aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default
Commit message (Collapse)AuthorAge
...
* Add KCP protocol dissector. (#2257)Toni2024-01-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved uTorrent via utp (TCP-like streams over UDP). (#2255)Toni2024-01-11
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add PIA (Private Internet Access) support (#2250)Vladimir Gavrilov2024-01-09
| | | | | | | * Fix typo in protocols.rst * Add PIA (Private Internet Access) support * Update ndpi_main.c
* Add Roughtime protocol dissector. (#2248)Toni2024-01-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Make some test traces smaller (#2243)Ivan Nardi2024-01-08
| | | | | | Having smaller traces help fuzzing: we want the fuzzers to mutate "interesting" packets analyzed by nDPI, i.e. the first packets of each flows. Try hard to keep the same classification and extraction capabilities
* Add Google Chat support (#2244)Vladimir Gavrilov2024-01-07
|
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* Add Ceph protocol dissector (#2242)Vladimir Gavrilov2024-01-04
| | | | | * Add Ceph protocol dissector * Update protocols.rst
* Add HL7 protocol dissector (#2240)Vladimir Gavrilov2024-01-02
| | | | | | | * Add HL7 protocol dissector * Small fixes * Small fixes
* STUN: fix detection of Google Meet over IPv6 (#2241)Ivan Nardi2024-01-02
|
* Add IEC62056 (DLMS/COSEM) protocol dissector (#2229)Vladimir Gavrilov2024-01-02
| | | | | | | | | | | | | | | | | | | * Add IEC62056 (DLMS/COSEM) protocol dissector * Fix detection on big endian architectures * Update protocols.rst * Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c * Update pcap sample * Remove empty .out file * iec62056: add some documentation --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Remove Google Hangouts/Duo stuff (#2233)Vladimir Gavrilov2024-01-02
| | | | | * Remove Google Hangouts/Duo support * Update protocols.rst
* Teamviewer: varius fixes (#2228)Ivan Nardi2024-01-02
| | | | | | | | | We already have a generic (and up to date) logic to handle ip addresses: remove that stale list. Teamviewer uses TCP and UDP, both; we can't access `flow->l4.udp`. According to a comment, we set the flow risk `NDPI_DESKTOP_OR_FILE_SHARING_SESSION` only for the UDP flows.
* Add NoMachine NX protocol dissector (#2234)Vladimir Gavrilov2024-01-02
| | | | | | | | | * Add NoMachine protocol dissector * Fix detection on big endian architectures * Make NoMachine over UDP check more strict * Small fixes
* Updated resultLuca Deri2023-12-22
|
* Implements JA4 Support (#2191)Luca Deri2023-12-22
|
* Add Apache Kafka protocol dissector (#2226)Vladimir Gavrilov2023-12-22
|
* Add WebDAV detection support (#2224)Vladimir Gavrilov2023-12-22
| | | | | | | | | | | | | * Add WebDAV detection support * Add pcap example * Update test results * Remove redundant checks * Add WebDAV related HTTP methods to fuzz/dictionary.dict * Add note about WebDAV
* Add JSON-RPC protocol dissector (#2217)Vladimir Gavrilov2023-12-20
| | | | | | | * Add JSON-RPC protocol dissector * Small fixes * Improve detection
* Add OpenFlow protocol dissector (#2222)Vladimir Gavrilov2023-12-20
|
* mining: a better identification logic (#2221)Ivan Nardi2023-12-20
| | | | | | | | | | It is quite simple (and not so efficient) but it should fix all the false positives reported in #2216. Add support for Ethereum mining. Merge all the mining traces. Remove duplicated function. Close #2216
* fuzz: improve fuzzing coverage (#2220)Ivan Nardi2023-12-19
|
* Add UFTP protocol dissector (#2215)Vladimir Gavrilov2023-12-18
| | | | | | | * Add UFTP protocol dissector * Update docs * Merge pcap files
* Add HiSLIP protocol dissector (#2214)Vladimir Gavrilov2023-12-17
| | | | | * Add HiSLIP protocol dissector * Fix error
* Add PROFINET/IO protocol dissector (#2213)Vladimir Gavrilov2023-12-16
| | | | | | | | | * Add PROFINET/IO protocol dissector * Add LE (Little Endian) to the file name * Rework dissector * Remove redundant check
* Add Monero protocol classification. (#2196)Toni2023-12-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Sync unit tests results after latest merge (#2211)Ivan Nardi2023-12-13
|
* QUIC: add heuristic to detect unidirectional *G*QUIC flows (#2207)Ivan Nardi2023-12-13
| | | Fix extraction of `flow->protos.tls_quic.quic_version` metadata.
