aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs
Commit message (Collapse)AuthorAge
* Add realtime protocol output to `ndpiReader`.add/output-realtime-protocolsToni Uhlig2023-12-14
| | | | | | | | * support for using a new flow callback invoked before the flow memory is free'd * minor fixes * Win32 gmtime fix Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Monero protocol classification. (#2196)Toni2023-12-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Sync unit tests results after latest merge (#2211)Ivan Nardi2023-12-13
|
* QUIC: add heuristic to detect unidirectional *G*QUIC flows (#2207)Ivan Nardi2023-12-13
| | | Fix extraction of `flow->protos.tls_quic.quic_version` metadata.
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* STUN: rework extra dissection (#2202)Ivan Nardi2023-12-11
| | | | | | | Keep looking for RTP packets but remove the monitoring concept. We will re-introduce a more general concept of "flow in monitoring state" later. The function was disabled by default. Some configuration knobs will be provided when/if #2190 is merged.
* HTTP: faster processing of asymmetric flows (#2198)Ivan Nardi2023-12-11
|
* fuzz: extend fuzzing coverage (#2205)Ivan Nardi2023-12-11
|
* OpenVPN: rework detection (#2199)Ivan Nardi2023-12-06
| | | Close #1873
* Add Ether-S-Bus protocol dissector (#2200)Vladimir Gavrilov2023-12-05
|
* Add IEEE C37.118 protocol dissector (#2193)Vladimir Gavrilov2023-12-05
|
* Add ISO 9506-1 MMS protocol dissector (#2189)Vladimir Gavrilov2023-12-01
| | | | * Add ISO 9506-1 MMS protocol dissector * Fix detection on big-endian architectures
* STUN: parsing of DATA attribute (#2179)Ivan Nardi2023-12-01
|
* Add Beckhoff ADS protocol dissector (#2181)Vladimir Gavrilov2023-11-30
| | | | | | | * Add Beckhoff ADS protocol dissector * Remove redundant le32toh * Fix detection on big-endian architectures
* STUN: fix detection of DTLS (#2187)Ivan Nardi2023-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a memory leak ``` ==97697==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x55a6967cfa7e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x701a7e) (BuildId: c7124999fa1ccc54346fa7bd536d8eab88c3ea01) #1 0x55a696972ab5 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #2 0x55a696972da0 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #3 0x55a696b7658d in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2394:46 #4 0x55a696b86e81 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:897:5 #5 0x55a696b80649 in ndpi_search_tls_udp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1262:11 #6 0x55a696b67a57 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2751:5 #7 0x55a696b67758 in switch_to_tls /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1408:3 #8 0x55a696c47810 in stun_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/stun.c:422:4 #9 0x55a6968a22af in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7247:9 #10 0x55a6968acd6f in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7746:5 #11 0x55a6968aba3f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8013:22 #12 0x55a69683d30e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1723:31 #13 0x55a69683d30e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2440:10 #14 0x55a69680f08f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:135:7 [...] SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). ``` Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64564
* Fix detection of `NDPI_TCP_ISSUES` flow risk (#2177)Ivan Nardi2023-11-29
| | | | | | | We need to take into account retransmissions: they increase `flow->all_packets_counter` counter but not `flows->packet_counter` one. Therefore, the right way to check for 3WH + RST pattern involves checking for `flows->packet_counter == 0`
* Add Schneider Electric’s UMAS detection support (#2180)Vladimir Gavrilov2023-11-28
| | | | | | | * Add Schneider Electric’s UMAS detection support * Swap proto IDs in ndpi_set_detected_protocol * Update unit test result
* Add Ether-S-I/O protocol dissector (#2174)Vladimir Gavrilov2023-11-27
|
* Add Omron FINS protocol dissector (#2172)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | * Add Omron FINS protocol dissector * Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP * Update unit test results * Update protocols.rst * Remove dummy flows from fins.pcap
* Rework S7Comm dissector; add S7Comm Plus support (#2165)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | | | | * Rework S7Comm dissector; add S7Comm Plus support * Cleanup s7comm.c * Improve S7Comm Plus detection * s7comm/s7commplus: faster detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Improve CORBA detection (#2167)Vladimir Gavrilov2023-11-27
| | | | | | | * Improve CORBA detection * Remove dummy flow from ziop.pcap * Merge ziop.pcap and miop.pcap into corba.pcap
* Add OPC UA protocol dissector (#2169)Vladimir Gavrilov2023-11-27
|
* STUN: improve demultiplexing of DTLS packets (#2153)Ivan Nardi2023-11-27
| | | | | | Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones. We might end up processing the session a little longer, because we will process the STUN/RTP/RTCP packets after the DTLS handshake.
