diff --git a/.gitignore b/.gitignore index 1323ab273c6..5f46fb3bc2f 100644 --- a/.gitignore +++ b/.gitignore @@ -89,6 +89,7 @@ /fuzz/fuzz_filecfg_malicious_sha1 /fuzz/fuzz_filecfg_malicious_ja3 /fuzz/fuzz_filecfg_risk_domains +/fuzz/fuzz_filecfg_config /fuzz/fuzz_readerutils_workflow /fuzz/fuzz_readerutils_parseprotolist /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip @@ -117,6 +118,7 @@ /fuzz/fuzz_filecfg_malicious_sha1_seed_corpus.zip /fuzz/fuzz_filecfg_malicious_ja3_seed_corpus.zip /fuzz/fuzz_filecfg_risk_domains_seed_corpus.zip +/fuzz/fuzz_filecfg_config_seed_corpus.zip /fuzz/fuzz_dga_seed_corpus.zip /fuzz/fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip /fuzz/fuzz_readerutils_workflow_seed_corpus.zip diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index b0c2c35e112..7c8e78ac270 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -6,12 +6,12 @@ TODO | Protocol | Parameter | Default value | Min value | Max value | Description | Notes | | ------ | ------ | ------ | ------ | ------ | ------ | ------ | | NULL | "packets_limit_per_flow" | 32 | 0 | 255 | The upper limit on the number of packets per flow that will be subject to DPI, after which classification will be considered complete (0 = no limit) | -| NULL | "flow.direction_detection.enable" | 1 | NULL | NULL | Enable/disable internal detection of packet direction (client to server or server to client) | -| NULL | "flow.track_payload.enable" | 0 | NULL | NULL | Enable/disable tracking/export of flow payload (i.e. L5/7 data) | -| NULL | "tcp_ack_payload_heuristic.enable" | 0 | NULL | NULL | In some networks, there are some anomalous TCP flows where the smallest ACK packets have some kind of zero padding. It looks like the IP and TCP headers in those frames wrongly consider the 0x00 Ethernet padding bytes as part of the TCP payload. While this kind of packets is perfectly valid per-se, in some conditions they might be treated by the TCP reassembler logic as (partial) overlaps, deceiving the classification engine. This parameter enable/disable an heuristic to detect these packets and to ignore them, allowing correct detection/classification. See #1946 for other details | -| NULL | "fully_encrypted_heuristic.enable" | 1 | NULL | NULL | Enable/disable an heuristic to detect fully encrypted sessions, i.e. flows where every bytes of the payload is encrypted in an attempt to “look like nothing”. This heuristic only analyzes the first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf | +| NULL | "flow.direction_detection" | enable | NULL | NULL | Enable/disable internal detection of packet direction (client to server or server to client) | +| NULL | "flow.track_payload" | disable | NULL | NULL | Enable/disable tracking/export of flow payload (i.e. L5/7 data): if enabled, the library exports the first 1024 bytes of payload for each flow | +| NULL | "tcp_ack_payload_heuristic" | disable | NULL | NULL | In some networks, there are some anomalous TCP flows where the smallest ACK packets have some kind of zero padding. It looks like the IP and TCP headers in those frames wrongly consider the 0x00 Ethernet padding bytes as part of the TCP payload. While this kind of packets is perfectly valid per-se, in some conditions they might be treated by the TCP reassembler logic as (partial) overlaps, deceiving the classification engine. This parameter enable/disable an heuristic to detect these packets and to ignore them, allowing correct detection/classification. See #1946 for other details | +| NULL | "fully_encrypted_heuristic" | enable | NULL | NULL | Enable/disable an heuristic to detect fully encrypted sessions, i.e. flows where every bytes of the payload is encrypted in an attempt to “look like nothing”. This heuristic only analyzes the first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf | | NULL | "libgcrypt.init" | 1 | NULL | NULL | Enable/disable initialization of libgcrypt. When using the external libgcrypt (instead of the internal crypto code) the libgcrypt runtime must be initialized. If, for whatever reasons, the application alread does it, nDPI must be told to skip it. Note that, by default, nDPI uses the crypto code and not libgcrypt: in that case this parameter is ignored | -| NULL | "guess_on_giveup" | 0x03 | 0x00 | 0x03 | Tell the library to guess flow classification, if any DPI algorithms/logics fail. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable guessing by port; 0x02 = enable guessing by ip | +| NULL | "dpi.guess_on_giveup" | 0x03 | 0x00 | 0x03 | Tell the library to guess flow classification, if any DPI algorithms/logics fail. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable guessing by port; 0x02 = enable guessing by ip | | NULL | "flow_risk_lists.load" | 1 | NULL | NULL | Enable/disable loading of every IP addresses lists used to check any flow risks | | NULL | "flow_risk.anonymous_subscriber.list.icloudprivaterelay.load" | 1 | NULL | NULL | Enable/disable loading of internal iCouldPrivateRealy IP address list used to check `NDPI_ANONYMOUS_SUBSCRIBER` flow risk | | NULL | "flow_risk.anonymous_subscriber.list.protonvpn.load" | 1 | NULL | NULL | Enable/disable loading of internal IP address list of ProtonVPN exit nodes used to check `NDPI_ANONYMOUS_SUBSCRIBER` flow risk | @@ -21,16 +21,16 @@ TODO | NULL | "lru.$CACHE_NAME.size" | See description | 0 | 16777215 | Set the size (in number of elements) of the specified LRU cache (0 = the cache is disabled). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "32768" for the bittorrent cache, "512" for the zoom cache and "1024" for all the other caches | | NULL | "lru.$CACHE_NAME.ttl" | See description | 0 | 16777215 | Set the TTL (in seconds) for the elements of the specified LRU cache (0 = the elements never explicitly expire). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "120" for the ookla cache, "60" for the msteams and stun_zoom caches and "0" for all the other caches | | "tls" | "certificate_expiration_threshold" | 30 | 0 | 365 | The threshold (in days) used to trigger the `NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE` flow risk | -| "tls" | "application_blocks_tracking.enable" | 0 | NULL | NULL | Enable/disable processing of TLS Application Blocks (post handshake) to extract statistical information about the flow | -| "tls" | "metadata.sha1_fingerprint.enable" | 1 | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | -| "smtp" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext SMTP flows (because of opportunistic TLS, via STARTTLS msg) | -| "imap" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext IMAP flows (because of opportunistic TLS, via STARTTLS msg) | -| "pop" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext POP flows (because of opportunistic TLS, via STARTTLS msg) | -| "ftp" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets in cleartext FTP flows (because of opportunistic TLS, via AUTH TLS msg) | -| "stun" | "tls_dissection.enable" | 1 | NULL | NULL | Enable/disable dissection of TLS packets multiplexed into STUN flows | -| "dns" | "subclassification.enable" | 1 | NULL | NULL | Enable/disable sub-classification of DNS flows (via query/response domain name). If disabled, some flow risks are not checked | -| "dns" | "process_response.enable" | 1 | NULL | NULL | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported | -| "http" | "process_response.enable" | 1 | NULL | NULL | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported | -| "ookla" | "aggressiveness", | 0x01 | 0x00 | 0x01 | Detection aggressiveness for Ookla. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable heuristic for detection over TLS (via Ookla LRU cache) | -| $PROTO_NAME | "log.enable" | 0 | NULL | NULL | Enable/disable logging/debug for specific protocol. Use "any" as protocol name if you want to easily enable/disable logging/debug for all protocols | +| "tls" | "application_blocks_tracking" | disable | NULL | NULL | Enable/disable processing of TLS Application Blocks (post handshake) to extract statistical information about the flow | +| "tls" | "metadata.sha1_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | +| "smtp" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext SMTP flows (because of opportunistic TLS, via STARTTLS msg) | +| "imap" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext IMAP flows (because of opportunistic TLS, via STARTTLS msg) | +| "pop" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext POP flows (because of opportunistic TLS, via STARTTLS msg) | +| "ftp" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext FTP flows (because of opportunistic TLS, via AUTH TLS msg) | +| "stun" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets multiplexed into STUN flows | +| "dns" | "subclassification" | enable | NULL | NULL | Enable/disable sub-classification of DNS flows (via query/response domain name). If disabled, some flow risks are not checked | +| "dns" | "process_response" | enable | NULL | NULL | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported | +| "http" | "process_response" | enable | NULL | NULL | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported | +| "ookla" | "dpi.aggressiveness", | 0x01 | 0x00 | 0x01 | Detection aggressiveness for Ookla. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable heuristic for detection over TLS (via Ookla LRU cache) | +| $PROTO_NAME | "log" | disable | NULL | NULL | Enable/disable logging/debug for specific protocol. Use "any" as protocol name if you want to easily enable/disable logging/debug for all protocols | | $PROTO_NAME | "ip_list.load" | 1 | NULL | NULL | Enable/disable loading of internal list of IP addresses (used for (sub)classification) specific to that protocol. Use "any" as protocol name if you want to easily enable/disable all lists. This knob is valid only for the following protocols: Alibaba, Amazon AWS, Apple, Avast, Bloomberg, Cachefly, Cloudflare, Discord, Disney+, Dropbox, Edgecast, EpicGames, Ethereum, Facebook, Github, Google, Google Cloud, GoTo, Hotspot Shield, Hulu, Line, Microsoft 365, Microsoft Azure, Microsoft One Drive, Microsoft Outlook, Mullvad, Netflix, Nvidia, OpenDNS, ProtonVPN, RiotGames, Roblox, Skype/Teams, Starcraft, Steam, Teamviewer, Telegram, Tencent, Threema, TOR, Twitch, Twitter, UbuntuONE, VK, Yandex, Yandex Cloud, Webex, Whatsapp, Zoom | diff --git a/example/config.txt b/example/config.txt index 95b66b1b6c2..bf48e22b830 100644 --- a/example/config.txt +++ b/example/config.txt @@ -5,8 +5,8 @@ #See doc/configuration_parameters.md for a complete list and description of all the accepted knobs packets_limit_per_flow,32 -ookla,aggressiveness,0x1 -tls,metadata.sha1_fingerprint.enable,1 +ookla,dpi.aggressiveness,0x1 +tls,metadata.sha1_fingerprint,1 lru.bittorrent.ttl,0 diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 7aa0d2ae6ed..ecb2a7477a0 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -384,7 +384,7 @@ static void ndpiCheckIPMatch(char *testChar) { for(i = 0; i < num_cfgs; i++) { rc = ndpi_set_config(ndpi_str, cfgs[i].proto, cfgs[i].param, cfgs[i].value); - if (rc < NDPI_CFG_OK) + if (rc != NDPI_CFG_OK) fprintf(stderr, "Error setting config [%s][%s][%s]: %d\n", cfgs[i].proto, cfgs[i].param, cfgs[i].value, rc); } @@ -557,7 +557,7 @@ static void help(u_int long_help) { " | 0 - List known protocols\n" " | 1 - List known categories\n" " | 2 - List known risks\n" - " -d | Disable protocol guess (by ip and by port) and use only DPI. It is a shortcut to --cfg=,NULL,guess_on_giveup,0\n" + " -d | Disable protocol guess (by ip and by port) and use only DPI. It is a shortcut to --cfg=dpi.guess_on_giveup,0\n" " -e | Min human readeable string match len. Default %u\n" " -q | Quiet mode\n" " -F | Enable flow stats\n" @@ -1021,7 +1021,7 @@ static void parseOptions(int argc, char **argv) { case 'd': enable_protocol_guess = 0; - if(reader_add_cfg(NULL, "guess_on_giveup", "0", 1) == 1) { + if(reader_add_cfg(NULL, "dpi.guess_on_giveup", "0", 1) == 1) { printf("Invalid parameter [%s] [num:%d/%d]\n", optarg, num_cfgs, MAX_NUM_CFGS); exit(1); } @@ -1134,7 +1134,7 @@ static void parseOptions(int argc, char **argv) { } if(log_level > NDPI_LOG_DEBUG_EXTRA) { log_level = NDPI_LOG_DEBUG_EXTRA; - if(reader_add_cfg("all", "log.enable", "1", 1) == 1) { + if(reader_add_cfg("all", "log", "enable", 1) == 1) { printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS); exit(1); } @@ -1155,7 +1155,7 @@ static void parseOptions(int argc, char **argv) { int inverted_logic; /* Reset any previous call to this knob */ - if(reader_add_cfg("all", "log.enable", "0", 1) == 1) { + if(reader_add_cfg("all", "log", "disable", 1) == 1) { printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS); exit(1); } @@ -1166,7 +1166,7 @@ static void parseOptions(int argc, char **argv) { inverted_logic = 1; n++; } - if(reader_add_cfg(n, "log.enable", inverted_logic ? "0" : "1", 1) == 1) { + if(reader_add_cfg(n, "log", inverted_logic ? "disable" : "enable", 1) == 1) { printf("Invalid parameter [%s] [num:%d/%d]\n", n, num_cfgs, MAX_NUM_CFGS); exit(1); } @@ -2829,7 +2829,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _protoFilePath); - ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic.enable", "1"); + ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic", "enable"); for(i = 0; i < num_cfgs; i++) { rc = ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, @@ -2840,7 +2840,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { } if(enable_doh_dot_detection) - ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "tls", "application_blocks_tracking.enable", "1"); + ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "tls", "application_blocks_tracking", "enable"); ret = ndpi_finalize_initialization(ndpi_thread_info[thread_id].workflow->ndpi_struct); if(ret != 0) { diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 0e14eb69e21..8353cae4988 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -8,7 +8,7 @@ bin_PROGRAMS += fuzz_libinjection fuzz_binaryfusefilter #Internal crypto bin_PROGRAMS += fuzz_gcrypt_light fuzz_gcrypt_aes fuzz_gcrypt_gcm fuzz_gcrypt_cipher #Configuration files -bin_PROGRAMS += fuzz_filecfg_protocols fuzz_filecfg_categories fuzz_filecfg_malicious_sha1 fuzz_filecfg_malicious_ja3 fuzz_filecfg_risk_domains +bin_PROGRAMS += fuzz_filecfg_protocols fuzz_filecfg_categories fuzz_filecfg_malicious_sha1 