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* HTTP: faster processing of asymmetric flows (#2198)Ivan Nardi2023-12-11
|
* fuzz: extend fuzzing coverage (#2205)Ivan Nardi2023-12-11
|
* OpenVPN: rework detection (#2199)Ivan Nardi2023-12-06
| | | Close #1873
* Add Ether-S-Bus protocol dissector (#2200)Vladimir Gavrilov2023-12-05
|
* Add IEEE C37.118 protocol dissector (#2193)Vladimir Gavrilov2023-12-05
|
* Add ISO 9506-1 MMS protocol dissector (#2189)Vladimir Gavrilov2023-12-01
| | | | * Add ISO 9506-1 MMS protocol dissector * Fix detection on big-endian architectures
* STUN: parsing of DATA attribute (#2179)Ivan Nardi2023-12-01
|
* Add Beckhoff ADS protocol dissector (#2181)Vladimir Gavrilov2023-11-30
| | | | | | | * Add Beckhoff ADS protocol dissector * Remove redundant le32toh * Fix detection on big-endian architectures
* STUN: fix detection of DTLS (#2187)Ivan Nardi2023-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a memory leak ``` ==97697==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x55a6967cfa7e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x701a7e) (BuildId: c7124999fa1ccc54346fa7bd536d8eab88c3ea01) #1 0x55a696972ab5 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #2 0x55a696972da0 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #3 0x55a696b7658d in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2394:46 #4 0x55a696b86e81 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:897:5 #5 0x55a696b80649 in ndpi_search_tls_udp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1262:11 #6 0x55a696b67a57 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2751:5 #7 0x55a696b67758 in switch_to_tls /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1408:3 #8 0x55a696c47810 in stun_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/stun.c:422:4 #9 0x55a6968a22af in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7247:9 #10 0x55a6968acd6f in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7746:5 #11 0x55a6968aba3f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8013:22 #12 0x55a69683d30e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1723:31 #13 0x55a69683d30e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2440:10 #14 0x55a69680f08f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:135:7 [...] SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). ``` Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64564
* Fix detection of `NDPI_TCP_ISSUES` flow risk (#2177)Ivan Nardi2023-11-29
| | | | | | | We need to take into account retransmissions: they increase `flow->all_packets_counter` counter but not `flows->packet_counter` one. Therefore, the right way to check for 3WH + RST pattern involves checking for `flows->packet_counter == 0`
* Add Schneider Electric’s UMAS detection support (#2180)Vladimir Gavrilov2023-11-28
| | | | | | | * Add Schneider Electric’s UMAS detection support * Swap proto IDs in ndpi_set_detected_protocol * Update unit test result
* Add Ether-S-I/O protocol dissector (#2174)Vladimir Gavrilov2023-11-27
|
* Add Omron FINS protocol dissector (#2172)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | * Add Omron FINS protocol dissector * Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP * Update unit test results * Update protocols.rst * Remove dummy flows from fins.pcap
* Rework S7Comm dissector; add S7Comm Plus support (#2165)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | | | | * Rework S7Comm dissector; add S7Comm Plus support * Cleanup s7comm.c * Improve S7Comm Plus detection * s7comm/s7commplus: faster detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Improve CORBA detection (#2167)Vladimir Gavrilov2023-11-27
| | | | | | | * Improve CORBA detection * Remove dummy flow from ziop.pcap * Merge ziop.pcap and miop.pcap into corba.pcap
* Add OPC UA protocol dissector (#2169)Vladimir Gavrilov2023-11-27
|
* STUN: improve demultiplexing of DTLS packets (#2153)Ivan Nardi2023-11-27
| | | | | | Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones. We might end up processing the session a little longer, because we will process the STUN/RTP/RTCP packets after the DTLS handshake.
* Add RTPS protocol dissector (#2168)Vladimir Gavrilov2023-11-27
|
* Reduce false positives for H.323 over TCP (#2164)Vladimir Gavrilov2023-11-23
| | | Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Get rid of RDP false positives (#2161)Vladimir Gavrilov2023-11-23
| | | | | | | | | | | | * Get rid of false positives in the RDP protocol dissector * Remove kludge for RDP * RDP: improve detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add HART-IP protocol dissector (#2163)Vladimir Gavrilov2023-11-22
| | | | | | | | | | | | | | | * Add HART-IP protocol dissector * Update docs * Update protocols.rst * Reuse free proto id and re-run tests * docs: move HART-IP to top of list --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
Powered by cgit, Themed by Ted Yin.