* Add RTPS protocol dissector (#2168)Vladimir Gavrilov2023-11-27
|
* Reduce false positives for H.323 over TCP (#2164)Vladimir Gavrilov2023-11-23
| | | Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Get rid of RDP false positives (#2161)Vladimir Gavrilov2023-11-23
| | | | | | | | | | | | * Get rid of false positives in the RDP protocol dissector * Remove kludge for RDP * RDP: improve detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add HART-IP protocol dissector (#2163)Vladimir Gavrilov2023-11-22
| | | | | | | | | | | | | | | * Add HART-IP protocol dissector * Update docs * Update protocols.rst * Reuse free proto id and re-run tests * docs: move HART-IP to top of list --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Improved TFTP. Fixes #2075. (#2149)Toni2023-11-21
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Get rid of Apache Cassandra false positives (#2159)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Rewrite Apache Cassandra dissector * Replace memcmp with strncmp * Add payload length check * Update Cassandra dissector * Update test results --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Add IEEE 1588-2008 (PTPv2) dissector (#2156)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Add IEEE 1588-2008 (PTPv2) dissector PTPv2 is a time synchronization protocol in computer networks, similar to NTP. * Add default protocol ports * Update default test result for PTPv2 * Update copyright --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Remove Google+ support (#2155)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | * Remove Google+ support Google+ was discontiued in 2019, so I think that its protocol id can be freed for reuse. * Fix typo * Update tests --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* IP lists: aggregate addresses wherever possible (#2152)Ivan Nardi2023-11-17
| | | See #2150
* Added TeslaServices and improved TikTok host names. Fixes #2140. (#2144)Toni2023-11-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed implicit u32 cast in `ndpi_data_min()` / `ndpi_data_max()`. (#2139)Toni2023-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fuzz: improve coverage and remove dead code (#2135)Ivan Nardi2023-11-07
| | | | | | | | | | We are not able to remove custom rules: remove the empty stubs (which originate from the original OpenDPI code). `ndpi_guess_protocol_id()` is only called on the first packet of the flow, so the bitmask `flow->excluded_protocol_bitmask` is always empty, since we didn't call any dissectors yet. Move another hash function to the dedicated source file.
* Added malicious sites from the polish cert. (#2121)Toni2023-11-02
| | | | | * added handling of parsing errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix proto_name and proto_id missmatch for Sina and SinaWeibo (#2131)Ivan Kapranov2023-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | * minor fixes fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq * fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol * fix compile errors * fix * Fix name missmatch for Sina and Sina Weibo * fix * add Sina Weibo to doc * fix * add Sina Weibo to doc --------- Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* Custom rules: fixes for Windows (#2130)Ivan Nardi2023-10-31
| | | | | | | Even after adding `WSAStartup()` call, the behavior with IPv6 addresses was different on Windows; it is the same issue reported on: https://stackoverflow.com/questions/66755681/getaddrinfo-c-on-windows-not-handling-ipv6-correctly-returning-error-code-1 Fix bitmasks.
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* Implements support for symbolic host names (#2123)Luca Deri2023-10-29
|
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for custom rules (#2120)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* Improved Protobuf dissector. (#2119)Toni2023-10-27
| | | | | * tag extraction/validation was done wrong Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Jabber: remove support for UDP (#2115)Ivan Nardi2023-10-26
| | | | | | Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp` suggests that...). Bug introduced in 5266c726f
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.