fuzz_filecfg_malicious_ja3 fuzz_filecfg_risk_domains fuzz_filecfg_config #Reader utils bin_PROGRAMS += fuzz_readerutils_workflow fuzz_readerutils_parseprotolist @@ -563,6 +563,19 @@ fuzz_filecfg_risk_domains_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_filecfg_risk_domains_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_filecfg_config_SOURCES = fuzz_filecfg_config.c fuzz_common_code.c +fuzz_filecfg_config_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_filecfg_config_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_filecfg_config_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_filecfg_config_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_filecfg_config_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_filecfg_config_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_filecfg_config_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_readerutils_workflow_SOURCES = fuzz_readerutils_workflow.cpp fuzz_common_code.c ../example/reader_util.c fuzz_readerutils_workflow_CXXFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DDISABLE_CUSTOM_ALLOCATOR_ON_READERUTILS fuzz_readerutils_workflow_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DDISABLE_CUSTOM_ALLOCATOR_ON_READERUTILS @@ -695,6 +708,10 @@ files_corpus_fuzz_filecfg_risk_domains := $(wildcard corpus/fuzz_filecfg_risk_d fuzz_filecfg_risk_domains_seed_corpus.zip: $(files_corpus_fuzz_filecfg_risk_domains) zip -j fuzz_filecfg_risk_domains_seed_corpus.zip $(files_corpus_fuzz_filecfg_risk_domains) +files_corpus_fuzz_filecfg_config := $(wildcard corpus/fuzz_filecfg_config/*) +fuzz_filecfg_config_seed_corpus.zip: $(files_corpus_fuzz_filecfg_config) + zip -j fuzz_filecfg_config_seed_corpus.zip $(files_corpus_fuzz_filecfg_config) + files_corpus_fuzz_readerutils_workflow := $(wildcard corpus/fuzz_readerutils_workflow/*) fuzz_readerutils_workflow_seed_corpus.zip: $(files_corpus_fuzz_readerutils_workflow) zip -j fuzz_readerutils_workflow_seed_corpus.zip $(files_corpus_fuzz_readerutils_workflow) @@ -711,7 +728,7 @@ files_corpus_fuzz_ds_domain_classify := $(wildcard corpus/fuzz_ds_domain_classi fuzz_ds_domain_classify_seed_corpus.zip: $(files_corpus_fuzz_ds_domain_classify) zip -j fuzz_ds_domain_classify_seed_corpus.zip $(files_corpus_fuzz_ds_domain_classify) -corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_readerutils_workflow_seed_corpus.zip fuzz_readerutils_parseprotolist_seed_corpus.zip fuzz_ds_bitmap64_seed_corpus.zip fuzz_ds_domain_classify_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_is_stun_udp_seed_corpus.zip fuzz_is_stun_tcp_seed_corpus.zip fuzz_filecfg_malicious_sha1_seed_corpus.zip fuzz_filecfg_malicious_ja3_seed_corpus.zip fuzz_filecfg_risk_domains_seed_corpus.zip +corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_readerutils_workflow_seed_corpus.zip fuzz_readerutils_parseprotolist_seed_corpus.zip fuzz_ds_bitmap64_seed_corpus.zip fuzz_ds_domain_classify_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_filecfg_config_seed_corpus.zip fuzz_is_stun_udp_seed_corpus.zip fuzz_is_stun_tcp_seed_corpus.zip fuzz_filecfg_malicious_sha1_seed_corpus.zip fuzz_filecfg_malicious_ja3_seed_corpus.zip fuzz_filecfg_risk_domains_seed_corpus.zip cp corpus/fuzz_*seed_corpus.zip . #Create dictionaries exactly as expected by oss-fuzz. @@ -744,6 +761,7 @@ distdir: -o -path './corpus/fuzz_filecfg_malicious_sha1/*' \ -o -path './corpus/fuzz_filecfg_malicious_ja3/*' \ -o -path './corpus/fuzz_filecfg_risk_domains/*' \ + -o -path './corpus/fuzz_filecfg_config/*' \ -o -path './corpus/fuzz_readerutils_workflow/*' \ -o -path './corpus/fuzz_readerutils_parseprotolist/*' \ -o -path './corpus/fuzz_is_stun_udp/*' \ diff --git a/fuzz/corpus/fuzz_filecfg_config/dns_process_response.txt b/fuzz/corpus/fuzz_filecfg_config/dns_process_response.txt new file mode 100644 index 00000000000..22666fe427e --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/dns_process_response.txt @@ -0,0 +1 @@ +dns,process_response,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/dns_subclassification.txt b/fuzz/corpus/fuzz_filecfg_config/dns_subclassification.txt new file mode 100644 index 00000000000..7a8493fc6f4 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/dns_subclassification.txt @@ -0,0 +1 @@ +dns,subclassification,0 diff --git a/fuzz/corpus/fuzz_filecfg_config/dpi.guess_on_giveup.txt b/fuzz/corpus/fuzz_filecfg_config/dpi.guess_on_giveup.txt new file mode 100644 index 00000000000..f8bcda7d2aa --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/dpi.guess_on_giveup.txt @@ -0,0 +1 @@ +dpi.guess_on_giveup,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/filename.config.txt b/fuzz/corpus/fuzz_filecfg_config/filename.config.txt new file mode 100644 index 00000000000..c89d635da9c --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/filename.config.txt @@ -0,0 +1 @@ +filename.config,foo/bar diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_0.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_0.txt new file mode 100644 index 00000000000..8a13b9a0c70 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_0.txt @@ -0,0 +1 @@ +flow.direction_detection,0 diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_1.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_1.txt new file mode 100644 index 00000000000..5f71d8432c0 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_1.txt @@ -0,0 +1 @@ +flow.direction_detection,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_disable.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_disable.txt new file mode 100644 index 00000000000..294f85cbcdb --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_disable.txt @@ -0,0 +1 @@ +flow.direction_detection,disable diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_enable.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_enable.txt new file mode 100644 index 00000000000..5f92bc8fb18 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_enable.txt @@ -0,0 +1 @@ +flow.direction_detection,enable diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_invalid.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_invalid.txt new file mode 100644 index 00000000000..ff685d537e5 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_invalid.txt @@ -0,0 +1 @@ +flow.direction_detection,invalid_value diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_off.