From 85776a532d0d7785c6be844d8318efca31fc5dcd Mon Sep 17 00:00:00 2001 From: Derrick Lyndon Pallas Date: Fri, 5 Apr 2019 18:58:46 +0000 Subject: Fix double-strdup memory leak in ndpi_handle_rule proto is being strdup'd both in the call to ndpi_set_proto_defaults and inside of that function as well, leaking the memory. --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index bdd28f666..e18c220a5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2837,7 +2837,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, ndpi_mod->ndpi_num_supported_protocols, 0 /* can_have_a_subprotocol */, no_master, no_master, - ndpi_strdup(proto), + proto, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, /* TODO add protocol category support in rules */ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); -- cgit v1.2.3 From 1b9955e9ef7cda3c1aef997f6db502690da23433 Mon Sep 17 00:00:00 2001 From: Damir Franusic Date: Wed, 29 May 2019 17:12:32 +0200 Subject: Added PUBLISH/SUBSCRIBE methods to SIP --- src/lib/protocols/sip.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/lib') diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 1436b2cec..80fd175f0 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -123,6 +123,20 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct return; } + if ((memcmp(packet_payload, "PUBLISH ", 8) == 0 || memcmp(packet_payload, "publish ", 8) == 0) + && (memcmp(&packet_payload[8], "SIP:", 4) == 0 || memcmp(&packet_payload[8], "sip:", 4) == 0)) { + NDPI_LOG_INFO(ndpi_struct, "found sip PUBLISH\n"); + ndpi_int_sip_add_connection(ndpi_struct, flow, 0); + return; + } + + if ((memcmp(packet_payload, "SUBSCRIBE ", 10) == 0 || memcmp(packet_payload, "subscribe ", 10) == 0) + && (memcmp(&packet_payload[10], "SIP:", 4) == 0 || memcmp(&packet_payload[10], "sip:", 4) == 0)) { + NDPI_LOG_INFO(ndpi_struct, "found sip SUBSCRIBE\n"); + ndpi_int_sip_add_connection(ndpi_struct, flow, 0); + return; + } + /* Courtesy of Miguel Quesada */ if ((memcmp(packet_payload, "OPTIONS ", 8) == 0 || memcmp(packet_payload, "options ", 8) == 0) -- cgit v1.2.3 From 5c7e0a0319d97f8d0eb8c60bcfa5676dac6b90be Mon Sep 17 00:00:00 2001 From: Damir Franusic Date: Fri, 31 May 2019 15:19:07 +0200 Subject: SIP Message extension * RFC 3248 --- src/lib/protocols/sip.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/lib') diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 80fd175f0..2583dbfdf 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -136,6 +136,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } + + /* SIP message extension RFC 3248 */ + if ((memcmp(packet_payload, "MESSAGE ", 8) == 0 || memcmp(packet_payload, "message ", 8) == 0) + && (memcmp(&packet_payload[8], "SIP:", 4) == 0 || memcmp(&packet_payload[8], "sip:", 4) == 0)) { + NDPI_LOG_INFO(ndpi_struct, "found sip MESSAGE\n"); + ndpi_int_sip_add_connection(ndpi_struct, flow, 0); + return; + } /* Courtesy of Miguel Quesada */ if ((memcmp(packet_payload, "OPTIONS ", 8) == 0 -- cgit v1.2.3 From e6813846b84d41cf0a1226faaaf177b466f56e55 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 3 Jun 2019 08:18:24 +0200 Subject: Adds CUSTOM_CATEGORY_ANTIMALWARE category referenced by #710. --- src/include/ndpi_typedefs.h | 6 ++++++ src/lib/ndpi_content_match.c.inc | 1 + 2 files changed, 7 insertions(+) (limited to 'src/lib') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 21e2199e5..a2d2293b8 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -809,6 +809,12 @@ typedef enum { CUSTOM_CATEGORY_BANNED_SITE = 102, CUSTOM_CATEGORY_SITE_UNAVAILABLE = 103, CUSTOM_CATEGORY_ALLOWED_SITE = 104, + /* + The category below is used to track communications made by + security applications (e.g. sophosxl.net, spamhaus.org) + to track malware, spam etc. + */ + CUSTOM_CATEGORY_ANTIMALWARE = 105, /* IMPORTANT diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 537b41b5e..730050a2e 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8686,6 +8686,7 @@ ndpi_protocol_match host_match[] = { { "whispersystems.org", NULL, "whispersystems\\.org" TLD, "Signal", NDPI_PROTOCOL_SIGNAL, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "musical.ly", NULL, "musical\\.ly" TLD, "TikTok", NDPI_PROTOCOL_TIKTOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "muscdn.com", NULL, "muscndl\\.com" TLD, "TikTok", NDPI_PROTOCOL_TIKTOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { NULL, NULL, NULL, 0 } }; -- cgit v1.2.3 From 3979c28cacb6ae113de2a0edfbadb6e3fa001947 Mon Sep 17 00:00:00 2001 From: lucaderi Date: Mon, 3 Jun 2019 19:50:18 +0200 Subject: Added missing antimalware category --- src/lib/ndpi_main.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7a954a710..4bc89fb6e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -425,6 +425,7 @@ static const char* categories[] = { "Banned_Site", "Site_Unavailable", "Allowed_Site", + "Antimalware", }; /* ****************************************** */ -- cgit v1.2.3