aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Added support for RDP over TLSLuca Deri2024-10-19
|
* Renamed os hints to avoid name clashesLuca Deri2024-10-19
|
* Increased struct size (#2599)Luca Deri2024-10-19
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Add configuration of TCP fingerprint computation (#2598)Ivan Nardi2024-10-18
| | | Extend configuration of raw format of JA4C fingerprint
* Added further boundary checks in TCP options parsing (#2597)Luca Deri2024-10-18
| | | * Added further memory checks
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* Update clang versionLuca Deri2024-10-18
|
* Added TCP header checkLuca Deri2024-10-18
|
* Fixes buffer overflow when parsing invalid TCP optionsLuca Deri2024-10-17
|
* Improved statisticsLuca Deri2024-10-16
|
* Added -L <domain suffix> for loading domain suffixesLuca Deri2024-10-15
| | | | Exported domainanme in JSON file (-K JSON)
* Parser for ndpiReader JSON filesLuca Deri2024-10-15
|
* Implemented nDPI TCP fingerprintLuca Deri2024-10-15
|
* STUN: minor fix for RTCP traffic (#2593)Ivan Nardi2024-10-15
|
* STUN: if the same metadata is found multiple times, keep the first value (#2591)Ivan Nardi2024-10-15
|
* CI: remove macos-12 (#2592)Ivan Nardi2024-10-15
| | | | It is deprecated and will be removed from GitHub. See: https://github.com/actions/runner-images/issues/10721
* STUN: fix monitoring of Whatsapp and Zoom flows (#2590)Ivan Nardi2024-10-15
|
* Add monitoring capability (#2588)Ivan Nardi2024-10-14
| | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583
* Added TCP fingerprintLuca Deri2024-10-14
|
* Fixed JA4 invalid computation due to code bug and uninitialized valuesLuca Deri2024-10-13
|
* Fix Windows buildIvan Nardi2024-10-13
|
* Fix compilation on WindowsIvan Nardi2024-10-13
|
* Added sonos dissectorLuca Deri2024-10-13
|
* Added u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */);Luca Deri2024-10-13
|
* Added TLS fingerprintsLuca Deri2024-10-11
|
* Added support for printing JA4r when enabledLuca Deri2024-10-11
|
* Fix unit tests on CI on GitHub Actions (#2587)Ivan Nardi2024-10-11
| | | | On CI, tests run in parallel, because of `NDPI_FORCE_PARALLEL_UTESTS` define
* Added JA4 statsLuca Deri2024-10-10
|
* fuzz: fix fuzzing (#2586)Ivan Nardi2024-10-10
|
* Added addr_dump_path definitionLuca Deri2024-10-10
|
* Added -N option for dumping/restoring the DNS cache (when enabled)Luca Deri2024-10-10
| | | | Example ndpiReader -i en0 --cfg=dpi.address_cache_size,32768 -N /tmp/a
* Added new API calls for serializing/restoring the DNS cacheLuca Deri2024-10-10
| | | | | - bool ndpi_address_cache_dump(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); - u_int32_t ndpi_address_cache_restore(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now);
* Added STUN fingerprint codeLuca Deri2024-10-09
|
* Added readmeLuca Deri2024-10-08
|
* TTL Cache Fix (#2582)Luca Deri2024-10-08
| | | | | * Added missing free * Win fix
* Test unit fixLuca Deri2024-10-08
|
* Removed unused variableLuca Deri2024-10-08
|
* Offset fixLuca Deri2024-10-08
|
* Added missing #defineLuca Deri2024-10-08
|
* Implemented (disabled by default) DNS host cache. You can set the cache size ↵Luca Deri2024-10-07
| | | | | | | | | | as follows: ndpiReader --cfg=dpi.address_cache_size,1000 -i <pcap>.pcap In the above example the cache has up to 1000 entries. In jcase ndpiReader exports data in JSON, the cache hostname (if found) is exported in the field server_hostname
* Indent fixLuca Deri2024-10-07
|
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* Moved ndpi_lru in a separate fileLuca Deri2024-10-04
|
* Exports DNS A/AAAA responses (up to 4 addresses)Luca2024-10-02
| | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response
* Enhanced DHCP fingerprintLuca Deri2024-10-01
|
* TLS: detect abnormal padding usage (#2579)Ivan Nardi2024-10-01
| | | | Padding is usually some hundreds byte long. Longer padding might be used as obfuscation technique to force unusual CH fragmentation
* Fix builds on Windows (#2580)Ivan Nardi2024-10-01
| | | | | | | | | | | | | | | | | Quick fix with latest Windows image on GitHub CI, where we got: ``` ndpiReader.c:2860:38: error: '%s' directive output may be truncated writing up to 64 bytes into a region of size 63 [-Werror=format-truncation=] 2860 | snprintf(srcip, sizeof(srcip), "[%s]", flow->src_name); | ^~ ndpiReader.c:2860:5: note: 'snprintf' output between 3 and 67 bytes into a destination of size 64 2860 | snprintf(srcip, sizeof(srcip), "[%s]", flow->src_name); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ndpiReader.c:2861:38: error: '%s' directive output may be truncated writing up to 64 bytes into a region of size 63 [-Werror=format-truncation=] 2861 | snprintf(dstip, sizeof(dstip), "[%s]", flow->dst_name); | ^~ ndpiReader.c:2861:5: note: 'snprintf' output between 3 and 67 bytes into a destination of size 64 2861 | snprintf(dstip, sizeof(dstip), "[%s]", flow->dst_name); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ```
* Added pki.goog domain nameLuca Deri2024-09-30
|
* wireshark: extcap: allow configuration of OpenVPN/TLS heuristics via GUI (#2576)Ivan Nardi2024-09-30
|
Powered by cgit, Themed by Ted Yin.