vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-03 09:20:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
2937 commits 9 branches 12 tags 263 MiB
Commit graph

2937 commits

This branch
This branch
All branches
Author SHA1 Message Date
Luca Deri
d19bad1581 Added pcap for testing fragments reassembly 2021-02-03 11:48:53 +01:00
Luca Deri
01f4a57118 Fixes an issue with https://github.com/ntop/nDPI/pull/1122 that misprocsssed packets belonging to flows whose initial part (e.g. the 3WH) was not observed by nDPI (e.g. capture started in the middle of the flow) 2021-02-03 11:47:21 +01:00
Roberto AGOSTINO
b70ad0e2f1
fragments management added (#1122) 
Management of tcp segments managements.

Co-authored-by: ragostino <ragostino73@gmail.com>
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
 2021-02-03 10:28:51 +01:00
ragostino
ee94534906
debug message bugfix (#1108) 
you can not look for memory enlargement if you print debug message after updating the variables
 2021-02-03 09:31:17 +01:00
Luca Deri
50f4049b58 Improved wireguard dissection 2021-01-29 16:38:43 +01:00
Luca Deri
bb74b903d0 DCE/RPC improvement to avoid false positives 2021-01-29 16:23:18 +01:00
Luca Deri
aeeccee106 DGA name improvement 2021-01-27 11:43:35 +01:00
Luca Deri
aa5486f5f8 Added missing library 2021-01-22 09:31:37 +01:00
Luca Deri
288ccd6215 Fixes due to datatype rename 2021-01-22 09:17:34 +01:00
Luca Deri
a31bd5ac3c Cleaned up tls/quic datatypes 2021-01-21 19:17:33 +01:00
Luca Deri
15295ef4c5 Reworked TLS fingerprint calcolation 
Modified TLS memory free
 2021-01-21 19:06:05 +01:00
Toni
399755607d
Disable tests that require libgcrypt if --disable-gcrypt set. (#1121) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-01-21 08:59:06 +01:00
morefigs
53415c8855
Added missing comma (#1116) 
I presume there is a comma missing in this comma separated list.
 2021-01-21 08:58:42 +01:00
Luca Deri
3e5e9569ff Added simple hash implementation to the nDPI API 2021-01-20 21:30:19 +01:00
Luca Deri
d964c3e081 Code cleanup: third party uthash is at the right place 2021-01-20 19:11:36 +01:00
Luca
0809956e5f Rewored UPnP protocol that in essence was WSD hence it has been renamed 
Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
 2021-01-20 09:53:30 +01:00
Luca Deri
e9f43516ec Improves STUN dissection removing an invalid termination condition that prevented Skype calls to be properly identified 2021-01-13 16:46:51 +01:00
Luca Deri
68b6ac7da8 (C) Update 2021-01-07 11:13:36 +01:00
Luca Deri
367184628e Warning fix 2021-01-07 11:07:17 +01:00
Darryl Sokoloski
5f7b9d8024
Increase SNI hostname buffer length to 256. (#1111) 
According to RFC 4366, SNI host names can be up to 255 bytes.
Previous size of 64 resulted in failed application matches due to truncation.

For example:
 0976e041e65b1aece3e720df36ac6bd7.safeframe.googlesyndication.co|m

Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
 2021-01-07 10:58:48 +01:00
Ivan Nardi
ec2735694b
STUN: avoid false positives (#1110) 
STUN traffic doesn't use multicast addresses
 2021-01-07 10:58:22 +01:00
Ivan Nardi
1e2b57bed4
HTTP: fix compilation and a memory error when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1109) 2021-01-07 10:58:02 +01:00
Ivan Nardi
2080cc7365
QUIC: add suppport for DNS-over-QUIC (#1107) 
Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00

In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
 2021-01-07 10:56:39 +01:00
Ivan Nardi
00dabce65e
Quic fixes (#1106) 
* QUIC: fix heap-buffer-overflow

