| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Before
Accuracy 66%, Precision 86%, Recall 38%
After
Accuracy 71%, Precision 89%, Recall 49%
|
| |
|
|
|
| |
Reworked Tor dissector embedded in TLS (fixes #1141)
Removed false positive on HTTP User-Agent
|
| | |
|
| |
|
|
|
|
| |
* An external file which contains known malicious SSL certificate SHA-1 hashes
can be loaded via ndpi_load_malicious_sha1_file(...)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Added ndpi_load_malicious_ja3_file() API call
|
| |
|
|
| |
Improved AnyDesk detection
|
| | |
|
| |
|
| |
Now function definition matches the prototype in ndpi_api.h.in
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed memory leaks caused by conditional free'ing for some TLS connections.
* Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.
* Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Improved IEC104 and IRC detection
|
| |
|
|
|
|
| |
- ndpi_jitter_init()
- ndpi_jitter_free()
- ndpi_jitter_add_value()
|
| | |
|
| |
|
|
|
|
|
|
|
| |
confidence interval
New API calls added
- ndpi_hw_init()
- ndpi_hw_add_value()
- ndpi_hw_free()
|
| | |
|
| | |
|
| |
|
|
|
|
| |
void ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values);
void ndpi_free_rsi(struct ndpi_rsi_struct *s);
float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value);
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduced in 5f7b9d802
reader_util.c: In function ‘process_ndpi_collected_info’:
reader_util.c:1148:60: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 64 [-Wformat-truncation=]
1148 | sizeof(flow->ssh_tls.client_requested_server_name), "%s",
| ^~
reader_util.c:1147:5: note: ‘snprintf’ output between 1 and 256 bytes into a destination of size 64
1147 | snprintf(flow->ssh_tls.client_requested_server_name,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1148 | sizeof(flow->ssh_tls.client_requested_server_name), "%s",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1149 | flow->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Modified TLS memory free
|
| |
|
| |
I presume there is a comma missing in this comma separated list.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
be present with POSTs and not with other methods such as GET
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
#1073 (#1085)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| |
|
|
| |
Removed heuristic from CiscoVPN as it leads to false positives
|
| |
|
|
|
|
| |
application data TLS blocks are now ignored when exchanged before
- the end of certificate negotiation (up to TLS 1.2)
- change cipher
|
| | |
|
| | |
|
| |
|
|
|
| |
* Fix CAPWAP processing.
* Update result.
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
| |
Warning fix
|
| | |
|
| |
|
|
|
| |
nDPI but still somehow essential. (#1024)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |\
| |
| | |
Fixed broken `make dist' and added CI check.
|
| | |
| |
| |
| | |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |\ \
| | |
| | | |
Added support for mingw xcompile.
|