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_off.txt new file mode 100644 index 00000000000..971281ce6be --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_off.txt @@ -0,0 +1 @@ +flow.direction_detection,off diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_on.txt b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_on.txt new file mode 100644 index 00000000000..52e6b1c887f --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.direction_detection_on.txt @@ -0,0 +1 @@ +flow.direction_detection,on diff --git a/fuzz/corpus/fuzz_filecfg_config/flow.track_payload.txt b/fuzz/corpus/fuzz_filecfg_config/flow.track_payload.txt new file mode 100644 index 00000000000..4b52c23534d --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow.track_payload.txt @@ -0,0 +1 @@ +flow.track_payload,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.icloud.load.txt b/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.icloud.load.txt new file mode 100644 index 00000000000..8e4a19d159e --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.icloud.load.txt @@ -0,0 +1 @@ +flow_risk.anonymous_subscriber.list.icloudprivaterelay.load,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.protonvpn.load.txt b/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.protonvpn.load.txt new file mode 100644 index 00000000000..fa376f25d9b --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.protonvpn.load.txt @@ -0,0 +1 @@ +flow_risk.anonymous_subscriber.list.protonvpn.load,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/flow_risk.crawler_bot.list.load.txt b/fuzz/corpus/fuzz_filecfg_config/flow_risk.crawler_bot.list.load.txt new file mode 100644 index 00000000000..5add4f137c2 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow_risk.crawler_bot.list.load.txt @@ -0,0 +1 @@ +flow_risk.crawler_bot.list.load,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/flow_risk_lists.load.txt b/fuzz/corpus/fuzz_filecfg_config/flow_risk_lists.load.txt new file mode 100644 index 00000000000..9e837e70ee2 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/flow_risk_lists.load.txt @@ -0,0 +1 @@ +flow_risk_lists.load,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/ftp_tls_dissection.txt b/fuzz/corpus/fuzz_filecfg_config/ftp_tls_dissection.txt new file mode 100644 index 00000000000..9fa38e371c7 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/ftp_tls_dissection.txt @@ -0,0 +1 @@ +ftp,tls_dissection,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/fully_encrypted_heuristic.txt b/fuzz/corpus/fuzz_filecfg_config/fully_encrypted_heuristic.txt new file mode 100644 index 00000000000..825aeb51452 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/fully_encrypted_heuristic.txt @@ -0,0 +1 @@ +fully_encrypted_heuristic,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/http_process_response.txt b/fuzz/corpus/fuzz_filecfg_config/http_process_response.txt new file mode 100644 index 00000000000..f6d9f73bd0d --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/http_process_response.txt @@ -0,0 +1 @@ +http,process_response,off diff --git a/fuzz/corpus/fuzz_filecfg_config/imap_tls_dissection.txt b/fuzz/corpus/fuzz_filecfg_config/imap_tls_dissection.txt new file mode 100644 index 00000000000..bec9d370a12 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/imap_tls_dissection.txt @@ -0,0 +1 @@ +imap,tls_dissection,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/libgcrypt.init.txt b/fuzz/corpus/fuzz_filecfg_config/libgcrypt.init.txt new file mode 100644 index 00000000000..2d93edeaaad --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/libgcrypt.init.txt @@ -0,0 +1 @@ +libgcrypt.init,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/log.level.txt b/fuzz/corpus/fuzz_filecfg_config/log.level.txt new file mode 100644 index 00000000000..0aa899ea5a6 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/log.level.txt @@ -0,0 +1 @@ +log.level,2 diff --git a/fuzz/corpus/fuzz_filecfg_config/lru.invalid_name.size.txt b/fuzz/corpus/fuzz_filecfg_config/lru.invalid_name.size.txt new file mode 100644 index 00000000000..44f773a160b --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/lru.invalid_name.size.txt @@ -0,0 +1 @@ +lru.invalid_name.size,10 diff --git a/fuzz/corpus/fuzz_filecfg_config/lru.invalid_name.ttl.txt b/fuzz/corpus/fuzz_filecfg_config/lru.invalid_name.ttl.txt new file mode 100644 index 00000000000..897d720e05b --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/lru.invalid_name.ttl.txt @@ -0,0 +1 @@ +lru.invalid_name.ttl,10 diff --git a/fuzz/corpus/fuzz_filecfg_config/lru.ookla.size.txt b/fuzz/corpus/fuzz_filecfg_config/lru.ookla.size.txt new file mode 100644 index 00000000000..7e702947152 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/lru.ookla.size.txt @@ -0,0 +1 @@ +lru.ookla.size,10 diff --git a/fuzz/corpus/fuzz_filecfg_config/lru.ookla.ttl.txt b/fuzz/corpus/fuzz_filecfg_config/lru.ookla.ttl.txt new file mode 100644 index 00000000000..c3d0272f65f --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/lru.ookla.ttl.txt @@ -0,0 +1 @@ +lru.ookla.ttl,10 diff --git a/fuzz/corpus/fuzz_filecfg_config/ookla_dpi.aggressiveness.txt b/fuzz/corpus/fuzz_filecfg_config/ookla_dpi.aggressiveness.txt new file mode 100644 index 00000000000..b02dbf858e6 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/ookla_dpi.aggressiveness.txt @@ -0,0 +1 @@ +ookla,dpi.aggressiveness,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/packets_limit_per_flow.txt b/fuzz/corpus/fuzz_filecfg_config/packets_limit_per_flow.txt new file mode 100644 index 00000000000..a0583edc6a1 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/packets_limit_per_flow.txt @@ -0,0 +1 @@ +packets_limit_per_flow,32 diff --git a/fuzz/corpus/fuzz_filecfg_config/pop_tls_dissection.txt b/fuzz/corpus/fuzz_filecfg_config/pop_tls_dissection.txt new file mode 100644 index 00000000000..6361dfec79c --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/pop_tls_dissection.txt @@ -0,0 +1 @@ +pop,tls_dissection,disable diff --git a/fuzz/corpus/fuzz_filecfg_config/quic_log.txt b/fuzz/corpus/fuzz_filecfg_config/quic_log.txt new file mode 100644 index 00000000000..6d084375476 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/quic_log.txt @@ -0,0 +1 @@ +quic,log,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/smtp_tls_dissection.txt b/fuzz/corpus/fuzz_filecfg_config/smtp_tls_dissection.txt new file mode 100644 index 00000000000..d1b97eaaf35 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/smtp_tls_dissection.txt @@ -0,0 +1 @@ +smtp,tls_dissection,0 diff --git a/fuzz/corpus/fuzz_filecfg_config/stun_tls_dissection.txt b/fuzz/corpus/fuzz_filecfg_config/stun_tls_dissection.txt new file mode 100644 index 00000000000..afb614f3102 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/stun_tls_dissection.txt @@ -0,0 +1 @@ +stun,tls_dissection,on diff --git a/fuzz/corpus/fuzz_filecfg_config/tcp_ack_payload_heuristic.txt b/fuzz/corpus/fuzz_filecfg_config/tcp_ack_payload_heuristic.txt new file mode 100644 index 00000000000..5c30535740d --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/tcp_ack_payload_heuristic.txt @@ -0,0 +1 @@ +tcp_ack_payload_heuristic,1 diff --git a/fuzz/corpus/fuzz_filecfg_config/tls_application_blocks_tracking.txt b/fuzz/corpus/fuzz_filecfg_config/tls_application_blocks_tracking.txt new file mode 100644 index 00000000000..bc96222ba4e --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/tls_application_blocks_tracking.txt @@ -0,0 +1 @@ +tls,application_blocks_tracking,disable diff --git a/fuzz/corpus/fuzz_filecfg_config/tls_certificate_expiration_threshold.txt b/fuzz/corpus/fuzz_filecfg_config/tls_certificate_expiration_threshold.txt new file mode 100644 index 00000000000..9451a476f02 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/tls_certificate_expiration_threshold.txt @@ -0,0 +1 @@ +tls,certificate_expiration_threshold,10 diff --git a/fuzz/corpus/fuzz_filecfg_config/tls_metadata.sha1_fingerprint.txt b/fuzz/corpus/fuzz_filecfg_config/tls_metadata.sha1_fingerprint.txt new file mode 