aboutsummaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAge
* Added new risk NDPI_TCP_ISSUESLuca Deri2023-01-24
|
* Added NDPI_MINOR_ISSUES risk used for storing generic/relevant information ↵Luca Deri2022-12-31
| | | | about issues found on traffic.
* Added NDPI_PERIODIC_FLOW flow risk to be used by apps based on nDPILuca Deri2022-12-30
|
* Updated decriptionLuca Deri2022-12-17
|
* Added new flow risk NDPI_HTTP_OBSOLETE_SERVER. Currently Apache and nginx ↵Luca2022-10-04
| | | | are supported
* Added nTap referenceLuca Deri2022-08-12
|
* Added unidirectional traffic flow riskLuca Deri2022-06-20
|
* Use Doxygen to generate the API documentation. (#1558)Toni2022-05-29
| | | | | * Integrated Doxygen documentation into Sphinx Signed-off-by: lns <matzeton@googlemail.com>
* TypoLuca Deri2022-03-02
|
* Add a new flow risk `NDPI_ANONYMOUS_SUBSCRIBER` (#1462)Ivan Nardi2022-02-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The main goal of a DPI engine is usually to determine "what", i.e. which types of traffic flow on the network. However the applications using DPI are often interested also in "who", i.e. which "user/subscriber" generated that traffic. The association between a flow and a subscriber is usually done via some kind of DHCP/GTP/RADIUS/NAT mappings. In all these cases the key element of the flow used to identify the user is the source ip address. That usually happens for the vast majority of the traffic. However, depending on the protocols involved and on the position on the net where the traffic is captured, the source ip address might have been changed/anonymized. In that case, that address is useless for any flow-username association. Example: iCloud Private Relay traffic captured between the exit relay and the server. See the picture at page 5 on: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF This commit adds new generic flow risk `NDPI_ANONYMOUS_SUBSCRIBER` hinting that the ip addresses shouldn't be used to identify the user associated with the flow. As a first example of this new feature, the entire list of the relay ip addresses used by Private Relay is added. A key point to note is that list is NOT used for flow classification (unlike all the other ip lists present in nDPI) but only for setting this new flow risk. TODO: IPv6
* Added newflow risk NDPI_HTTP_CRAWLER_BOTLuca Deri2022-02-17
|
* Added NDPI_ERROR_CODE_DETECTED riskLuca Deri2022-02-03
|
* TypoLuca Deri2022-02-03
|
* Improved risks descriptionLuca Deri2022-02-03
|
* Updated risk documentationLuca Deri2022-02-03
|
* Added new IDN/Punycode risk for spotting internationalized domain namesLuca2022-02-03
|
* Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow riskLuca Deri2022-01-26
| | | | Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days
* Added support for Log4J/Log4Shell detection in nDPI via a new flow risk ↵Luca Deri2021-12-23
| | | | named NDPI_POSSIBLE_EXPLOIT
* Add links to other user guidesAlfredo Cardigliano2021-12-22
|
* Detect invalid characters in text and set a risk. Fixes #1347. (#1363)Toni2021-10-26
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Adds sections labels with risk id to the docsSimone Mainardi2021-10-01
|
* Warning fixLuca Deri2021-10-01
|
* Initial attempt to write nDPI documentation. Starting with flow risks. ↵Luca Deri2021-10-01
| | | | Please contribute
* Guide updateAlfredo Cardigliano2020-07-09
|
* Updated quickstart guideLuca Deri2016-10-15
| | | | The new master file for the guide is keynote (deleted docx)
* Updated guide courtesy of Sudeepta Bhuyan (#62)Luca Deri2015-07-14
|
* Added word version of the manualLuca2015-07-12
|
* Initial import from SVNLuca Deri2015-04-19
Powered by cgit, Themed by Ted Yin.