* Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Try to detect one subprotocol if a detected protocol can have one.
* This adds a performance overhead due to much more protocol detection routine calls.
See #1148 for more information.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactor subprotocol handling (1/2).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactor subprotocol handling (2/2).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactored aimini HTTP detection parts (somehow related to #1148).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added aimini client/server test pcap.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto
* Adjusted Python code to conform to the changes made during the refactoring process.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add support for Snapchat voip calls
Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.
* Fix tests with libgcrypt disabled
* An external file which contains known malicious SSL certificate SHA-1 hashes
can be loaded via ndpi_load_malicious_sha1_file(...)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed memory leaks caused by conditional free'ing for some TLS connections.
* Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.
* Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Introduced in 5f7b9d802
reader_util.c: In function ‘process_ndpi_collected_info’:
reader_util.c:1148:60: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 64 [-Wformat-truncation=]
1148 | sizeof(flow->ssh_tls.client_requested_server_name), "%s",
| ^~
reader_util.c:1147:5: note: ‘snprintf’ output between 1 and 256 bytes into a destination of size 64
1147 | snprintf(flow->ssh_tls.client_requested_server_name,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1148 | sizeof(flow->ssh_tls.client_requested_server_name), "%s",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1149 | flow->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
