| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
* CQL: fixed byte order conversion (BigEndian not LittleEndian)
* CQL: increased required successful dissected packets to prevent false-positives
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
| |
* added static assert if supported, to complain if the flow struct changes
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add (basic) internal stats to the main data structures used by the
library; they might be usefull to check how effective these structures
are.
Add an option to `ndpiReader` to dump them; enabled by default in the
unit tests.
This new option enables/disables dumping of "num dissectors calls"
values, too (see b4cb14ec).
|
| |
|
|
|
|
|
|
|
|
|
| |
Since e6b332aa, we have proper support for detecting client/server
direction. So Tinc dissector is now able to properly initialize the
cache entry only when needed and not anymore at the SYN time; initializing
that entry for **every** SYN packets was a complete waste of resources.
Since 4896dabb, the various `struct ndpi_call_function_struct`
structures are not more separate objects and therefore comparing them
using only their pointers is bogus: this bug was triggered by this
change because `ndpi_str->callback_buffer_size_tcp_no_payload` is now 0.
|
| |
|
|
|
|
|
| |
Tcp retransmissions should be ignored.
Remove some unused protocol bitmasks.
Update script to download Whatsapp IP list.
|
| |
|
| |
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
Skype detection over TCP has been completely disable since 659f75138 (3
years ago!).
Since that logic was too weak anyway, remove it.
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
There is some overlap with Citrix protocol.
|
| |
|
|
| |
Code cleanup
|
| | |
|
| | |
|
| |
|
|
|
| |
Follow-up of 8b062295
Add a new protocol id for generic Tencent/Wechat flows
|
| |
|
| |
Fix: 7a3aa41a
|
| |
|
|
|
|
|
| |
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40269
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41432
Fix fuzz compilation (follow-up of f5545a80)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.
In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).
Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve Microsoft, GMail, Likee, Whatsapp, DisneyPlus and Tiktok
detection.
Add Vimeo, Fuze, Alibaba and Firebase Crashlytics detection.
Try to differentiate between Messenger/Signal standard flows (i.e chat)
and their VOIP (video)calls (like we already do for Whatsapp and
Snapchat).
Add a partial list of some ADS/Tracking stuff.
Fix Cassandra, Radius and GTP false positives.
Fix DNS, Syslog and SIP false negatives.
Improve GTP (sub)classification: differentiate among GTP-U, GTP_C and
GTP_PRIME.
Fix 3 LGTM warnings.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* validates client/server hello TLS extensions
* inspects content for some extensions
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.
Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Error detected with valgrind.
==13127== Conditional jump or move depends on uninitialised value(s)
==13127== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==13127== by 0x1A93B6: ndpi_strdup (ndpi_main.c:159)
==13127== by 0x1C07CC: processClientServerHello (tls.c:1678)
==13127== by 0x1C0C4C: processTLSBlock (tls.c:712)
==13127== by 0x1C0C4C: ndpi_search_tls_tcp.part.0 (tls.c:849)
See also 8c3674e9
|
|
|
Error detected with valgrind.
==125883== Conditional jump or move depends on uninitialised value(s)
==125883== at 0x438F57: processClientServerHello (tls.c:1421)
==125883== by 0x43B35A: processTLSBlock (tls.c:712)
==125883== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125883== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426)
==125883== by 0x42E920: ndpi_detection_process_packet (ndpi_main.c:5301)
==125916== Conditional jump or move depends on uninitialised value(s)
==125916== at 0x438D7D: processClientServerHello (tls.c:1379)
==125916== by 0x43B35A: processTLSBlock (tls.c:712)
==125916== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125916== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426)
==125932== Conditional jump or move depends on uninitialised value(s)
==125932== at 0x438C1D: processClientServerHello (tls.c:1298)
==125932== by 0x43B35A: processTLSBlock (tls.c:712)
==125932== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125932== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426)
==125950== Conditional jump or move depends on uninitialised value(s)
==125950== at 0x438D4F: processClientServerHello (tls.c:1371)
==125950== by 0x43B35A: processTLSBlock (tls.c:712)
==125950== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849)
==125950== by 0x42C079: check_ndpi_detection_func (ndpi_main.c:4443)
|