100644 index 00000000000..063a1d63635 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/tls_metadata.sha1_fingerprint.txt @@ -0,0 +1 @@ +tls,metadata.sha1_fingerprint,enable diff --git a/fuzz/corpus/fuzz_filecfg_config/twitter_ip_list.load.txt b/fuzz/corpus/fuzz_filecfg_config/twitter_ip_list.load.txt new file mode 100644 index 00000000000..be544336e28 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_config/twitter_ip_list.load.txt @@ -0,0 +1 @@ +twitter,ip_list.load,1 diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c index 7bda091d519..4dbcf301852 100644 --- a/fuzz/fuzz_common_code.c +++ b/fuzz/fuzz_common_code.c @@ -42,7 +42,7 @@ void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_ *ndpi_info_mod = ndpi_init_detection_module(); ndpi_set_config(*ndpi_info_mod, NULL, "log.level", "3"); - ndpi_set_config(*ndpi_info_mod, "all", "log.enable", "1"); + ndpi_set_config(*ndpi_info_mod, "all", "log", "enable"); ndpi_load_categories_dir(*ndpi_info_mod, "./lists/"); ndpi_load_protocols_file(*ndpi_info_mod, "protos.txt"); diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 5c79ede4cda..b85f3752fb0 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -13,15 +13,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct ndpi_detection_module_struct *ndpi_info_mod; struct ndpi_flow_struct flow; u_int8_t protocol_was_guessed; - u_int32_t i; + u_int32_t i, ret; u_int16_t bool_value; NDPI_PROTOCOL_BITMASK enabled_bitmask; struct ndpi_lru_cache_stats lru_stats; struct ndpi_patricia_tree_stats patricia_stats; struct ndpi_automa_stats automa_stats; - int cat; + int cat, idx; u_int16_t pid; char *protoname; + const char *name; char catname[] = "name"; struct ndpi_flow_input_info input_info; ndpi_proto p, p2; @@ -30,6 +31,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int value; char cfg_value[32]; char cfg_proto[32]; + char cfg_param[32]; /* Just to be sure to have some data */ @@ -77,6 +79,15 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* TODO: stub for geo stuff */ ndpi_load_geoip(ndpi_info_mod, NULL, NULL); + /* To trigger NDPI_CFG_CONTEXT_ALREADY_INITIALIZED */ + if(fuzzed_data.ConsumeBool()) { + ret = ndpi_finalize_initialization(ndpi_info_mod); + if(ret != 0) { + ndpi_exit_detection_module(ndpi_info_mod); + ndpi_info_mod = NULL; + } + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 365 + 1); sprintf(cfg_value, "%d", value); @@ -85,62 +96,62 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "tls", "application_blocks_tracking.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "tls", "application_blocks_tracking", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "tls", "metadata.sha1_fingerprint.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "tls", "metadata.sha1_fingerprint", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "smtp", "tls_dissection.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "smtp", "tls_dissection", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "imap", "tls_dissection.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "imap", "tls_dissection", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "pop", "tls_dissection.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "pop", "tls_dissection", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "ftp", "tls_dissection.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "ftp", "tls_dissection", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "stun", "tls_dissection.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "stun", "tls_dissection", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "dns", "subclassification.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "dns", "subclassification", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "dns", "process_response.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "dns", "process_response", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "http", "process_response.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "http", "process_response", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 0x01 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "ookla", "aggressiveness", cfg_value); + ndpi_set_config(ndpi_info_mod, "ookla", "dpi.aggressiveness", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, "any", "log.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, "any", "log", cfg_value); } for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { if(fuzzed_data.ConsumeBool()) { @@ -148,7 +159,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { sprintf(cfg_value, "%d", value); sprintf(cfg_proto, "%d", i); /* TODO: we should try to map integer into name */ - ndpi_set_config(ndpi_info_mod, cfg_proto, "log.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, cfg_proto, "log", cfg_value); } } if(fuzzed_data.ConsumeBool()) { @@ -172,22 +183,22 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, NULL, "flow.direction_detection.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, NULL, "flow.direction_detection", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, NULL, "flow.track_payload.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, NULL, "flow.track_payload", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, NULL, "tcp_ack_payload_heuristic.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, NULL, "tcp_ack_payload_heuristic", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, NULL, "fully_encrypted_heuristic.enable", cfg_value); + ndpi_set_config(ndpi_info_mod, NULL, "fully_encrypted_heuristic", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); @@ -197,7 +208,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 0x03 + 1); sprintf(cfg_value, "%d", value); - ndpi_set_config(ndpi_info_mod, NULL, "guess_on_giveup", cfg_value); + ndpi_set_config(ndpi_info_mod, NULL, "dpi.guess_on_giveup", cfg_value); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); @@ -304,6 +315,30 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.stun_zoom.ttl", cfg_value); } + /* Configure one cache via index */ + if(fuzzed_data.ConsumeBool()) { + idx = fuzzed_data.ConsumeIntegralInRange(0, static_cast(NDPI_LRUCACHE_MAX)); + name = ndpi_lru_cache_idx_to_name(static_cast(idx)); + if(name) { + value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ + sprintf(cfg_param, "lru.%s.size", name); + ndpi_set_config(ndpi_info_mod, NULL, cfg_param, cfg_value); + value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 + 1); + sprintf(cfg_param, "lru.