vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 16:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
2582 commits 9 branches 12 tags 263 MiB
Commit graph

117 commits

Author SHA1 Message Date
Toni Uhlig
20fed83e0f
Removed csv_fp as external symbol. Instead passing csv_fp through as argument. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-08 23:21:35 +02:00
Luca Deri
1c60c22893 Added ndpi_cluster_bins() for clustering bins and ancillary functions for bins manipulation 2020-07-07 15:10:51 +02:00
Luca Deri
db707e0829
Merge pull request #932 from IvanNardi/log 
Log
 2020-07-07 14:43:32 +02:00
Toni Uhlig
de25ba7d0b
Fixed heap overflow caused by missing lengthcheck in reader uutil. 
* triggered by fuzz traces from wireshark

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-06 23:30:40 +02:00
Nardi Ivan
b24f5c4c0a Fix memory leak about purged/expired flows 
Create an helper to avoid similar errors in the future
Fixes: 1a62f4c7
 2020-06-28 12:05:12 +02:00
Nardi Ivan
ece5d3e199 Fix (harmless) memory leaks when DPDK is enabled 2020-06-28 12:05:12 +02:00
Nardi Ivan
56d87186f7 Fix compilation with --enable-debug-messages flag 
NDPI_LOG* macros dereference ndpi_detection_module_struct object which is
private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use
them outside the library itself, i.e. in ndpiReader code
Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros
to a new very simple macro, private to ndpiReader program. If necessary,
such macro may be improved.

According to a comment in ndpi_define.h, each dissector must define its own
NDPI_CURRENT_PROTO macro before including ndpi_api.h file
 2020-06-26 12:04:02 +02:00
Luca Deri
1a62f4c799 Added ndpi_bin_XXX API 
Added packet lenght distribution bins
 2020-06-22 01:02:54 +02:00
Luca Deri
46d96e7f32 Added checks for DGA detection 2020-06-17 19:46:37 +02:00
Luca Deri
801c9481cb Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants) 2020-06-06 11:29:03 +02:00
Luca Deri
597d6e5d60
Merge pull request #913 from yskcg/fix_segment_fault_dev 
Fix segment fault dev
 2020-06-05 16:57:46 +02:00
ysk
52893d99f6 fix segment fault cause by the ssl.server_names when it may NULL 2020-06-03 10:44:35 +08:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Nardi Ivan
097127c31d Fix heap-overflow error in CAPWAP detunneling code 2020-04-24 10:42:52 +02:00
Nardi Ivan
f965983c23 Add basic support for some ip-in-ip tunnels 
Add support for 4in4, 6in6 and 4in6 encapsulations
Add support for ipv6 traffic in gtp tunnels, too

