vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 07:29:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

338 commits

Author SHA1 Message Date
Luca Deri
b7376cc690 Restored QUIC stats 2020-12-30 12:12:33 +01:00
Luca Deri
9c1827a77b Fixed output when tLS (nad not QUIC) is used 2020-12-28 09:19:39 +01:00
Luca Deri
a89642ad04 Fixes bug introduced by https://github.com/ntop/nDPI/pull/1085 2020-12-12 12:32:44 +01:00
Zied Aouini
5bd5461f96
Fix minimum packet length condition (#1087) 2020-12-12 11:12:59 +01:00
Toni
74a77e7b3d
Added --ignore-vlanid / -I to exclude VLAN ids for flow hash calculation. #1073 (#1085) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-12-11 21:01:51 +01:00
Toni
af02ffb60f
Support raw IPv4 / IPv6 pcap packet processing. (#1053) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-11-09 16:18:05 +01:00
Luca Deri
017e395ed1 Cosmetic changes 2020-11-03 16:46:30 +01:00
Luca Deri
48d640583a Moved global in reader_util.c 2020-10-27 08:40:00 +01:00
Luca Deri
948a906037 Added -D flag for detecting DoH in the wild 
Removed heuristic from CiscoVPN as it leads to false positives
 2020-10-26 21:40:59 +01:00
Luca Deri
9873972acb Various improvemement when using ndpi_pref_enable_tls_block_dissection: 
application data TLS blocks are now ignored when exchanged before
- the end of certificate negotiation (up to TLS 1.2)
- change cipher
 2020-10-24 19:22:56 +02:00
Ivan Nardi
6027a7c799
Fix parsing of DLT_PPP datalink type (#1042) 2020-10-21 22:27:42 +02:00
Zied Aouini
43c1f6a3fd
CAPWAP tunnel decoding fix (#1038) 
* Fix CAPWAP processing.

* Update result.
 2020-10-21 15:07:20 +02:00
aouinizied
d5d2a7e3f3 Fix CAPWAP handling. 2020-10-13 19:13:07 +02:00
Luca
05d93790e4 Added ndpi_quick_16_byte_hash 
Warning fix
 2020-10-05 08:26:24 +02:00
Luca Deri
32e4922c5a Warning fix 2020-10-03 17:14:40 +02:00
Luca Deri
d81bc1add6 Reworked MDNS dissector that is not based on the DNS dissector 2020-09-17 23:24:02 +02:00
Nardi Ivan
a1014e8895 http: create a common function to parse User Agent field 
Prepare the code to handle UA information from flows other than HTTP
 2020-09-08 10:34:05 +02:00
Adrian Zgorzałek
8f74d5733d OpenBSD: Introduce pkt_timeval to deal with (bpf_)_timeval 
Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI
APIs expect `struct timeval`. These two structs, besides having
a different name, share the exact same set of fields.
 2020-08-09 14:30:12 +01:00
Luca Deri
a828ac0191 Tiny changes for TLS block lenght dissection 2020-07-29 22:36:27 +02:00
Luca Deri
802254327a wrapper cleanup 2020-07-13 10:53:25 +02:00
Toni Uhlig
96c193cf79
Fixed heap overflow caused by missing lengthcheck in 802.11 LLC header parsing. 
* triggered by fuzz traces from wireshark

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-11 13:10:03 +02:00
Toni Uhlig
20fed83e0f
Removed csv_fp as external symbol. Instead passing csv_fp through as argument. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-08 23:21:35 +02:00
Luca Deri
1c60c22893 Added ndpi_cluster_bins() for clustering bins and ancillary functions for bins manipulation 2020-07-07 15:10:51 +02:00
Luca Deri
db707e0829
Merge pull request #932 from IvanNardi/log 
Log
 2020-07-07 14:43:32 +02:00
Toni Uhlig
de25ba7d0b
Fixed heap overflow caused by missing lengthcheck in reader uutil. 
* triggered by fuzz traces from wireshark