%s.ttl", name); + ndpi_set_config(ndpi_info_mod, NULL, cfg_param, cfg_value); + } + } + /* Invalid parameter */ + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "foo", cfg_value); + } + /* Invalid value */ + if(fuzzed_data.ConsumeBool()) { + sprintf(cfg_value, "%s", "jjj"); + ndpi_set_config(ndpi_info_mod, NULL, "lru.stun_zoom.ttl", cfg_value); + } ndpi_finalize_initialization(ndpi_info_mod); @@ -344,6 +379,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_dump_protocols(ndpi_info_mod, stdout); ndpi_generate_options(fuzzed_data.ConsumeIntegralInRange(0, 4), stdout); ndpi_dump_risks_score(stdout); + ndpi_dump_config(ndpi_info_mod, stdout); /* Basic code to try testing this "config" */ bool_value = fuzzed_data.ConsumeBool(); diff --git a/fuzz/fuzz_filecfg_categories.c b/fuzz/fuzz_filecfg_categories.c index dd782ff67d6..53c49a65d52 100644 --- a/fuzz/fuzz_filecfg_categories.c +++ b/fuzz/fuzz_filecfg_categories.c @@ -15,7 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); ndpi_set_config(ndpi_struct, NULL, "log.level", "3"); - ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); + ndpi_set_config(ndpi_struct, "all", "log", "1"); fd = buffer_to_file(data, size); load_categories_file_fd(ndpi_struct, fd, NULL); diff --git a/fuzz/fuzz_filecfg_config.c b/fuzz/fuzz_filecfg_config.c new file mode 100644 index 00000000000..6a096d75eb2 --- /dev/null +++ b/fuzz/fuzz_filecfg_config.c @@ -0,0 +1,27 @@ +#include "ndpi_api.h" +#include "ndpi_private.h" +#include "fuzz_common_code.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + struct ndpi_detection_module_struct *ndpi_struct; + FILE *fd; + NDPI_PROTOCOL_BITMASK all; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + ndpi_struct = ndpi_init_detection_module(); + NDPI_BITMASK_SET_ALL(all); + ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); + + ndpi_set_config(ndpi_struct, NULL, "log.level", "3"); + ndpi_set_config(ndpi_struct, "all", "log", "1"); + + fd = buffer_to_file(data, size); + load_config_file_fd(ndpi_struct, fd); + if(fd) + fclose(fd); + + ndpi_exit_detection_module(ndpi_struct); + return 0; +} diff --git a/fuzz/fuzz_filecfg_malicious_ja3.c b/fuzz/fuzz_filecfg_malicious_ja3.c index 22cc95e5917..9c32fc227f0 100644 --- a/fuzz/fuzz_filecfg_malicious_ja3.c +++ b/fuzz/fuzz_filecfg_malicious_ja3.c @@ -15,7 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); ndpi_set_config(ndpi_struct, NULL, "log.level", "3"); - ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); + ndpi_set_config(ndpi_struct, "all", "log", "1"); fd = buffer_to_file(data, size); load_malicious_ja3_file_fd(ndpi_struct, fd); diff --git a/fuzz/fuzz_filecfg_malicious_sha1.c b/fuzz/fuzz_filecfg_malicious_sha1.c index 649920533c7..ef056f9c8c0 100644 --- a/fuzz/fuzz_filecfg_malicious_sha1.c +++ b/fuzz/fuzz_filecfg_malicious_sha1.c @@ -15,7 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); ndpi_set_config(ndpi_struct, NULL, "log.level", "3"); - ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); + ndpi_set_config(ndpi_struct, "all", "log", "1"); fd = buffer_to_file(data, size); load_malicious_sha1_file_fd(ndpi_struct, fd); diff --git a/fuzz/fuzz_filecfg_protocols.c b/fuzz/fuzz_filecfg_protocols.c index deef4b91e5f..9a5bba43c56 100644 --- a/fuzz/fuzz_filecfg_protocols.c +++ b/fuzz/fuzz_filecfg_protocols.c @@ -15,7 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); ndpi_set_config(ndpi_struct, NULL, "log.level", "3"); - ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); + ndpi_set_config(ndpi_struct, "all", "log", "1"); fd = buffer_to_file(data, size); load_protocols_file_fd(ndpi_struct, fd); diff --git a/fuzz/fuzz_filecfg_risk_domains.c b/fuzz/fuzz_filecfg_risk_domains.c index c3521b435f8..4e482c78338 100644 --- a/fuzz/fuzz_filecfg_risk_domains.c +++ b/fuzz/fuzz_filecfg_risk_domains.c @@ -15,7 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); ndpi_set_config(ndpi_struct, NULL, "log.level", "3"); - ndpi_set_config(ndpi_struct, "all", "log.enable", "1"); + ndpi_set_config(ndpi_struct, "all", "log", "1"); fd = buffer_to_file(data, size); load_risk_domain_file_fd(ndpi_struct, fd); diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index 2c524a8acbf..76da3c5ff64 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -55,7 +55,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { workflow = ndpi_workflow_init(prefs, NULL /* pcap handler will be set later */, 0, ndpi_serialization_format_json); ndpi_set_config(workflow->ndpi_struct, NULL, "log.level", "3"); - ndpi_set_config(workflow->ndpi_struct, "all", "log.enable", "1"); + ndpi_set_config(workflow->ndpi_struct, "all", "log", "1"); ndpi_load_protocols_file(workflow->ndpi_struct, "protos.txt"); ndpi_load_categories_file(workflow->ndpi_struct, "categories.txt", NULL); @@ -67,9 +67,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(workflow->ndpi_struct, &all); - ndpi_set_config(workflow->ndpi_struct, NULL, "flow.track_payload.enable", "1"); - ndpi_set_config(workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic.enable", "1"); - ndpi_set_config(workflow->ndpi_struct, "tls", "application_blocks_tracking.enable", "1"); + ndpi_set_config(workflow->ndpi_struct, NULL, "flow.track_payload", "1"); + ndpi_set_config(workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic", "1"); + ndpi_set_config(workflow->ndpi_struct, "tls", "application_blocks_tracking", "1"); memset(workflow->stats.protocol_counter, 0, sizeof(workflow->stats.protocol_counter)); diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ce94df0d5ec..27386966e37 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -2236,6 +2236,9 @@ extern "C" { /* ******************************* */ + const char *ndpi_lru_cache_idx_to_name(lru_cache_type idx); + + #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 21fb11c38d7..cfe799ab10a 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -315,8 +315,6 @@ struct ndpi_detection_module_struct { /* NDPI_PROTOCOL_ZOOM */ struct ndpi_lru_cache *zoom_cache; - u_int32_t zoom_cache_num_entries; - u_int32_t zoom_cache_ttl; /* NDPI_PROTOCOL_STUN and subprotocols */ struct ndpi_lru_cache *stun_cache; @@ -435,6 +433,7 @@ int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE int load_malicious_sha1_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); int load_malicious_ja3_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); int load_risk_domain_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); +int load_config_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); /* TLS */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 5a0f95c8c1e..4b96d5216ab 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -239,6 +239,7 @@ typedef enum { NDPI_CFG_NOT_FOUND = -2, NDPI_CFG_INVALID_PARAM = -3, NDPI_CFG_CONTEXT_ALREADY_INITIALIZED = -4, + NDPI_CFG_CALLBACK_ERROR = -5, NDPI_CFG_OK = 0, } ndpi_cfg_error; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e9372ba5c88..b3d75ebe603 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4587,12 +4587,12 @@ int load_config_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) value = strtok_r(NULL, ",", &saveptr); if(value) { rc = ndpi_set_config(ndpi_str, proto, param, value); - if(rc < NDPI_CFG_OK) { + if(rc != NDPI_CFG_OK) { NDPI_LOG_ERR(ndpi_str, "Error ndpi_set_config [%s/%s/%s]: %d\n", proto, param, value, rc); return rc; - } - continue; + } + continue; } } NDPI_LOG_ERR(ndpi_str, "Error parsing [%s]\n", line); @@ -10565,7 +10565,7 @@ static u_int16_t __get_proto_id(const char *proto_name_or_id) /* Use a temporary module with all protocols enabled */ module = ndpi_init_detection_module(); if(!module) - return -1; + return NDPI_PROTOCOL_UNKNOWN; NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(module, &all); /* Try to be fast: we need only the protocol name -> protocol id mapping! */ @@ -10612,14 +10612,14 @@ static ndpi_cfg_error _set_param_int(struct ndpi_detection_module_struct *ndpi_s return NDPI_CFG_INVALID_PARAM; } - *variable = val; - /* Min and max values are set in the code, so we can convert them to integers without too many checks...