* TLS: fix parsing of QUIC Transport Parameters
 2021-01-07 10:55:55 +01:00
Ivan Nardi
b8a5358e80
QUIC: improve handling of SNI (#1105) 
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name

Close #1077

* QUIC: fix matching of custom categories

* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions

* QUIC: fix serialization

* QUIC: add DGA check for older GQUIC versions
 2021-01-07 10:55:23 +01:00
Luca Deri
eb37f8f1fb Split HTTP request from response Content-Type. Request Content-Type should be present with POSTs and not with other methods such as GET 2021-01-06 18:28:24 +01:00
Luca Deri
cd21f0d316 Added check for invalid HTTP content 2021-01-06 12:25:32 +01:00
Ivan Nardi
1b524f5538
QUIC: update to draft-33 (#1104) 
QUIC (final!?) constants for v1 are defined in draft-33
 2021-01-04 15:50:14 +01:00
Ivan Nardi
3aa16b63e8
Fix some warnings when compiling with "-W -Wall" flags (#1103) 2021-01-04 15:49:39 +01:00
Ivan Nardi
23b84cd3ee
Remove FB_ZERO protocol (#1102) 
FB_ZERO was an experimental protocol run by Facebook.
They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but
them so it is definitely dead.
See: https://engineering.fb.com/2018/08/06/security/fizz/
 2021-01-04 15:49:19 +01:00
Toni
53ee6db795
Added a new API function `ndpi_free_flow_data' which free's all members of ndpi_flow_struct but not the struct itself. (#1101) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-01-04 12:47:05 +01:00
Ivan Nardi
3bb12fde63
Fix memory leak introduced in b7376cc6 (#1100) 2021-01-04 12:46:30 +01:00
Luca Deri
4ddb5f4245 Added TLS test with long certificate 2021-01-04 11:31:25 +01:00
Luca Deri
a91e6179c5 Fixed missing symbol 2021-01-02 21:21:15 +01:00
Luca Deri
05d76525b0 Added HTTP suspicious content securirty risk (useful for tracking trickbot) 2021-01-02 21:11:42 +01:00
Luca Deri
32f0446c9c Updated ndpi_ptree_match_addr() prototype 2020-12-30 18:23:40 +01:00
Luca Deri
b7376cc690 Restored QUIC stats 2020-12-30 12:12:33 +01:00
Luca Deri
dc401f8a74 Split ptree user data in 32 and 64 bit entries 2020-12-30 12:12:33 +01:00
pengtian
ab037e2c82
Bugfix for host check (#1097) 
this bug is from commit `427002d14` `2020-05-06 00:31:40`
 2020-12-29 14:41:41 +01:00
Luca Deri
84132c6735 Added known protocol on unknown port for ntop 2020-12-28 16:11:39 +01:00
Luca Deri
7f944cc43b Initialization fix 2020-12-28 11:57:20 +01:00
Luca Deri
0fceb6576a Free flow fix 2020-12-28 09:32:06 +01:00
Luca Deri
9c1827a77b Fixed output when tLS (nad not QUIC) is used 2020-12-28 09:19:39 +01:00
Luca Deri
cf00ffed32 Removed test code 2020-12-26 18:13:10 +01:00
Luca Deri
e1be363037 Removed space from protocol name 2020-12-23 20:38:02 +00:00
Luca Deri
34fc9d5d50 Introduced fix on TLS for discarding traffic out of sequence that might invalidate dissection 2020-12-22 09:47:39 +01:00
Luca Deri
6462f4671c Fixed invalid TLS check for extra processing detection 2020-12-21 22:42:05 +01:00
Luca Deri
b231982286 Win fixes 2020-12-17 15:34:17 +01:00
Luca Deri
df1b3367a9 Type change to avoid Windows compilation issues 2020-12-17 12:58:12 +01:00
Luca Deri
2768da0637 Improved HTTP dissection 2020-12-16 14:45:29 +01:00