aboutsummaryrefslogtreecommitdiff
path: root/example
Commit message (Collapse)AuthorAge
...
* Initial work towards detection via TLS of browser typesLuca2021-05-06
|
* Compilation fixLuca Deri2021-04-27
|
* Updated code due to https://github.com/ntop/nDPI/pull/1175Luca Deri2021-04-27
|
* Check for common ALPNs and set a flow risk if not known. (#1175)Toni2021-04-27
| | | | | | * Increased risk bitmask to 64bit (instead of 32bit). * Removed annoying "Unknown datalink" error message for fuzzers. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Compilation fixLuca Deri2021-04-26
|
* Added flow risk to wireshark dissectionLuca Deri2021-04-26
|
* Fix detunneling of GTP-U traffic (#1168)Ivan Nardi2021-04-18
| | | | | Fuzzing #1161 exposed some (completely unrelated) issues on GTP-U detunneling code. (see https://github.com/ntop/nDPI/actions/runs/719882047)
* Fix some warnings about unused variables/functions (#1160)Ivan Nardi2021-04-05
|
* Trace fixLuca Deri2021-04-02
|
* Fixed incapoatibilities with the latest extcap/wiresharkLuca Deri2021-04-01
|
* Fixed invalid guess statsLuca Deri2021-03-30
|
* ndpiReader: print an error msg if we found an unsupported datalink type (#1157)Ivan Nardi2021-03-23
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Added % of flows with risksLuca Deri2021-03-14
|
* Added in stats the number of flows with risksLuca Deri2021-03-14
|
* Added flows risks reportLuca Deri2021-03-14
|
* Reworked extendal dependency across testing toolsLuca Deri2021-03-14
|
* Help crash fixLuca Deri2021-03-14
|
* Implemented square erro rollup to avoid overflowLuca Deri2021-03-14
|
* Added double exponential smoothing implementationLuca2021-03-11
|
* Added single exponential smoothing APILuca Deri2021-03-11
| | | | | int ndpi_ses_init(struct ndpi_ses_struct *ses, double alpha, float significance); int ndpi_ses_add_value(struct ndpi_ses_struct *ses, const u_int32_t _value, double *forecast, double *confidence_band);
* Added experiemntal JA3+ implementation that can be used with -z i ndpiReaderLuca Deri2021-03-09
|
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Improved DGA detectionLuca Deri2021-03-03
| | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* Holt-Winters calculation improvementLuca Deri2021-02-27
|
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Added risky domain flow-risk supportLuca Deri2021-02-21
|
* Fix small memory leak (#1133)Ivan Nardi2021-02-10
| | | Now function definition matches the prototype in ndpi_api.h.in
* Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132)Toni2021-02-10
| | | | | | | | | | | | | | | * Fixed memory leaks caused by conditional free'ing for some TLS connections. * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent reader_util.c from exit()'ing if maximum flow count reached. This confuses the fuzzer. * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS. That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection
* Extended the API to calculate jitterLuca Deri2021-02-09
| | | | | | - ndpi_jitter_init() - ndpi_jitter_free() - ndpi_jitter_add_value()
* Removed debug statementLuca Deri2021-02-09
|
* Added timeseries forecasting support implementing Holt-Winters with ↵Luca Deri2021-02-08
| | | | | | | | | confidence interval New API calls added - ndpi_hw_init() - ndpi_hw_add_value() - ndpi_hw_free()
* Implemented more efficient and memory savvy RSILuca Deri2021-02-05
|
* RSI enhancementsLuca Deri2021-02-05
|
* Implemented API for computing RSI (Relative Strenght Index)Luca Deri2021-02-04
| | | | | | void ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values); void ndpi_free_rsi(struct ndpi_rsi_struct *s); float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value);
* Fix a warning (#1125)Ivan Nardi2021-02-03
| | | | | | | | | | | | | | | Introduced in 5f7b9d802 reader_util.c: In function ‘process_ndpi_collected_info’: reader_util.c:1148:60: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 64 [-Wformat-truncation=] 1148 | sizeof(flow->ssh_tls.client_requested_server_name), "%s", | ^~ reader_util.c:1147:5: note: ‘snprintf’ output between 1 and 256 bytes into a destination of size 64 1147 | snprintf(flow->ssh_tls.client_requested_server_name, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1148 | sizeof(flow->ssh_tls.client_requested_server_name), "%s", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1149 | flow->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Improved debug messageLuca Deri2021-02-03
|
* Fixes due to datatype renameLuca Deri2021-01-22
|
* Cleaned up tls/quic datatypesLuca Deri2021-01-21
|
* Reworked TLS fingerprint calcolationLuca Deri2021-01-21
| | | | Modified TLS memory free
* Added missing comma (#1116)morefigs2021-01-21
| | | I presume there is a comma missing in this comma separated list.
* Added simple hash implementation to the nDPI APILuca Deri2021-01-20
|
* Code cleanup: third party uthash is at the right placeLuca Deri2021-01-20
|
* (C) UpdateLuca Deri2021-01-07
|
* Split HTTP request from response Content-Type. Request Content-Type should ↵Luca Deri2021-01-06
| | | | be present with POSTs and not with other methods such as GET
Powered by cgit, Themed by Ted Yin.