| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
| |
Add support for Likee app (https://likee.video/) and GitLab
Improve detection of Google domains ("gtv1.com" added in 6dd42d19f was
likely a typo)
Improve Snapchat and Tiktok detection
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* reconcile PPSTREAM protocol category with content_match declarations
* remove duplicate declaration for PPSTREAM protocol
Co-authored-by: vpiserchia <vito.piserchia@dreamlab.net>
|
| |
|
|
| |
Only in-order and non overlapping fragments are handled
See #1195
|
| | |
|
| |
|
|
|
|
| |
Non-critical bugs.
If a file list is used, then all files except the last are not closed.
Opening the next file loses the memory allocated via pcap_open_offline() for the previous file.
If a bpf filter is used, then no memory is freed after pcap_compile.
|
| |
|
|
|
|
|
| |
Removed bigram_automata, impossible_bigram_automata, trigram_automata.
The ahocorasick structure is replaced with a bitmap.
The bitmap size for ndpi_en_bigram is 176 bytes.
The bitmap size for ndpi_en_trigram is 2201 bytes.
On the test machine, the test execution time was reduced from 27.3 seconds to 24.7 (9%).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Update iec.lua
fixed lua errors in non iec 104 packets
* Update iec.lua
Co-authored-by: tinu <martin.scheu@switch.ch>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The common actions required to call the ac_automata_search() function
have been moved to the ndpi_match_string_common function. This made it
possible to simplify the ndpi_match_string, ndpi_match_string_protocol_id,
ndpi_match_string_value, ndpi_match_custom_category, ndpi_match_string_subprotocol,
ndpi_match_bigram, ndpi_match_trigram functions.
Using u_int16_t type for protocol identifiers when working with the
ahocorasick library (changes src/include/ndpi_api.h.in and src/include/ndpi_typedefs.h).
Reworked "finalization" of all AC_AUTOMATA_t structures.
Changing the order of fields in the ndpi_call_function_struct structure
reduces the size of the ndpi_detection_module_struct structure by 10 kB (for x86_64).
|
| | |
|
| | |
|
| |
|
|
| |
in ndpi_add_string_to_automa)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Key value check is missing.
|
| | |
|
| |
|
|
|
|
| |
* json-c is used by a unit test
* required to fix some libnDPI cross compilation issues
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new version is about 25% faster with -O2 and 45% faster with -O3.
No recursion is used (smaller stack size required).
Uses less memory (by valgrind info)
bigram:
- original 1796 allocs, 247864 bytes allocated
- new 1232 allocs, 158880 bytes allocated
host_match:
- original 18038 allocs, 3004576 bytes allocated
- new 6861 allocs, 396624 bytes allocated
The function ac_automata_search() is thread safe.
Optional case-insensitive comparison.
Matching at the beginning and at the end of the string is supported.
One code file and one header file.
|
| |
|
| |
The pointer "header" must be initialized before first call pcap_next_ex().
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Create a separated proto field entry for each possible flow risk.
This way, filtering will be more natural: you can use something like
"ndpi.flow_risk.desktop_file_sharing_session"
|
| | |
|
| | |
|
| |
|
| |
Facebook is still using its own ALPN for HTTP2 as well
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|