aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* FreeBSD compilation fix (missingcvg #include <netdb.h>)Luca Deri2023-10-29
|
* Implements support for symbolic host names (#2123)Luca Deri2023-10-29
|
* Added checkLuca Deri2023-10-29
|
* Rename some functions with more useful/clear names (#2127)Ivan Nardi2023-10-29
|
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for custom rules (#2120)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* Improved Protobuf dissector. (#2119)Toni2023-10-27
| | | | | * tag extraction/validation was done wrong Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Jabber: remove support for UDP (#2115)Ivan Nardi2023-10-26
| | | | | | Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp` suggests that...). Bug introduced in 5266c726f
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* Tool for creating bitcoing IP filesLuca Deri2023-10-26
|
* Fixed endian issue while DEBUG_PROTOBUF is enabled. (#2112)Toni2023-10-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved detection as non DGA for hostnames belnging to a CDN (#2068)Luca Deri2023-10-23
|
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved CryNetwork protocol dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added CLA sectionLuca Deri2023-10-23
|
* Moved to 4.9Luca Deri2023-10-23
|
* Added 4.8 changelingLuca Deri2023-10-23
|
* Add Remote Management Control Protocol (RMCP).Toni Uhlig2023-10-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* PR templateAlfredo Cardigliano2023-10-19
|
* Improved Steam detection by adding steamdiscover pattern. (#2105)Toni2023-10-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed OpenWRT arm related build issues. (#2104)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed two OpenWRT arm related build issues. (#2103)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Windows warning checksLuca Deri2023-10-16
|
* fuzz: extend fuzzing coverageNardi Ivan2023-10-15
|
* Added NDPI_MALWARE_HOST_CONTACTED flow riskLuca Deri2023-10-13
|
* Fix for buffer overflow in serializationLuca2023-10-11
|
* Improved MGCP detection by allowing '\r' as line feed.lns2023-10-11
| | | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: export QUIC version as metadataNardi Ivan2023-10-11
|
* Serialization fixLuca Deri2023-10-11
|
* fuzzing: extend fuzzing coverageNardi Ivan2023-10-09
| | | | | Try fuzzing some functions which write to file/file descriptor; to avoid slowing the fuzzer, close its stdout
* fuzz: extend fuzzing coverageNardi Ivan2023-10-07
|
* version of dirent.c that is liked by both VC++ and MinGWLuca Deri2023-10-05
|
* Windows code reworkLuca Deri2023-10-05
|
* Windows compilation fixesLuca Deri2023-10-05
|
* Win include changeLuca Deri2023-10-05
|
* Added HAProxy protocol. (#2088)Toni2023-10-02
| | | | | | * fixed tests/do.sh.in failure print Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cleaned up mining datastructureLuca2023-09-27
|
* Added printf/fprintf replacement for some internal modules. (#1974)Toni2023-09-26
| | | | | | * logging is instead redirected to `ndpi_debug_printf` Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Renamed HTTP/2 to HTTP2 as the '/' can have side effects with applications ↵Luca Deri2023-09-20
| | | | sitting on top of nDPI
* Fix some prototypes (#2085)Ivan Nardi2023-09-18
| | | | | ``` error: function declaration isn’t a prototype [-Werror=strict-prototypes] ```
* Add support for (un-encrypted) HTTP/2 (#2087)Ivan Nardi2023-09-18
| | | | Plaintext HTTP/2 is quite rare on the general "internet" but it is used in some private networks (example: 5G core network)
* fuzz: extend fuzzing coverageNardi Ivan2023-09-16
|
* Language fixLuca2023-09-15
|
* Add `ndpi_domain_classify_finalize()` function (#2084)Ivan Nardi2023-09-12
| | | | | | | | | The "domain classify" data structure is immutable, since it uses "bitmap64". Allow to finalize it before starting to process packets (i.e. before calling `ndpi_domain_classify_contains()`) to avoid, in the data-path, all the memory allocations due to compression. Calling `ndpi_domain_classify_finalize()` is optional.
* tftp: update pcap resultsThomas Winter2023-09-12
| | | | | | | | The two malformed TFTP packets are no longer considered as risk and instead match by port only. This is because the TFTP detection was rather sparse so could match on several other protocols if the first two opcode bytes happened to match.
* tftp: check incrementation for DATA and ACK packetsThomas Winter2023-09-12
| | | | | | | | | | | | | The 2 bytes following the opcode for DATA and ACK packets are the block number and this should be incrementing every packet. We should check to see that this is occurring otherwise false matches can occur, eg L2TPv3 over UDP matches the DATA opcode but the next two bytes are always zero. Remove the DATA max block size assumption since this can be false if the blksize option is used to increase it. Fixes #2070
Powered by cgit, Themed by Ted Yin.