aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs
Commit message (Collapse)AuthorAge
...
* Add Beckhoff ADS protocol dissector (#2181)Vladimir Gavrilov2023-11-30
| | | | | | | * Add Beckhoff ADS protocol dissector * Remove redundant le32toh * Fix detection on big-endian architectures
* STUN: fix detection of DTLS (#2187)Ivan Nardi2023-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a memory leak ``` ==97697==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x55a6967cfa7e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader+0x701a7e) (BuildId: c7124999fa1ccc54346fa7bd536d8eab88c3ea01) #1 0x55a696972ab5 in ndpi_malloc /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:60:25 #2 0x55a696972da0 in ndpi_strdup /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:113:13 #3 0x55a696b7658d in processClientServerHello /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2394:46 #4 0x55a696b86e81 in processTLSBlock /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:897:5 #5 0x55a696b80649 in ndpi_search_tls_udp /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1262:11 #6 0x55a696b67a57 in ndpi_search_tls_wrapper /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:2751:5 #7 0x55a696b67758 in switch_to_tls /home/ivan/svnrepos/nDPI/src/lib/protocols/tls.c:1408:3 #8 0x55a696c47810 in stun_search_again /home/ivan/svnrepos/nDPI/src/lib/protocols/stun.c:422:4 #9 0x55a6968a22af in ndpi_process_extra_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7247:9 #10 0x55a6968acd6f in ndpi_internal_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7746:5 #11 0x55a6968aba3f in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:8013:22 #12 0x55a69683d30e in packet_processing /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:1723:31 #13 0x55a69683d30e in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/fuzz/../example/reader_util.c:2440:10 #14 0x55a69680f08f in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:135:7 [...] SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). ``` Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64564
* Fix detection of `NDPI_TCP_ISSUES` flow risk (#2177)Ivan Nardi2023-11-29
| | | | | | | We need to take into account retransmissions: they increase `flow->all_packets_counter` counter but not `flows->packet_counter` one. Therefore, the right way to check for 3WH + RST pattern involves checking for `flows->packet_counter == 0`
* Add Schneider Electric’s UMAS detection support (#2180)Vladimir Gavrilov2023-11-28
| | | | | | | * Add Schneider Electric’s UMAS detection support * Swap proto IDs in ndpi_set_detected_protocol * Update unit test result
* Add Ether-S-I/O protocol dissector (#2174)Vladimir Gavrilov2023-11-27
|
* Add Omron FINS protocol dissector (#2172)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | * Add Omron FINS protocol dissector * Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP * Update unit test results * Update protocols.rst * Remove dummy flows from fins.pcap
* Rework S7Comm dissector; add S7Comm Plus support (#2165)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | | | | * Rework S7Comm dissector; add S7Comm Plus support * Cleanup s7comm.c * Improve S7Comm Plus detection * s7comm/s7commplus: faster detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Improve CORBA detection (#2167)Vladimir Gavrilov2023-11-27
| | | | | | | * Improve CORBA detection * Remove dummy flow from ziop.pcap * Merge ziop.pcap and miop.pcap into corba.pcap
* Add OPC UA protocol dissector (#2169)Vladimir Gavrilov2023-11-27
|
* STUN: improve demultiplexing of DTLS packets (#2153)Ivan Nardi2023-11-27
| | | | | | Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones. We might end up processing the session a little longer, because we will process the STUN/RTP/RTCP packets after the DTLS handshake.
