diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-04-12 22:55:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-12 22:55:51 +0200 |
| commit | 0535e54484467861a6f5a98ad36c980e9c24ee23 (patch) | |
| tree | 9a46da5c60003c5f571f799f3e83fa536181b6b0 /doc/configuration_parameters.md | |
| parent | bb4fccd2cf7ce543b1d2d3244cf392ee08b7f2d7 (diff) | |
STUN: fix boundary checks on attribute list parsing (#2387)
Restore all unit tests.
Add some configuration knobs.
Fix the endianess.
Diffstat (limited to 'doc/configuration_parameters.md')
| -rw-r--r-- | doc/configuration_parameters.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index ed583a872..2283b8ed8 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -34,6 +34,8 @@ TODO | "stun" | "max_packets_extra_dissection" | 4 | 0 | 255 | After a flow has been classified has STUN, nDPI might analyse more packets to look for a sub-classification or for metadata. This parameter set the upper limit on the number of these packets | | "stun" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets multiplexed into STUN flows | | "stun" | "metadata.attribute.mapped_address" | enable | NULL | NULL | Enable/disable extraction of (xor)-mapped-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster | +| "stun" | "metadata.attribute.response_origin" | enable | NULL | NULL | Enable/disable extraction of response-origin attribute for STUN flows. If it is disabled, STUN classification might be significant faster | +| "stun" | "metadata.attribute.other_address" | enable | NULL | NULL | Enable/disable extraction of other-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster | | "dns" | "subclassification" | enable | NULL | NULL | Enable/disable sub-classification of DNS flows (via query/response domain name). If disabled, some flow risks are not checked | | "dns" | "process_response" | enable | NULL | NULL | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported | | "http" | "process_response" | enable | NULL | NULL | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported | |