aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Classifications "by-port"/"by-ip" should never change (#2656)Ivan Nardi2025-01-06
| | | Add a new variable to keep track of internal partial classification
* Fix classification "by-port" (#2655)Ivan Nardi2025-01-06
| | | | | Classification "by-port" is the latest possible shot at getting a classification, when everything else failed: we should always use the configured ports (as expected by the users, IMO)
* Add the ability to enable/disable every specific flow risks (#2653)Ivan Nardi2025-01-06
|
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* QUIC: extract "max idle timeout" parameter (#2649)Ivan Nardi2025-01-06
| | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager
* TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647)Ivan Nardi2025-01-06
| | | | We should set it also for "obsolete"/"insecure" ciphers, not only for the "weak" ones.
* TLS: remove ESNI support (#2648)Ivan Nardi2025-01-06
| | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension.
* SSH: fix how the flow risk is set (#2652)Ivan Nardi2025-01-06
| | | We should use the existing helper
* Path of Exile 2 support (#2654)Vladimir Gavrilov2025-01-06
|
* Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵Luca Deri2025-01-03
| | | | messages when used to browse (old) network devices
* Removed Cobalt strikeLuca Deri2024-12-20
|
* IPv6: fix bad ipv6 format (#1890) (#2651)paolomonti2024-12-20
| | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
* Moded to 4.13Luca Deri2024-12-17
|
* Update CHANGELOG.mdIvan Nardi2024-12-14
| | | [no ci]
* Telegram STUN improvementLuca Deri2024-12-13
|
* DNS: fix Index-out-of-bounds error (#2644)Ivan Nardi2024-12-13
| | | | | | | | | | | | | ``` Running: /home/ivan/Downloads/clusterfuzz-testcase-minimized-fuzz_ndpi_reader_pl7m_simplest_internal-5759495480868864 protocols/dns.c:482:5: runtime error: index 4 out of bounds for type 'u_int8_t[4]' (aka 'unsigned char[4]') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:482:5 protocols/dns.c:483:5: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/dns.c:483:5 protocols/dns.c:490:12: runtime error: index 4 out of bounds for type 'u_int32_t[4]' (aka 'unsigned int[4]') ``` Found by oss-fuzz See: https://issues.oss-fuzz.com/issues/383911300?pli=1
* Added minor Citrix improvementLuca Deri2024-12-13
|
* Update CHANGELOG.mdIvan Nardi2024-12-13
| | | [no ci]
* Update all IPs lists (#2643)Ivan Nardi2024-12-13
|
* Update CHANGELOG.mdIvan Nardi2024-12-13
| | | [no ci]
* Update CHANGELOG.mdIvan Nardi2024-12-12
|
* fuzz: improve fuzzing coverage (#2642)Ivan Nardi2024-12-11
| | | Updtae pl7m code (Fix swap-direction mutation)
* STUN/RTP: improve metadata extraction (#2641)Ivan Nardi2024-12-11
|
* Update script to download Azure IP list ranges (#2640)Ivan Nardi2024-12-11
|
* Added missing checkLuca Deri2024-12-09
|
* STUN: fix monitoring (#2639)Ivan Nardi2024-12-06
|
* Changed serializer buffer size to 256 bytesLuca Deri2024-12-05
|
* signal: improve detection of chats and calls (#2637)Ivan Nardi2024-12-04
|
* fix license typo (#2638)Tina DiPierro2024-12-04
|
* Added STUN custom supportLuca Deri2024-12-02
|
* Minor fixLuca Deri2024-11-29
|
* STUN counter changesLuca Deri2024-11-29
|
* Add support Yandex Alice (#2633)Evgeny Shtanov2024-11-29
| | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* STUN: improve Whatsapp monitoring (#2635)Ivan Nardi2024-11-29
|
* Enhanced STUN statsLuca Deri2024-11-28
|
* Sync unit tests resultsToni Uhlig2024-11-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add a configuration file to ndpiReader (#2629)Ivan Nardi2024-11-27
| | | | | | Example: ./example/ndpiReader --conf=./example/calls.conf -i ./tests/pcap/signal_videocall.pcapng -v2 Close #2608
* Updated fingerprintsLuca Deri2024-11-26
|
* Removed old USE_LEGACY_AHO_CORASICK codeLuca Deri2024-11-26
|
* SIP: export metadata via json (#2630)Ivan Nardi2024-11-26
| | | Fix: 1bda2bf41
* Sync unit tests resultsIvan Nardi2024-11-26
|
* Fingerprint updateLuca Deri2024-11-25
|
* wireshark: lua: small fixIvan Nardi2024-11-25
|
* Update domains listIvan Nardi2024-11-25
|
* Add support for Paramount+ streaming serviceIvan Nardi2024-11-25
|
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* Sync unit tests resultsIvan Nardi2024-11-25
|
* Probing attempt checkLuca Deri2024-11-24
|
* Fingerprint updateLuca Deri2024-11-24
|
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default