aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Add NetEase Games detection support (#2335)Vladimir Gavrilov2024-03-05
|
* Add Naraka Bladepoint detection support (#2334)Vladimir Gavrilov2024-03-04
|
* Added DGA exception for DropboxLuca Deri2024-03-03
|
* indentLuca Deri2024-03-03
|
* Add BFD protocol dissector (#2332)Vladimir Gavrilov2024-02-29
|
* ndpiReader: restore `ndpiReader -x $DOMAIN_NAME` functionality (#2329)Ivan Nardi2024-02-26
|
* TLS: avoid setting some flow risks for webrtc trafficNardi Ivan2024-02-26
| | | | | Is quite rare to have a SNI or an ALPN on Client Hello of STUN/DTLS/SRTP traffic
* utils: update script to download Cloudflare ipsNardi Ivan2024-02-26
|
* Telegram: improve identificationNardi Ivan2024-02-26
| | | | | | | | | | | | | | | | | Follow up of 31c706c3dbbf0afc4c8e0a6d0bb6f20796296549 and 75485e177ccc4fafcc62dd46c6917d5b735cf7d2. Allow fast classification by ip, but give time to other dissectors to kick in (for example, the TLS code for the Telegram Web flows). Even if we don't classify it anymore at the very first packet (i.e. SYN) we fully classify Telegram traffic at the first packet with payload, as *any* other protocol. This way, we always have the proper category, the proper confidence for the UDP flows and we don't overwrite previous classifications (TLS or ICMP) Remove old and stale identification logic for TCP flows
* STUN: fix category when sub-classification is set in "extra-dissection" data ↵Ivan Nardi2024-02-24
| | | | path (#2320)
* Updated telegam outLuca Deri2024-02-23
|
* Improved Telegram detectionLuca Deri2024-02-23
|
* Fixes exception handling glitchLuca Deri2024-02-22
|
* Improved telegram detectionLuca Deri2024-02-22
|
* Added missing telegram networksLuca Deri2024-02-22
|
* Add DLEP protocol dissector (#2326)Vladimir Gavrilov2024-02-20
|
* make install: avoid copying private header (#2323)Ivan Nardi2024-02-20
|
* Move some defines (expecially log related) to the private header (#2324)Ivan Nardi2024-02-20
|
* Add a script to download/update the domain suffix list (#2321)Ivan Nardi2024-02-20
|
* Add identification of Huawei generic and cloud traffic (#2325)Ivan Nardi2024-02-20
|
* TLS: fix disabling of JA3C fingerprint (#2319)Ivan Nardi2024-02-19
|
* Improved modbus dissection to discard false positivesLuca Deri2024-02-16
|
* IndentationLuca Deri2024-02-16
|
* Add ANSI C12.22 protocol dissector (#2317)Vladimir Gavrilov2024-02-15
| | | | | * Add ANSI C12.22 protocol dissector * Add UDP sample
* Skype: remove old detection logic (#1954)Ivan Nardi2024-02-12
| | | | | | | Skype has been using standard protocols (STUN/ICE or TLS) for a long, long time, now. Long gone are the days of Skype as a distribuited protocol. See: #2166
* Remove spurious call to `exit()`Nardi Ivan2024-02-12
|
* Added stress testLuca Deri2024-02-11
|
* Improved Polish gambling sites fetch script. (#2315)Toni2024-02-10
| | | | | * fails quite often in the CI, so ignore potential xmllint error Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* reader_util: fix GRE detunneling (#2314)Ivan Nardi2024-02-10
|
* TLS: add configuration of JA* fingerprints (#2313)Ivan Nardi2024-02-10
|
* fuzz: improve fuzzing coverage (#2309)Ivan Nardi2024-02-09
|
* Add detection of Gaijin Entertainment games (#2311)Vladimir Gavrilov2024-02-09
| | | | | | | | | * Add detection of Gaijin Entertainment games * Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN * Add default UDP port for Gaijin Entertainment games * Remove NDPI_PROTOCOL_CROSSOUT protocol id
* Improve normalization of `flow->host_server_name` (#2310)Ivan Nardi2024-02-09
| | | | | | | | | | | | | Follow-up of 4543385d107fcc5a7e8632e35d9a60bcc40cb4f4 Remove trailing spaces for any HTTP header (we already remove leading spaces) We want: * a "normalized" string in `flow->host_server_name`, but * to parse the original string for flow risk checking `ndpi_hostname_sni_set()` is a private function, so there is no need to export its flags.
* Add new AppsFlyer domain (#2307)Vladimir Gavrilov2024-02-08
|
* Add TencentGames protocol dissector (#2306)Vladimir Gavrilov2024-02-08
|
* Normalization of host_server_name (#2299)Vitaly Lavrov2024-02-05
| | | | | | | | | * Normalization of host_server_name The ndpi_hostname_sni_set() function replaces all non-printable characters with the "?" character and removing whitespace characters at the end of the line. * Added conditional hostname normalization.
* Fixed incompatibity with RH7 introduced by ↵Luca Deri2024-02-05
| | | | https://github.com/ntop/nDPI/commit/02030ac16e5016b00e0da6ff7512d97751bf87d2
* Removed un-necessary include that caused configure-based applications ↵Luca Deri2024-02-05
| | | | sitting on top of nDPI to faile at compilation
* Fix `ndpi_get_lru_cache_stats()` (#2303)Ivan Nardi2024-02-05
| | | Found while fuzzing
* Serialize JA4 to JSON. (#2305)Toni2024-02-05
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Build RPM package in the CI. (#2304)Toni2024-02-05
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Minor hash improvementLuca Deri2024-02-04
|
* Completly disable all pthread related code in the library if ↵Toni2024-02-03
| | | | | `USE_GLOBAL_CONTEXT` macro is not defined. (#2302) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* collectd: fix extraction of hostname (#2301)Ivan Nardi2024-02-03
|
* Improve `ndpi_set_config` error printing. (#2300)Toni2024-02-02
| | | | | * exit `ndpiReader` if a invalid configuration setting detected Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Simplify and fix JA4 string computation. (#2298)Toni2024-02-02
| | | | | | | | | | | | * additional JA4 string buffer is not needed and may cause a string truncation warning ``` protocols/tls.c: In function ‘ndpi_compute_ja4’: protocols/tls.c:1738:3: warning: ‘strncpy’ output may be truncated copying 36 bytes from a string of length 1023 [-Wstringop-truncation] 1738 | strncpy(flow->protos.tls_quic.ja4_client, ja_str, 36); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* CIP: fix infinite-loop (#2295)Ivan Nardi2024-02-01
| | | | | Found by oss-fuzzer See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66342 See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66320
* GitHub Actions: update to latest macOS runners (#2293)Ivan Nardi2024-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a simple job with macos-14 on M1. https://github.blog/changelog/2024-01-30-github-actions-introducing-the-new-m1-macos-runner-available-to-open-source/) There are some issues with external dependencies (they are installed but autoconf script doens;t find them) so keep it simple. On macos-13 it seems that: * there is no `realpath` program (even if coreutils has been installed...) * most of the filesystem is read only (we can't write on /usr/lib). So I change ``` make install DESTDIR=$(realpath _install) ls -alhHR _install ``` to ``` DESTDIR=/tmp/ndpi make install ls -alhHR /tmp/ndpi ``` for all the jobs Fix a warning on GitHub logs: ``` Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/. ```
* Add Gearman protocol dissector (#2297)Vladimir Gavrilov2024-02-01
|
* Fix function parameters check on domain code (#2296)Ivan Nardi2024-02-01
| | | Found while fuzzing fuzz_config
Powered by cgit, Themed by Ted Yin.