aboutsummaryrefslogtreecommitdiff
path: root/example
Commit message (Collapse)AuthorAge
* Add realtime protocol output to `ndpiReader`.add/output-realtime-protocolsToni Uhlig2023-12-14
| | | | | | | | * support for using a new flow callback invoked before the flow memory is free'd * minor fixes * Win32 gmtime fix Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ndpiReader: avoid creating two detection modules when processing ↵Ivan Nardi2023-12-12
| | | | traffic/traces (#2209)
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* STUN: rework extra dissection (#2202)Ivan Nardi2023-12-11
| | | | | | | Keep looking for RTP packets but remove the monitoring concept. We will re-introduce a more general concept of "flow in monitoring state" later. The function was disabled by default. Some configuration knobs will be provided when/if #2190 is merged.
* fuzz: extend fuzzing coverage (#2205)Ivan Nardi2023-12-11
|
* Fix typos (#2204)rl19872023-12-10
| | | | | * Fix typo in ndpiSimpleIntegration.c * Fix misspelling in a comment
* TLS: remove JA3+ fingerprints. (#2192)Ivan Nardi2023-12-05
| | | See: #2191
* Fixed hash buffer size in ndpiSimpleIntegration. (#2143)Toni2023-11-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed implicit u32 cast in `ndpi_data_min()` / `ndpi_data_max()`. (#2139)Toni2023-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added malicious sites from the polish cert. (#2121)Toni2023-11-02
| | | | | * added handling of parsing errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Implements support for symbolic host names (#2123)Luca Deri2023-10-29
|
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for custom rules (#2120)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* QUIC: export QUIC version as metadataNardi Ivan2023-10-11
|
* fuzz: extend fuzzing coverageNardi Ivan2023-10-07
|
* Cleaned up mining datastructureLuca2023-09-27
|
* Added printf/fprintf replacement for some internal modules. (#1974)Toni2023-09-26
| | | | | | * logging is instead redirected to `ndpi_debug_printf` Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixes matches with domain name strings that start with a dotLuca Deri2023-09-11
|
* fuzz: add fuzzers to test reader_util code (#2080)Ivan Nardi2023-09-10
|
* Reworked domain classification based on binary filtersLuca Deri2023-09-02
|
* Improvement for reducing false positivesLuca Deri2023-09-01
|
* Swap from Aho-Corasick to an experimental/home-grown algorithm that uses a ↵Luca Deri2023-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | probabilistic approach for handling Internet domain names. For switching back to Aho-Corasick it is necessary to edit ndpi-typedefs.h and uncomment the line // #define USE_LEGACY_AHO_CORASICK [1] With Aho-Corasick $ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory nDPI Memory statistics: nDPI Memory (once): 37.34 KB Flow Memory (per flow): 960 B Actual Memory: 33.09 MB Peak Memory: 33.09 MB [2] With the new algorithm $ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory nDPI Memory statistics: nDPI Memory (once): 37.31 KB Flow Memory (per flow): 960 B Actual Memory: 7.42 MB Peak Memory: 7.42 MB In essence from ~33 MB to ~7 MB This new algorithm will enable larger lists to be loaded (e.g. top 1M domans https://s3-us-west-1.amazonaws.com/umbrella-static/index.html) In ./lists there are file names that are named as <category>_<string>.list With -G ndpiReader can load all of them at startup
* Search fixesLuca Deri2023-08-26
|
* Improved domain search tet unitLuca Deri2023-08-26
|
* Added ndpi_domain_classify_XXX(0 APILuca Deri2023-08-26
|
* fuzz: extend coverage (#2073)Ivan Nardi2023-08-20
|
* Reworked ndpi_filter_xxx implementation using compressed bitmapsLuca Deri2023-08-14
|
* Added new API calls for implementing Bloom-filter like data structuresLuca Deri2023-08-11
| | | | | | | ndpi_filter* ndpi_filter_alloc(uint32_t elements_number); bool ndpi_filter_add(ndpi_filter *f, uint64_t value); bool ndpi_filter_contains(ndpi_filter *f, uint64_t value); void ndpi_filter_free(ndpi_filter *f);
* Compilation fixes for older C compilersLuca Deri2023-08-01
|
* Add Service Location Protocol dissector. (#2036)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* DNS: extract geolocation information, if available (#2065)Ivan Nardi2023-07-31
| | | | | | | The option NSID (RFC5001) is used by Google DNS to report the airport code of the metro where the DNS query is handled. This option is quite rare, but the added overhead in DNS code is pretty much zero for "normal" DNS traffic
* ProtonVPN: split the ip list (#2060)Ivan Nardi2023-07-27
| | | | | | | | | | | Use two separate lists: * one for the ingress nodes, which triggers a ProtonVPN classification * one for the egress nodes, which triggers the `NDPI_ANONYMOUS_SUBSCRIBER` risk Add a command line option (to `ndpiReader`) to easily test IP/port matching. Add another example of custom rule.
