| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Use Doxygen to generate the API documentation.add/doxygen-gen | lns | 2022-05-29 |
| | | | | | | | * Integrated Doxygen documentation into Sphinx Signed-off-by: lns <matzeton@googlemail.com> | ||
| * | Typo | Luca Deri | 2022-03-02 |
| | | |||
| * | Add a new flow risk `NDPI_ANONYMOUS_SUBSCRIBER` (#1462) | Ivan Nardi | 2022-02-28 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The main goal of a DPI engine is usually to determine "what", i.e. which types of traffic flow on the network. However the applications using DPI are often interested also in "who", i.e. which "user/subscriber" generated that traffic. The association between a flow and a subscriber is usually done via some kind of DHCP/GTP/RADIUS/NAT mappings. In all these cases the key element of the flow used to identify the user is the source ip address. That usually happens for the vast majority of the traffic. However, depending on the protocols involved and on the position on the net where the traffic is captured, the source ip address might have been changed/anonymized. In that case, that address is useless for any flow-username association. Example: iCloud Private Relay traffic captured between the exit relay and the server. See the picture at page 5 on: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF This commit adds new generic flow risk `NDPI_ANONYMOUS_SUBSCRIBER` hinting that the ip addresses shouldn't be used to identify the user associated with the flow. As a first example of this new feature, the entire list of the relay ip addresses used by Private Relay is added. A key point to note is that list is NOT used for flow classification (unlike all the other ip lists present in nDPI) but only for setting this new flow risk. TODO: IPv6 | ||
| * | Added newflow risk NDPI_HTTP_CRAWLER_BOT | Luca Deri | 2022-02-17 |
| | | |||
| * | Added NDPI_ERROR_CODE_DETECTED risk | Luca Deri | 2022-02-03 |
| | | |||
| * | Typo | Luca Deri | 2022-02-03 |
| | | |||
| * | Improved risks description | Luca Deri | 2022-02-03 |
| | | |||
| * | Updated risk documentation | Luca Deri | 2022-02-03 |
| | | |||
| * | Added new IDN/Punycode risk for spotting internationalized domain names | Luca | 2022-02-03 |
| | | |||
| * | Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow risk | Luca Deri | 2022-01-26 |
| | | | | | Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days | ||
| * | Added support for Log4J/Log4Shell detection in nDPI via a new flow risk ↵ | Luca Deri | 2021-12-23 |
| | | | | | named NDPI_POSSIBLE_EXPLOIT | ||
| * | Add links to other user guides | Alfredo Cardigliano | 2021-12-22 |
| | | |||
| * | Detect invalid characters in text and set a risk. Fixes #1347. (#1363) | Toni | 2021-10-26 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Adds sections labels with risk id to the docs | Simone Mainardi | 2021-10-01 |
| | | |||
| * | Warning fix | Luca Deri | 2021-10-01 |
| | | |||
| * | Initial attempt to write nDPI documentation. Starting with flow risks. ↵ | Luca Deri | 2021-10-01 |
| | | | | | Please contribute | ||
| * | Guide update | Alfredo Cardigliano | 2020-07-09 |
| | | |||
| * | Updated quickstart guide | Luca Deri | 2016-10-15 |
| | | | | | The new master file for the guide is keynote (deleted docx) | ||
| * | Updated guide courtesy of Sudeepta Bhuyan (#62) | Luca Deri | 2015-07-14 |
| | | |||
| * | Added word version of the manual | Luca | 2015-07-12 |
| | | |||
| * | Initial import from SVN | Luca Deri | 2015-04-19 |