To allow gtp unit test, gtp detunneling flag has been globally enabled
in the test suite
 2020-04-23 10:55:33 +02:00
Luca Deri
019b51bb17
Merge pull request #879 from IvanNardi/warnings 
Fix some compilation warnings
 2020-04-21 19:23:57 +02:00
Philippe Antoine
1b73f7372e Gets right protocol after IPv6 header 2020-04-21 15:34:53 +02:00
Nardi Ivan
b1a6c6b895 Fix some compilation warnings 2020-04-20 16:53:39 +02:00
Luca Deri
25cd2a23a6 Compilation fixes 2020-04-20 15:08:51 +02:00
Philippe Antoine
c2b2692e65 Seeting right flow protocol after IP6 extensions 
Finally fixing https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20727
 2020-04-18 14:39:57 +02:00
Philippe Antoine
da0889d3ba Adds bound check before calling ndpi_handle_ipv6_extension_headers 2020-04-17 22:21:03 +02:00
Alexander Czyrny
32d25bfdaf additional csv semicolon fix 
Created function correct_csv_data_field to pevent duplicated code. Additionally used for _flow->ndpi_flow->protos.stun_ssl.ssl.alpn_ and _flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions_ to guarantee a valid csv output (commas replaced by semicolon) .
 2020-04-16 14:12:48 +02:00
Philippe Antoine
cf47ba234a Use ndpi_handle_ipv6_extension_headers in reader_util 2020-04-15 16:19:57 +02:00
Philippe Antoine
c1baf1516d Adds bound check for TZSP 2020-04-15 15:50:58 +02:00
Nardi Ivan
e84563f971 ndpiReader: fix memory leak in idle sessions purging 2020-04-08 15:15:34 +02:00
Philippe Antoine
e9195589d2 Checks enough data for UDP header 2020-03-19 16:44:53 +01:00
Luca Deri
34ad06fef5 Compilation fix 2020-02-28 16:03:27 +01:00
Philippe Antoine
5fc9d41eb0 Run ndpi_detection_process_packet only with payload 
Real problem is decapsulation of all ipv6 headers
 2020-02-26 17:05:08 +01:00
Philippe Antoine
83fdfe24d0 Fix read overflow before UDP header 2020-02-26 16:16:29 +01:00
Philippe Antoine
3eb9907dd7 Fix various buffer over reads 2020-02-18 11:50:22 +01:00
Luca Deri
fdf8dd724f Minor fix 2020-02-17 22:15:36 +01:00
Philippe Antoine
bf7dcd63c3 Checks length for next ip header 2020-02-14 14:18:31 +01:00
Philippe Antoine
b287dccecf Checks l4 size against l3 size 2020-02-14 14:02:19 +01:00
Luca Deri
83bbb4cb69 Compliation warning fixes 2020-02-08 11:24:40 +01:00
Luca Deri
33d761a55a
Merge pull request #838 from catenacyber/fix2 
Adds missing checks
 2020-02-08 11:20:54 +01:00
Luca Deri
5cad39f0e8 Added export of TLS supported version in TLS header 2020-02-07 23:26:03 +01:00
Luca Deri
3be263aafc Added TLS ALPN support 2020-02-07 21:54:04 +01:00
Luca Deri
fa26c62b0c Fix for IPv6 address format across the various platforms/distributions 2020-02-04 22:50:08 +01:00
Luca Deri
2701cc9491 Warnign fix 2020-02-04 22:34:08 +01:00
Luca Deri
0703ab5ac5 Improved DNS response decoding 
The first decoded address is now reported by ndpiReader
 2020-02-04 22:16:54 +01:00
Philippe Antoine
418ea234ae Adds missing checks 
Found by fuzzing
 2020-02-03 22:38:31 +01:00
Philippe Antoine
0bf2ca56a8 Uses ip_size in get_ndpi_flow_info6 2020-01-31 15:37:36 +01:00
Philippe Antoine
b97360d931 Fix infinite loop in ndpi_workflow_process_packet 2020-01-31 15:26:34 +01:00
Luca
812505b56b Added sanity check 2020-01-15 20:49:21 -07:00
Vitaliy Ivanov
cbabbd5865 example: fix compilation of ndpireader on latest dpdk. 
reader_util.c:1708:43: error: 'ETHER_MAX_LEN' undeclared here (not in a function)
             .rxmode = { .max_rx_pkt_len = ETHER_MAX_LEN }
                                           ^~~~~~~~~~~~~

DPDK before 19.08 had a macro ETHER_MAX_LEN, in later versions it was
changed to RTE_ETHER_MAX_LEN.

Signed-off-by: Vitaliy Ivanov <vitaliyi@interfacemasters.com>
 2020-01-13 16:10:09 +02:00
Luca Deri
5571ce114d Added flow extra info field 
Updated tests/results
 2020-01-10 22:21:16 +01:00
emanuele-f
798bb6e2e1 Fix leaks and sha1 certificate detection 2020-01-02 14:39:51 +01:00
Luca
8b01056b21 Renamed TLS requested server name 2020-01-02 07:37:03 +01:00