aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* DNS: fix parsing of hostname for empty response messages (#2731)Ivan Nardi2025-02-16
|
* DNS: rework adding entries to the FPC-DNS cache (#2730)Ivan Nardi2025-02-16
| | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support
* DNS: improved detection and handling of TCP packets (#2728)Ivan Nardi2025-02-15
|
* DNS: rework code (#2727)Ivan Nardi2025-02-15
|
* Added RUTUBE (#2725)Ivan Kapranov2025-02-15
|
* DNS: fix dissection (#2726)Ivan Nardi2025-02-15
|
* DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724)Ivan Nardi2025-02-15
| | | We already set the same flow risk for invalid request messages
* reworked ntp info extraction (#2723)Ivan Kapranov2025-02-15
|
* DNS: rework code parsing responses (#2722)Ivan Nardi2025-02-14
|
* DNS: rework/isolate code to process domain name (#2721)Ivan Nardi2025-02-13
|
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
* DNS: try to simplify the code (#2718)Ivan Nardi2025-02-12
| | | Set the classification in only one place in the code.
* ndpiReader: print more DNS information (#2717)Ivan Nardi2025-02-11
|
* DNS: fix check for DGA domain (#2716)Ivan Nardi2025-02-11
| | | | If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
* DNS: disable subclassification by default (#2715)Ivan Nardi2025-02-11
| | | | Prelimary change to start supporting multiple DNS transactions on the same flow
* DNS: evaluate all flow risks even if sub-classification is disabled (#2714)Ivan Nardi2025-02-11
|
* dns: fix writing to `flow->protos.dns`Ivan Nardi2025-02-11
| | | | | We can't write to `flow->protos.dns` until we are sure it is a valid DNS flow
* DNS: fix dissection when there is only the response messageIvan Nardi2025-02-11
|
* DNS: extend testsIvan Nardi2025-02-11
|
* Removed traceLuca Deri2025-02-10
|
* Added max element number in ndpi_protocol_qoe_category_tLuca Deri2025-02-10
|
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* Compilation fixLuca2025-02-07
|
* Introduced QoE (Quality of Experience) protocol classificationLuca Deri2025-02-06
|
* Updated SNI for YandexMetrica and YandexAlice (#2711)Ivan Kapranov2025-02-06
| | | Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* Added additional VK ASNsLuca Deri2025-02-05
|
* Remove some redundant tests (#2710)Ivan Nardi2025-02-04
|
* Preliminary work to rework `struct ndpi_flow_struct` (#2705)Ivan Nardi2025-02-04
| | | | | | | | No significant changes: * Move around some fields to avoid holes in the structures. * Some fields are about protocols based only on TCP. * Remove some unused (or set but never read) fields. See #2631
* Extend regression testsIvan Nardi2025-02-04
|
* DNS: another fix about the relationship between FPC and subclassification ↵Ivan Nardi2025-01-31
| | | | | (#2709) See: c669bb314
* Added ndpi_network_ptree6_match() API callLuca Deri2025-01-31
|
* bittorrent: add configuration for "hash" metadata (#2706)Ivan Nardi2025-01-31
| | | Fix confidence value for same TCP flows
* microsoft: another follow-up about auto-generated list of domainsIvan Nardi2025-01-31
|
* HTTP: add configuration for some metadata (#2704)Ivan Nardi2025-01-31
| | | Extend file configuration for just subclassification.
* microsoft: follow-up of 62d64afde about auto-generated list of domains (#2707)Ivan Nardi2025-01-31
|
* Auto-generate Microsoft-related list of domains (#2688)Ivan Nardi2025-01-31
|
* Create a specific configuration for classification only (#2689)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.
* DNS: fix extraction of transactionID field (#2703)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | We can't write to `flow->protos.dns` until we are sure this is a valid DNS packet ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==14729==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x60e876372a86 bp 0x000000000000 sp 0x79392fdf90e0 T1) ==14729==The signal is caused by a READ memory access. ==14729==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x60e876372a86 in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x8b0a86) (BuildId: a9c4718bcd5c3947812b6fd704e203b8bb6f633c) #1 0x60e87640b29f in free (/home/ivan/svnrepos/nDPI/example/ndpiReader+0x94929f) (BuildId: a9c4718bcd5c3947812b6fd704e203b8bb6f633c) #2 0x60e87647b0ec in free_wrapper /home/ivan/svnrepos/nDPI/example/ndpiReader.c:348:3 #3 0x60e876865454 in ndpi_free /home/ivan/svnrepos/nDPI/src/lib/ndpi_memory.c:82:7 #4 0x60e8767f0d4f in ndpi_free_flow_data /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:6752:2 #5 0x60e8767abd67 in ndpi_free_flow /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:10449:5 ``` Found by oss-fuzz
* Exported DNS transactionIdLuca Deri2025-01-30
|
* DNS: fix relationship between FPC and subclassification (#2702)Ivan Nardi2025-01-30
| | | Allow optimal FPC even if DNS subclassification is disabled
* Force English content in whatsapp_ip_addresses_download.sh (#2701)Fábio Depin2025-01-30
| | | Add the Accept-Language header in the cURL command to ensure the fetched page is in English, improving consistency and clarity in the script output.
* Added ndpi_data_jitter() API callLuca Deri2025-01-29
|
* Added buffer boundary check to avoid potential buffer overflowLuca Deri2025-01-28
|
* Explicit cast Referer / Host line to the type `ndpi_strnstr(...)` expects ↵HEADdevToni Uhlig2025-01-25
| | | | | | (unsigned char -> char) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Extracted http host and referer metadata (http protocol)Luca Deri2025-01-24
|
* Added health categoryLuca Deri2025-01-24
|
* CI: move tests with "local gcrypt" to a scheduled job (#2699)Ivan Nardi2025-01-24
| | | The goal is always the same: faster CI when pushing/committing
* CI: fix documentation job (#2698)Ivan Nardi2025-01-24
|
* RTP: improve detection of multimedia type for Signal calls (#2697)Ivan Nardi2025-01-24
|
Powered by cgit, Themed by Ted Yin.