aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Check datalink during fuzzing to prevent console / logfile spam. See #1175 ↵improved/fuzz-readerToni Uhlig2021-04-27
| | | | | | for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Compilation fixLuca Deri2021-04-27
|
* Updated code due to https://github.com/ntop/nDPI/pull/1175Luca Deri2021-04-27
|
* Removed DGA check for ipv6 reverse IPsLuca Deri2021-04-27
|
* Check for common ALPNs and set a flow risk if not known. (#1175)Toni2021-04-27
| | | | | | * Increased risk bitmask to 64bit (instead of 32bit). * Removed annoying "Unknown datalink" error message for fuzzers. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed invalid DNS dissectionLuca Deri2021-04-26
|
* Compilation fixLuca Deri2021-04-26
|
* Added flow risk to wireshark dissectionLuca Deri2021-04-26
|
* Added tshark descriptionLuca Deri2021-04-25
|
* README for the tshark classLuca Deri2021-04-25
|
* Lua tshark class and examplesLuca Deri2021-04-25
|
* Removed protocol space in Genshin ImpactLuca Deri2021-04-25
|
* Add Genshin Impact protocol. (#1173)Toni2021-04-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add vxlan enum to ndpi_packet_tunnelAlfredo Cardigliano2021-04-21
|
* Add HP Virtual Machine Group Management (hpvirtgrp) protocol. (#1170)Toni2021-04-20
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Reworked GeoIP APILuca Deri2021-04-19
| | | | | | | | int ndpi_get_geoip_asn(struct ndpi_detection_module_struct *ndpi_str, char *ip, u_int32_t *asn); int ndpi_get_geoip_country_continent(struct ndpi_detection_module_struct *ndpi_str, char *ip, char *country_code, u_int8_t country_code_len, char *continent, u_int8_t continent_len);
* TLS: fix some use-of-uninitialized-value errors in ClientHello parsing (#1169)Ivan Nardi2021-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Error detected with valgrind. ==125883== Conditional jump or move depends on uninitialised value(s) ==125883== at 0x438F57: processClientServerHello (tls.c:1421) ==125883== by 0x43B35A: processTLSBlock (tls.c:712) ==125883== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125883== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125883== by 0x42E920: ndpi_detection_process_packet (ndpi_main.c:5301) ==125916== Conditional jump or move depends on uninitialised value(s) ==125916== at 0x438D7D: processClientServerHello (tls.c:1379) ==125916== by 0x43B35A: processTLSBlock (tls.c:712) ==125916== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125916== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125932== Conditional jump or move depends on uninitialised value(s) ==125932== at 0x438C1D: processClientServerHello (tls.c:1298) ==125932== by 0x43B35A: processTLSBlock (tls.c:712) ==125932== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125932== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125950== Conditional jump or move depends on uninitialised value(s) ==125950== at 0x438D4F: processClientServerHello (tls.c:1371) ==125950== by 0x43B35A: processTLSBlock (tls.c:712) ==125950== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125950== by 0x42C079: check_ndpi_detection_func (ndpi_main.c:4443)
* Fix detunneling of GTP-U traffic (#1168)Ivan Nardi2021-04-18
| | | | | Fuzzing #1161 exposed some (completely unrelated) issues on GTP-U detunneling code. (see https://github.com/ntop/nDPI/actions/runs/719882047)
* Improve classification of Outlook/MicrosoftMail traffic (#1167)Ivan Nardi2021-04-18
| | | See #1148
* GeoIP handlign fixesLuca Deri2021-04-18
|
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for ↵Luca Deri2021-04-12
| | | | remote assistance sessions
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION flow riskLuca Deri2021-04-11
|
* wireshark/lua: fix handling of VLAN traffic (#1162)Ivan Nardi2021-04-05
|
* GTP: fix parsing of GTP headers (#1161)Ivan Nardi2021-04-05
| | | | | | | | | | | | | Message length checks and basic headers are not uniform across GTP-U, GTP-C and GTP-PRIME. Note that, even if the length checks were wrong, the GTP sessions were almost always correctly classified because of the "guessing" algorithm. This patch has been tested with GTP-U, GTP-C-V1, GTP-C-V2 and GPT-PRIME-V2 traffic using ndpiReader with "-d" flag (to avoid "guessing" algorithm) and without "-t" flag (to avoid GTP-U de-tunneling). See #1148
* Fix some warnings about unused variables/functions (#1160)Ivan Nardi2021-04-05
|
* Trace fixLuca Deri2021-04-02
|
* Fixed incapoatibilities with the latest extcap/wiresharkLuca Deri2021-04-01
|
* Readme updateLuca Deri2021-04-01
|
* Reworked ndpi patricia includes to avoid compilation issues on some platformsLuca Deri2021-03-31
|
* Mining: lru cache is ipv4 only (for the time being) (#1159)Ivan Nardi2021-03-31
| | | Fix memory error with ipv6 traffic
* Fixed mispelled wordLuca Deri2021-03-31
|
* Improved mining resultsLuca Deri2021-03-30
|
* Improved mining detection supportLuca Deri2021-03-30
|
* Added missing tracker/Ads breedLuca Deri2021-03-30
|
* Fixed invalid guess statsLuca Deri2021-03-30
|
* Ignore TLD .local .lan and .home in DGA domain checkLuca Deri2021-03-26
|
* ndpiReader: print an error msg if we found an unsupported datalink type (#1157)Ivan Nardi2021-03-23
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Win compilation fixLuca Deri2021-03-22
|
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Removed duplicate extesions lenLuca Deri2021-03-19
|
* Added ALPN and elliptic curve in JA3S+Luca Deri2021-03-19
|
* Implemented JA3+ also for JA3SLuca Deri2021-03-19
|
* Reworked JA3Luca Deri2021-03-19
|
* JA3 debug improvementsLuca Deri2021-03-19
|
* Fixed support for custom DGA detection libraryrLuca Deri2021-03-18
|
* Added % of flows with risksLuca Deri2021-03-14
|
* Added in stats the number of flows with risksLuca Deri2021-03-14
|
* Added flows risks reportLuca Deri2021-03-14
|
* Reworked extendal dependency across testing toolsLuca Deri2021-03-14
|
Powered by cgit, Themed by Ted Yin.