*/ if(min_value && max_value && (val < strtol(min_value, NULL, 0) || val > strtol(max_value, NULL, 0))) return NDPI_CFG_INVALID_PARAM; + *variable = val; + return NDPI_CFG_OK; } @@ -10750,6 +10750,7 @@ typedef ndpi_cfg_error (*cfg_set)(struct ndpi_detection_module_struct *ndpi_str, const char *min_value, const char *max_value, const char *proto); typedef char *(*cfg_get)(void *_variable, const char *proto, char *buf, int buf_len); +typedef int (*cfg_calback)(struct ndpi_detection_module_struct *ndpi_str, void *_variable, const char *proto, const char *param); static const struct cfg_op { enum cfg_param_type type; @@ -10772,81 +10773,82 @@ static const struct cfg_param { char *max_value; enum cfg_param_type type; int offset; + cfg_calback fn_callback; } cfg_params[] = { /* Per-protocol parameters */ - { "tls", "certificate_expiration_threshold", "30", "0", "365", CFG_PARAM_INT, __OFF(tls_certificate_expire_in_x_days) }, - { "tls", "application_blocks_tracking.enable", "0", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tls_app_blocks_tracking_enabled) }, - { "tls", "metadata.sha1_fingerprint.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tls_sha1_fingerprint_enabled) }, + { "tls", "certificate_expiration_threshold", "30", "0", "365", CFG_PARAM_INT, __OFF(tls_certificate_expire_in_x_days), NULL }, + { "tls", "application_blocks_tracking", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tls_app_blocks_tracking_enabled), NULL }, + { "tls", "metadata.sha1_fingerprint", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tls_sha1_fingerprint_enabled), NULL }, - { "smtp", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(smtp_opportunistic_tls_enabled) }, + { "smtp", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(smtp_opportunistic_tls_enabled), NULL }, - { "imap", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(imap_opportunistic_tls_enabled) }, + { "imap", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(imap_opportunistic_tls_enabled), NULL }, - { "pop", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(pop_opportunistic_tls_enabled) }, + { "pop", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(pop_opportunistic_tls_enabled), NULL }, - { "ftp", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ftp_opportunistic_tls_enabled) }, + { "ftp", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ftp_opportunistic_tls_enabled), NULL }, - { "stun", "tls_dissection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_opportunistic_tls_enabled) }, + { "stun", "tls_dissection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_opportunistic_tls_enabled), NULL }, - { "dns", "subclassification.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_subclassification_enabled) }, - { "dns", "process_response.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_parse_response_enabled) }, + { "dns", "subclassification", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_subclassification_enabled), NULL }, + { "dns", "process_response", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_parse_response_enabled), NULL }, - { "http", "process_response.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(http_parse_response_enabled) }, + { "http", "process_response", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(http_parse_response_enabled), NULL }, - { "ookla", "aggressiveness", "0x01", "0", "1", CFG_PARAM_INT, __OFF(ookla_aggressiveness) }, + { "ookla", "dpi.aggressiveness", "0x01", "0", "1", CFG_PARAM_INT, __OFF(ookla_aggressiveness), NULL }, - { "$PROTO_NAME_OR_ID", "log.enable", "0", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(debug_bitmask) }, - { "$PROTO_NAME_OR_ID", "ip_list.load", "1", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(ip_list_bitmask) }, + { "$PROTO_NAME_OR_ID", "log", "disable", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(debug_bitmask), NULL }, + { "$PROTO_NAME_OR_ID", "ip_list.load", "1", NULL, NULL, CFG_PARAM_PROTOCOL_ENABLE_DISABLE, __OFF(ip_list_bitmask), NULL }, /* Global parameters */ - { NULL, "packets_limit_per_flow", "32", "0", "255", CFG_PARAM_INT, __OFF(max_packets_to_process) }, - { NULL, "flow.direction_detection.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(direction_detect_enabled) }, - { NULL, "flow.track_payload.enable", "0", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(track_payload_enabled), }, - { NULL, "tcp_ack_payload_heuristic.enable", "0", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tcp_ack_paylod_heuristic) }, - { NULL, "fully_encrypted_heuristic.enable", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic) }, - { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), }, - { NULL, "guess_on_giveup", "0x3", "0", "3", CFG_PARAM_INT, __OFF(guess_on_giveup) }, + { NULL, "packets_limit_per_flow", "32", "0", "255", CFG_PARAM_INT, __OFF(max_packets_to_process), NULL }, + { NULL, "flow.direction_detection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(direction_detect_enabled), NULL }, + { NULL, "flow.track_payload", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(track_payload_enabled), NULL }, + { NULL, "tcp_ack_payload_heuristic", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tcp_ack_paylod_heuristic), NULL }, + { NULL, "fully_encrypted_heuristic", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic), NULL }, + { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), NULL }, + { NULL, "dpi.guess_on_giveup", "0x3", "0", "3", CFG_PARAM_INT, __OFF(guess_on_giveup), NULL }, - { NULL, "flow_risk_lists.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(flow_risk_lists_enabled)}, + { NULL, "flow_risk_lists.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(flow_risk_lists_enabled), NULL }, - { NULL, "flow_risk.anonymous_subscriber.list.icloudprivaterelay.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(risk_anonymous_subscriber_list_icloudprivaterelay_enabled)}, - { NULL, "flow_risk.anonymous_subscriber.list.protonvpn.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(risk_anonymous_subscriber_list_protonvpn_enabled)}, - { NULL, "flow_risk.crawler_bot.list.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(risk_crawler_bot_list_enabled)}, + { NULL, "flow_risk.anonymous_subscriber.list.icloudprivaterelay.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(risk_anonymous_subscriber_list_icloudprivaterelay_enabled), NULL }, + { NULL, "flow_risk.anonymous_subscriber.list.protonvpn.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(risk_anonymous_subscriber_list_protonvpn_enabled), NULL }, + { NULL, "flow_risk.crawler_bot.list.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(risk_crawler_bot_list_enabled), NULL }, - { NULL, "filename.config", NULL, NULL, NULL, CFG_PARAM_FILENAME_CONFIG, __OFF(filename_config) }, + { NULL, "filename.config", NULL, NULL, NULL, CFG_PARAM_FILENAME_CONFIG, __OFF(filename_config), NULL }, - { NULL, "log.level", "0", "0", "3", CFG_PARAM_INT, __OFF(log_level) }, + { NULL, "log.level", "0", "0", "3", CFG_PARAM_INT, __OFF(log_level), NULL }, /* LRU caches */ - { NULL, "lru.ookla.