vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 02:16:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

12 commits

Author SHA1 Message Date
Luca Deri
d5236c0aaf Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options 2024-10-27 08:17:27 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Luca Deri
fc4fb4d409 Fixed probing attempt risk that was creating false positives 2024-08-07 11:38:41 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Ivan Nardi
7be482f5b1
Update unit tests results (#2466) 2024-06-05 11:55:30 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Ivan Nardi
a1845da359
TLS: fix Ja4 fingerprint computation (#2419) 
The new values has been checked against the ones reported by Wireshark.

Found while fixing a Use-of-uninitialized-value error reported by
oss-fuzz

```
==7582==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5a6549abc368 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:1762:10
    #1 0x5a6549ab88a0 in processClientServerHello ndpi/src/lib/protocols/tls.c:2863:10
    #2 0x5a6549ac1452 in processTLSBlock ndpi/src/lib/protocols/tls.c:909:5
    #3 0x5a6549abf588 in ndpi_search_tls_tcp ndpi/src/lib/protocols/tls.c:1098:2
    #4 0x5a65499c53ec in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:7215:6
```

See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68449&q=ndpi&can=1&sort=-id
 2024-05-05 17:27:29 +02:00
Nardi Ivan
d72a760ac3 New API for library configuration 
This is the first step into providing (more) configuration options in nDPI.

The idea is to have a simple way to configure (most of) nDPI: only one
function (`ndpi_set_config()`) to set any configuration parameters
(in the present or on in the future) and we try to keep this function
prototype as agnostic as possible.

You can configure the library:
* via API, using `ndpi_set_config()`
* via a configuration file, in a text format

This way, anytime we need to add a new configuration parameter:
* we don't need to add two public functions (a getter and a setter)
* we don't break API/ABI compatibility of the library; even changing
the parameter type (from integer to a list of integer, for example)
doesn't break the compatibility.

The complete list of configuration options is provided in
`doc/configuration_parameters.md`.

As a first example, two configuration knobs are provided:
* the ability to enable/disable the extraction of the sha1 fingerprint of
the TLS certificates.
* the upper limit on the number of packets per flow that will be subject
to inspection
 2024-01-18 10:21:24 +01:00