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-06 23:30:40 +02:00
Nardi Ivan
b24f5c4c0a Fix memory leak about purged/expired flows 
Create an helper to avoid similar errors in the future
Fixes: 1a62f4c7
 2020-06-28 12:05:12 +02:00
Nardi Ivan
ece5d3e199 Fix (harmless) memory leaks when DPDK is enabled 2020-06-28 12:05:12 +02:00
Nardi Ivan
56d87186f7 Fix compilation with --enable-debug-messages flag 
NDPI_LOG* macros dereference ndpi_detection_module_struct object which is
private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use
them outside the library itself, i.e. in ndpiReader code
Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros
to a new very simple macro, private to ndpiReader program. If necessary,
such macro may be improved.

According to a comment in ndpi_define.h, each dissector must define its own
NDPI_CURRENT_PROTO macro before including ndpi_api.h file
 2020-06-26 12:04:02 +02:00
Luca Deri
1a62f4c799 Added ndpi_bin_XXX API 
Added packet lenght distribution bins
 2020-06-22 01:02:54 +02:00
Luca Deri
46d96e7f32 Added checks for DGA detection 2020-06-17 19:46:37 +02:00
Luca Deri
801c9481cb Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants) 2020-06-06 11:29:03 +02:00
Luca Deri
597d6e5d60
Merge pull request #913 from yskcg/fix_segment_fault_dev 
Fix segment fault dev
 2020-06-05 16:57:46 +02:00
ysk
52893d99f6 fix segment fault cause by the ssl.server_names when it may NULL 2020-06-03 10:44:35 +08:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Nardi Ivan
097127c31d Fix heap-overflow error in CAPWAP detunneling code 2020-04-24 10:42:52 +02:00
Nardi Ivan
f965983c23 Add basic support for some ip-in-ip tunnels 
Add support for 4in4, 6in6 and 4in6 encapsulations
Add support for ipv6 traffic in gtp tunnels, too

To allow gtp unit test, gtp detunneling flag has been globally enabled
in the test suite
 2020-04-23 10:55:33 +02:00
Luca Deri
019b51bb17
Merge pull request #879 from IvanNardi/warnings 
Fix some compilation warnings
 2020-04-21 19:23:57 +02:00
Philippe Antoine
1b73f7372e Gets right protocol after IPv6 header 2020-04-21 15:34:53 +02:00
Nardi Ivan
b1a6c6b895 Fix some compilation warnings 2020-04-20 16:53:39 +02:00
Luca Deri
25cd2a23a6 Compilation fixes 2020-04-20 15:08:51 +02:00
Philippe Antoine
c2b2692e65 Seeting right flow protocol after IP6 extensions 
Finally fixing https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20727
 2020-04-18 14:39:57 +02:00
Philippe Antoine
da0889d3ba Adds bound check before calling ndpi_handle_ipv6_extension_headers 2020-04-17 22:21:03 +02:00
Alexander Czyrny
32d25bfdaf additional csv semicolon fix 
Created function correct_csv_data_field to pevent duplicated code. Additionally used for _flow->ndpi_flow->protos.stun_ssl.ssl.alpn_ and _flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions_ to guarantee a valid csv output (commas replaced by semicolon) .
 2020-04-16 14:12:48 +02:00
Philippe Antoine
cf47ba234a Use ndpi_handle_ipv6_extension_headers in reader_util 2020-04-15 16:19:57 +02:00
Philippe Antoine
c1baf1516d Adds bound check for TZSP 2020-04-15 15:50:58 +02:00
Nardi Ivan
e84563f971 ndpiReader: fix memory leak in idle sessions purging 2020-04-08 15:15:34 +02:00
Philippe Antoine
e9195589d2 Checks enough data for UDP header 2020-03-19 16:44:53 +01:00
Luca Deri
34ad06fef5 Compilation fix 2020-02-28 16:03:27 +01:00