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(ookla_cache_num_entries)}, - { NULL, "lru.ookla.ttl", "120", "0", "16777215", CFG_PARAM_INT, __OFF(ookla_cache_ttl)}, + { NULL, "lru.ookla.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(ookla_cache_num_entries), NULL }, + { NULL, "lru.ookla.ttl", "120", "0", "16777215", CFG_PARAM_INT, __OFF(ookla_cache_ttl), NULL }, - { NULL, "lru.bittorrent.size", "32768", "0", "16777215", CFG_PARAM_INT, __OFF(bittorrent_cache_num_entries)}, - { NULL, "lru.bittorrent.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(bittorrent_cache_ttl)}, + { NULL, "lru.bittorrent.size", "32768", "0", "16777215", CFG_PARAM_INT, __OFF(bittorrent_cache_num_entries), NULL }, + { NULL, "lru.bittorrent.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(bittorrent_cache_ttl), NULL }, - { NULL, "lru.zoom.size", "512", "0", "16777215", CFG_PARAM_INT, __OFF(zoom_cache_num_entries)}, - { NULL, "lru.zoom.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(zoom_cache_ttl)}, + { NULL, "lru.zoom.size", "512", "0", "16777215", CFG_PARAM_INT, __OFF(zoom_cache_num_entries), NULL }, + { NULL, "lru.zoom.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(zoom_cache_ttl), NULL }, - { NULL, "lru.stun.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(stun_cache_num_entries)}, - { NULL, "lru.stun.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(stun_cache_ttl)}, + { NULL, "lru.stun.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(stun_cache_num_entries), NULL }, + { NULL, "lru.stun.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(stun_cache_ttl), NULL }, - { NULL, "lru.tls_cert.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(tls_cert_cache_num_entries)}, - { NULL, "lru.tls_cert.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(tls_cert_cache_ttl)}, + { NULL, "lru.tls_cert.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(tls_cert_cache_num_entries), NULL }, + { NULL, "lru.tls_cert.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(tls_cert_cache_ttl), NULL }, - { NULL, "lru.mining.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(mining_cache_num_entries)}, - { NULL, "lru.mining.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(mining_cache_ttl)}, + { NULL, "lru.mining.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(mining_cache_num_entries), NULL }, + { NULL, "lru.mining.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(mining_cache_ttl), NULL }, - { NULL, "lru.msteams.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(msteams_cache_num_entries)}, - { NULL, "lru.msteams.ttl", "60", "0", "16777215", CFG_PARAM_INT, __OFF(msteams_cache_ttl)}, + { NULL, "lru.msteams.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(msteams_cache_num_entries), NULL }, + { NULL, "lru.msteams.ttl", "60", "0", "16777215", CFG_PARAM_INT, __OFF(msteams_cache_ttl), NULL }, - { NULL, "lru.stun_zoom.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(stun_zoom_cache_num_entries)}, - { NULL, "lru.stun_zoom.ttl", "60", "0", "16777215", CFG_PARAM_INT, __OFF(stun_zoom_cache_ttl)}, + { NULL, "lru.stun_zoom.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(stun_zoom_cache_num_entries), NULL }, + { NULL, "lru.stun_zoom.ttl", "60", "0", "16777215", CFG_PARAM_INT, __OFF(stun_zoom_cache_ttl), NULL }, - { NULL, NULL, NULL, NULL, NULL, 0, -1 }, + { NULL, NULL, NULL, NULL, NULL, 0, -1, NULL }, }; #undef __OFF @@ -10866,6 +10868,7 @@ ndpi_cfg_error ndpi_set_config(struct ndpi_detection_module_struct *ndpi_str, { const struct cfg_param *c; ndpi_cfg_error rc; + int ret; if(!ndpi_str || !param || !value) return NDPI_CFG_INVALID_CONTEXT; @@ -10884,6 +10887,14 @@ ndpi_cfg_error ndpi_set_config(struct ndpi_detection_module_struct *ndpi_str, rc = cfg_ops[c->type].fn_set(ndpi_str, (void *)((char *)&ndpi_str->cfg + c->offset), value, c->min_value, c->max_value, proto); + if(rc == NDPI_CFG_OK && c->fn_callback) { + ret = c->fn_callback(ndpi_str, (void *)((char *)&ndpi_str->cfg + c->offset), + proto, param); + if(ret < 0) + rc = NDPI_CFG_CALLBACK_ERROR; + else + rc = ret; + } return rc; } } @@ -10898,7 +10909,7 @@ char *ndpi_get_config(struct ndpi_detection_module_struct *ndpi_str, if(!ndpi_str || !param || !buf || buf_len <= 0) return NULL; - NDPI_LOG_ERR(ndpi_str, "Get [%s][%s]\n", proto, param); + NDPI_LOG_DBG(ndpi_str, "Get [%s][%s]\n", proto, param); for(c = &cfg_params[0]; c && c->param; c++) { if(((proto == NULL && c->proto == NULL) || diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 03b845c30da..5f224f2e2dd 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -3094,3 +3094,15 @@ int64_t ndpi_strtonum(const char *numstr, int64_t minval, int64_t maxval, const *errstrp = NULL; return val; } + +/* ******************************************* */ + +const char *ndpi_lru_cache_idx_to_name(lru_cache_type idx) +{ + const char *names[NDPI_LRUCACHE_MAX] = { "ookla", "bittorrent", "zoom", "stun", + "tls_cert", "mining", "msteams", "stun_zoom" }; + + if(idx < 0 || idx >= NDPI_LRUCACHE_MAX) + return NULL; + return names[idx]; +} diff --git a/tests/cfgs/disable_aggressiveness/config.txt b/tests/cfgs/disable_aggressiveness/config.txt index 6a4f2409946..8a4ab5e60ee 100644 --- a/tests/cfgs/disable_aggressiveness/config.txt +++ b/tests/cfgs/disable_aggressiveness/config.txt @@ -1 +1 @@ ---cfg=ookla,aggressiveness,0x0 +--cfg=ookla,dpi.aggressiveness,0x0 diff --git a/tests/cfgs/disable_metadata/config.txt b/tests/cfgs/disable_metadata/config.txt index 1e5e30bf838..17eb0d306eb 100644 --- a/tests/cfgs/disable_metadata/config.txt +++ b/tests/cfgs/disable_metadata/config.txt @@ -1 +1 @@ ---cfg=tls,metadata.sha1_fingerprint.enable,0 +--cfg=tls,metadata.sha1_fingerprint,0 diff --git a/tests/cfgs/dns_process_response_disable/config.txt b/tests/cfgs/dns_process_response_disable/config.txt index 028879f70b6..b6cdaf7c333 100644 --- a/tests/cfgs/dns_process_response_disable/config.txt +++ b/tests/cfgs/dns_process_response_disable/config.txt @@ -1 +1 @@ ---cfg=dns,process_response.enable,0 +--cfg=dns,process_response,0 diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt b/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt index 85e59f2450a..e895aa71eb9 100644 --- a/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt +++ b/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt @@ -1 +1 @@ ---cfg=dns,subclassification.enable,0 --cfg=dns,process_response.enable,0 +--cfg=dns,subclassification,0 --cfg=dns,process_response,0 diff --git a/tests/cfgs/dns_subclassification_disable/config.txt b/tests/cfgs/dns_subclassification_disable/config.txt index 09cc4f225e3..0d07d986081 100644 --- a/tests/cfgs/dns_subclassification_disable/config.txt +++ b/tests/cfgs/dns_subclassification_disable/config.txt @@ -1 +1 @@ ---cfg=dns,subclassification.enable,0 +--cfg=dns,subclassification,0 diff --git a/tests/cfgs/http_process_response_disable/config.txt b/tests/cfgs/http_process_response_disable/config.txt index 8ca478992fe..db6999a96f7 100644 --- a/tests/cfgs/http_process_response_disable/config.txt +++ b/tests/cfgs/http_process_response_disable/config.txt @@ -1 +1 @@ ---cfg=http,process_response.enable,0 +--cfg=http,process_response,0