* TLS: add basic, basic, detection of Encrypted ClientHello (#2053)Ivan Nardi2023-07-21
|
* ndpireader: fix detection of DoH traffic based on packet distributions (#2045)Ivan Nardi2023-07-14
|
* Implemented Count-Min Sketch [count how many times a value has been observed]Luca Deri2023-07-13
| | | | | | | - ndpi_cm_sketch_init() - ndpi_cm_sketch_add() - ndpi_cm_sketch_count() - ndpi_cm_sketch_destroy()
* added feature to extract filename from http attachment (#2037)Chiara Maggi2023-07-11
| | | | | | | | | | | | | | | | | | | * added feature to extract filename from http attachment * fixed some issues * added check for filename format * added check for filename format * remove an unnecessary print * changed the size from 952 to 960 * modified some test result files * small changes string size * comment removed and mallocs checked
* Simplify the report of streaming multimedia info (#2026)Ivan Nardi2023-06-26
| | | | | The two fields `flow->flow_type` and `flow->protos.rtp.stream_type` are pretty much identical: rename the former in `flow->flow_multimedia_type` and remove the latter.
* STUN: keep monitoring/processing STUN flows (#2012)Ivan Nardi2023-06-21
| | | | Look for RTP packets in the STUN sessions. TODO: tell RTP from RTCP
* Reworked teams handlingLuca Deri2023-06-15
|
* Implemented Zoom/Teams stream type detectionLuca Deri2023-06-14
|
* Set _DEFAULT_SOURCE and _GNU_SOURCE globally. (#2010)Toni2023-06-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added vlan_id in ndpi_flow2json() prototypeLuca Deri2023-06-09
|
* ndpiReader: allow to configure LRU caches TTL and size (#2004)Ivan Nardi2023-06-08
|
* Changed logging callback function sig. (#2000)Toni2023-05-30
| | | | | * make user data available for any build config Signed-off-by: lns <matzeton@googlemail.com>
* Fix some memory errors triggered by allocation failures (#1995)Ivan Nardi2023-05-29
| | | | | | | | | | | | Some low hanging fruits found using nallocfuzz. See: https://github.com/catenacyber/nallocfuzz See: https://github.com/google/oss-fuzz/pull/9902 Most of these errors are quite trivial to fix; the only exception is the stuff in the uthash. If the insertion fails (because of an allocation failure), we need to avoid some memory leaks. But the only way to check if the `HASH_ADD_*` failed, is to perform a new lookup: a bit costly, but we don't use that code in any critical data-path.
* ndpiReader: improve printing of payload statistics (#1989)Ivan Nardi2023-05-29
| | | | | Add a basic unit test Fix an endianess issue
* ndpiReader: fix export of DNS/BitTorrent attributes (#1985)Ivan Nardi2023-05-20
| | | There is no BitTorrent hash in the DNS flows
Powered by cgit, Themed by Ted Yin.