vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 16:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3155 commits 9 branches 12 tags 263 MiB
Commit graph

1922 commits

Author SHA1 Message Date
ragostino
ee94534906
debug message bugfix (#1108) 
you can not look for memory enlargement if you print debug message after updating the variables
 2021-02-03 09:31:17 +01:00
Luca Deri
50f4049b58 Improved wireguard dissection 2021-01-29 16:38:43 +01:00
Luca Deri
bb74b903d0 DCE/RPC improvement to avoid false positives 2021-01-29 16:23:18 +01:00
Luca Deri
aeeccee106 DGA name improvement 2021-01-27 11:43:35 +01:00
Luca Deri
a31bd5ac3c Cleaned up tls/quic datatypes 2021-01-21 19:17:33 +01:00
Luca Deri
15295ef4c5 Reworked TLS fingerprint calcolation 
Modified TLS memory free
 2021-01-21 19:06:05 +01:00
Luca Deri
3e5e9569ff Added simple hash implementation to the nDPI API 2021-01-20 21:30:19 +01:00
Luca Deri
d964c3e081 Code cleanup: third party uthash is at the right place 2021-01-20 19:11:36 +01:00
Luca
0809956e5f Rewored UPnP protocol that in essence was WSD hence it has been renamed 
Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
 2021-01-20 09:53:30 +01:00
Luca Deri
e9f43516ec Improves STUN dissection removing an invalid termination condition that prevented Skype calls to be properly identified 2021-01-13 16:46:51 +01:00
Luca Deri
68b6ac7da8 (C) Update 2021-01-07 11:13:36 +01:00
Luca Deri
367184628e Warning fix 2021-01-07 11:07:17 +01:00
Ivan Nardi
ec2735694b
STUN: avoid false positives (#1110) 
STUN traffic doesn't use multicast addresses
 2021-01-07 10:58:22 +01:00
Ivan Nardi
1e2b57bed4
HTTP: fix compilation and a memory error when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1109) 2021-01-07 10:58:02 +01:00
Ivan Nardi
2080cc7365
QUIC: add suppport for DNS-over-QUIC (#1107) 
Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00

In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
 2021-01-07 10:56:39 +01:00
Ivan Nardi
00dabce65e
Quic fixes (#1106) 
* QUIC: fix heap-buffer-overflow

* TLS: fix parsing of QUIC Transport Parameters
 2021-01-07 10:55:55 +01:00
Ivan Nardi
b8a5358e80
QUIC: improve handling of SNI (#1105) 
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name

Close #1077

* QUIC: fix matching of custom categories

* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions

* QUIC: fix serialization

* QUIC: add DGA check for older GQUIC versions
 2021-01-07 10:55:23 +01:00
Luca Deri
eb37f8f1fb Split HTTP request from response Content-Type. Request Content-Type should be present with POSTs and not with other methods such as GET 2021-01-06 18:28:24 +01:00
Luca Deri
cd21f0d316 Added check for invalid HTTP content 2021-01-06 12:25:32 +01:00
Ivan Nardi
1b524f5538
QUIC: update to draft-33 (#1104) 
QUIC (final!?) constants for v1 are defined in draft-33
 2021-01-04 15:50:14 +01:00
Ivan Nardi
3aa16b63e8
Fix some warnings when compiling with "-W -Wall" flags (#1103) 2021-01-04 15:49:39 +01:00
Ivan Nardi
23b84cd3ee
Remove FB_ZERO protocol (#1102) 
FB_ZERO was an experimental protocol run by Facebook.
They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but
them so it is definitely dead.
See: https://engineering.fb.com/2018/08/06/security/fizz/
 2021-01-04 15:49:19 +01:00
Toni
53ee6db795
Added a new API function `ndpi_free_flow_data' which free's all members of ndpi_flow_struct but not the struct itself. (#1101) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-01-04 12:47:05 +01:00
Ivan Nardi
3bb12fde63
Fix memory leak introduced in b7376cc6 (#1100) 2021-01-04 12:46:30 +01:00
Luca Deri
a91e6179c5 Fixed missing symbol 2021-01-02 21:21:15 +01:00
Luca Deri
05d76525b0 Added HTTP suspicious content securirty risk (useful for tracking trickbot) 2021-01-02 21:11:42 +01:00
Luca Deri
32f0446c9c Updated ndpi_ptree_match_addr() prototype 2020-12-30 18:23:40 +01:00
Luca Deri
dc401f8a74 Split ptree user data in 32 and 64 bit entries 2020-12-30 12:12:33 +01:00
pengtian
ab037e2c82
Bugfix for host check (#1097) 
this bug is from commit `427002d14` `2020-05-06 00:31:40`
 2020-12-29 14:41:41 +01:00
Luca Deri
84132c6735 Added known protocol on unknown port for ntop 2020-12-28 16:11:39 +01:00
Luca Deri
7f944cc43b Initialization fix 2020-12-28 11:57:20 +01:00
Luca Deri
0fceb6576a Free flow fix 2020-12-28 09:32:06 +01:00
Luca Deri
cf00ffed32 Removed test code 2020-12-26 18:13:10 +01:00
Luca Deri
e1be363037 Removed space from protocol name 2020-12-23 20:38:02 +00:00
Luca Deri
34fc9d5d50 Introduced fix on TLS for discarding traffic out of sequence that might invalidate dissection 2020-12-22 09:47:39 +01:00
Luca Deri
6462f4671c Fixed invalid TLS check for extra processing detection 2020-12-21 22:42:05 +01:00
Luca Deri
b231982286 Win fixes 2020-12-17 15:34:17 +01:00
Luca Deri
df1b3367a9 Type change to avoid Windows compilation issues 2020-12-17 12:58:12 +01:00
Luca Deri
2768da0637 Improved HTTP dissection 2020-12-16 14:45:29 +01:00
Toni
edf3a57a6a
Added `fast.com' host pattern to Netflix detection. #1080 (#1084) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-12-11 21:01:28 +01:00
Ivan Nardi
5587010cfb
soulseek: fix heap buffer overflow (#1083) 
Close #1082
 2020-12-11 21:01:07 +01:00
Luca Deri
5cb6ddfd22 Rule changes work in progress 2020-12-11 17:25:57 +01:00
Luca Deri
21ad3a1775 Added initialization 2020-12-11 17:25:57 +01:00
Luca Deri
4cb8712a35 Added --with-mipsel for building nDPI on mipsel devices 2020-12-09 11:01:40 +00:00
Toni
62cd852c6f
Rename Jabber detection name as we are not sure if it is unencrypted e.g. if START_TLS used. (#1079) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-12-08 15:49:17 +01:00
rafaliusz
1ecc6d323e
Add a connectionless DCE/RPC detection (#1078) 
* Add connectionless DCE/RPC detection

* Add DCE/RPC pcap file as well as its test result

Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
 2020-12-08 15:48:53 +01:00
Ivan Nardi
860ef58ace
QUIC: sync with Wireshark latest changes (#1074) 
Most of the QUIC crypto code has been "copied-and-pasted" from Wireshark;
try to stay in sync with the original sources to ease backporting of fixes.

Only cosmetic changes and code refactoring; no behaviour changes or bugfixes.
See:
5e45f770fd
5798b91c15
 2020-12-08 15:47:58 +01:00
Luca Deri
eb689b2069 nDPI rules (work in progress) implementation 2020-11-30 22:01:49 +01:00
Luca Deri
23a15bae5f Fixes #1029 2020-11-27 18:51:56 +01:00
Luca Deri
6c119c0b06 Fixes #1032 2020-11-27 18:48:25 +01:00