxy protocol. (#2088)Toni2023-10-02
| | | | | | * fixed tests/do.sh.in failure print Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add support for (un-encrypted) HTTP/2 (#2087)Ivan Nardi2023-09-18
| | | | Plaintext HTTP/2 is quite rare on the general "internet" but it is used in some private networks (example: 5G core network)
* Add Service Location Protocol dissector. (#2036)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixes risk mask exception handling while improving the overall performanceLuca Deri2023-07-14
|
* Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)Ivan Nardi2023-06-27
| | | | | | Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
* STUN: add dissection of DTLS handshake (#2018)Ivan Nardi2023-06-26
|
* RTP: rework code (#2021)Ivan Nardi2023-06-23
| | | | | | | Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
* Add Apache Thrift protocol dissector. (#2007)Toni2023-06-22
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.