* Add RTPS protocol dissector (#2168)Vladimir Gavrilov2023-11-27
|
* Reduce false positives for H.323 over TCP (#2164)Vladimir Gavrilov2023-11-23
| | | Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Get rid of RDP false positives (#2161)Vladimir Gavrilov2023-11-23
| | | | | | | | | | | | * Get rid of false positives in the RDP protocol dissector * Remove kludge for RDP * RDP: improve detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add HART-IP protocol dissector (#2163)Vladimir Gavrilov2023-11-22
| | | | | | | | | | | | | | | * Add HART-IP protocol dissector * Update docs * Update protocols.rst * Reuse free proto id and re-run tests * docs: move HART-IP to top of list --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Improved TFTP. Fixes #2075. (#2149)Toni2023-11-21
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Get rid of Apache Cassandra false positives (#2159)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Rewrite Apache Cassandra dissector * Replace memcmp with strncmp * Add payload length check * Update Cassandra dissector * Update test results --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Add IEEE 1588-2008 (PTPv2) dissector (#2156)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Add IEEE 1588-2008 (PTPv2) dissector PTPv2 is a time synchronization protocol in computer networks, similar to NTP. * Add default protocol ports * Update default test result for PTPv2 * Update copyright --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Remove Google+ support (#2155)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | * Remove Google+ support Google+ was discontiued in 2019, so I think that its protocol id can be freed for reuse. * Fix typo * Update tests --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* IP lists: aggregate addresses wherever possible (#2152)Ivan Nardi2023-11-17
| | | See #2150
* Added TeslaServices and improved TikTok host names. Fixes #2140. (#2144)Toni2023-11-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed implicit u32 cast in `ndpi_data_min()` / `ndpi_data_max()`. (#2139)Toni2023-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fuzz: improve coverage and remove dead code (#2135)Ivan Nardi2023-11-07
| | | | | | | | | | We are not able to remove custom rules: remove the empty stubs (which originate from the original OpenDPI code). `ndpi_guess_protocol_id()` is only called on the first packet of the flow, so the bitmask `flow->excluded_protocol_bitmask` is always empty, since we didn't call any dissectors yet. Move another hash function to the dedicated source file.
* Added malicious sites from the polish cert. (#2121)Toni2023-11-02
| | | | | * added handling of parsing errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix proto_name and proto_id missmatch for Sina and SinaWeibo (#2131)Ivan Kapranov2023-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | * minor fixes fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq * fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol * fix compile errors * fix * Fix name missmatch for Sina and Sina Weibo * fix * add Sina Weibo to doc * fix * add Sina Weibo to doc --------- Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* Custom rules: fixes for Windows (#2130)Ivan Nardi2023-10-31
| | | | | | | Even after adding `WSAStartup()` call, the behavior with IPv6 addresses was different on Windows; it is the same issue reported on: https://stackoverflow.com/questions/66755681/getaddrinfo-c-on-windows-not-handling-ipv6-correctly-returning-error-code-1 Fix bitmasks.
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* Implements support for symbolic host names (#2123)Luca Deri2023-10-29
|
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for custom rules (#2120)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* Improved Protobuf dissector. (#2119)Toni2023-10-27
| | | | | * tag extraction/validation was done wrong Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Jabber: remove support for UDP (#2115)Ivan Nardi2023-10-26
| | | | | | Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp` suggests that...). Bug introduced in 5266c726f
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved CryNetwork protocol dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Remote Management Control Protocol (RMCP).Toni Uhlig2023-10-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved Steam detection by adding steamdiscover pattern. (#2105)Toni2023-10-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added NDPI_MALWARE_HOST_CONTACTED flow riskLuca Deri2023-10-13
|
* Improved MGCP detection by allowing '\r' as line feed.lns2023-10-11
| | | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: export QUIC version as metadataNardi Ivan2023-10-11
|
* Added HAProxy protocol. (#2088)Toni2023-10-02
| | | | | | * fixed tests/do.sh.in failure print Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cleaned up mining datastructureLuca2023-09-27
|
* Renamed HTTP/2 to HTTP2 as the '/' can have side effects with applications ↵Luca Deri2023-09-20
| | | | sitting on top of nDPI
* Add support for (un-encrypted) HTTP/2 (#2087)Ivan Nardi2023-09-18
| | | | Plaintext HTTP/2 is quite rare on the general "internet" but it is used in some private networks (example: 5G core network)
* tftp: update pcap resultsThomas Winter2023-09-12
| | | | | | | | The two malformed TFTP packets are no longer considered as risk and instead match by port only. This is because the TFTP detection was rather sparse so could match on several other protocols if the first two opcode bytes happened to match.
* Fixes matches with domain name strings that start with a dotLuca Deri2023-09-11
|
* Update every ip lists (#2079)Ivan Nardi2023-09-10
|
Powered by cgit, Themed by Ted Yin.