Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ntop/nDPI
Open Source Deep Packet Inspection Software Toolkit
https://github.com/ntop/nDPI
cybersecurity deep-packet-inspection dpi ndpi network traffic-analysis
Last synced: 10 days ago
JSON representation
Open Source Deep Packet Inspection Software Toolkit
- Host: GitHub
- URL: https://github.com/ntop/nDPI
- Owner: ntop
- License: lgpl-3.0
- Created: 2015-04-19T04:56:52.000Z (over 9 years ago)
- Default Branch: dev
- Last Pushed: 2024-05-22T10:47:27.000Z (6 months ago)
- Last Synced: 2024-05-22T11:49:04.642Z (6 months ago)
- Topics: cybersecurity, deep-packet-inspection, dpi, ndpi, network, traffic-analysis
- Language: C
- Homepage: http://www.ntop.org
- Size: 213 MB
- Stars: 3,630
- Watchers: 151
- Forks: 873
- Open Issues: 75
-
Metadata Files:
- Readme: README.fuzzer.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: COPYING
Awesome Lists containing this project
- awesome-hep - nDPI - Network Deep-Packet Inspection library from ntop, supporting HEP/EEP protocol recognition and tagging. (Contribution Guidelines / Network Applications)
- awesome-rainmana - ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit (C)
- awesome-repositories - ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit (C)
- awesome-starred - ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit (cybersecurity)
- awesome-hacking-lists - ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit (C)
README
## Compiling nDPI with Fuzzer
- Install the latest clang (sudo apt-get install clang-10)
- Export environamental variables to prefer clang over g++ (of installed)
- export CC=/usr/bin/clang-10
- export CPP=/usr/bin/clang-cpp-10
- export CXX=/usr/bin/clang++-10
- export LD=/usr/bin/ld.lld-10
- Run autogen.sh
- ./autogen.sh --with-sanitizer --enable-fuzztargets
## Testing nDPI with ClusterFuzz Artifacts
- Download the artifact (example clusterfuzz-testcase-fuzz_process_packet-4992218834796544)
- Run nDPI against the artifact
- Example: ./fuzz/fuzz_process_packet clusterfuzz-testcase-fuzz_process_packet-4992218834796544
The output is the error report
```
./fuzz/fuzz_process_packet /tmp/clusterfuzz-testcase-fuzz_process_packet-4992218834796544
AddressSanitizer:DEADLYSIGNAL
=================================================================
==11590==ERROR: AddressSanitizer: SEGV on unknown address 0x61a100000087 (pc 0x00000056e6a4 bp 0x7ffd624fa170 sp 0x7ffd624fa090 T0)
==11590==The signal is caused by a READ memory access.
#0 0x56e6a4 in quic_len /home/deri/nDPI/src/lib/protocols/quic.c:203:12
#1 0x575d6b in decrypt_initial_packet /home/deri/nDPI/src/lib/protocols/quic.c:993:16
#2 0x571776 in get_clear_payload /home/deri/nDPI/src/lib/protocols/quic.c:1302:21
#3 0x56f149 in ndpi_search_quic /home/deri/nDPI/src/lib/protocols/quic.c:1658:19
#4 0x503935 in check_ndpi_detection_func /home/deri/nDPI/src/lib/ndpi_main.c:4683:6
#5 0x5056fb in check_ndpi_udp_flow_func /home/deri/nDPI/src/lib/ndpi_main.c:4742:10
#6 0x505152 in ndpi_check_flow_func /home/deri/nDPI/src/lib/ndpi_main.c:4775:12
#7 0x5174cf in ndpi_detection_process_packet /home/deri/nDPI/src/lib/ndpi_main.c:5545:15
#8 0x4c709b in LLVMFuzzerTestOneInput /home/deri/nDPI/fuzz/fuzz_process_packet.c:30:3
#9 0x4c7640 in main /home/deri/nDPI/fuzz/fuzz_process_packet.c:90:17
#10 0x7f888e5dabf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x41c399 in _start (/home/deri/nDPI/fuzz/fuzz_process_packet+0x41c399)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/deri/nDPI/src/lib/protocols/quic.c:203:12 in quic_len
==11590==ABORTING
```