Non-critical bugs.
If a file list is used, then all files except the last are not closed.
Opening the next file loses the memory allocated via pcap_open_offline() for the previous file.
If a bpf filter is used, then no memory is freed after pcap_compile.
* Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Try to detect one subprotocol if a detected protocol can have one.
* This adds a performance overhead due to much more protocol detection routine calls.
See #1148 for more information.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactor subprotocol handling (1/2).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactor subprotocol handling (2/2).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactored aimini HTTP detection parts (somehow related to #1148).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added aimini client/server test pcap.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto
* Adjusted Python code to conform to the changes made during the refactoring process.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add support for Snapchat voip calls
Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.
* Fix tests with libgcrypt disabled
* An external file which contains known malicious SSL certificate SHA-1 hashes
can be loaded via ndpi_load_malicious_sha1_file(...)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed memory leaks caused by conditional free'ing for some TLS connections.
* Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.
* Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
