aboutsummaryrefslogtreecommitdiff
path: root/example
Commit message (Collapse)AuthorAge
* ndpiReader: print categories summary (#2895)Ivan Nardi2025-06-21
|
* Merged protocols (now free to use) into existing categoriesLuca Deri2025-06-17
| | | | | - AdultContent -> Category Adult Content - LLM -> Category Artificial Intelligence
* Renamed custom protocol labelsLuca Deri2025-06-17
|
* Check `ndpi_finalize_initialization()` return value (#2884)Ivan Nardi2025-06-14
|
* Rework sanity checks and remove some functions from API (#2882)Ivan Nardi2025-06-12
|
* Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`Ivan Nardi2025-06-09
|
* Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)Ivan Nardi2025-06-09
| | | | | | | | | | | | | | | | | | | The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
* Add category and breed support for custom rules (#2872)Vladimir Gavrilov2025-06-08
| | | Close #2594
* Improved HTTP risk reportLuca Deri2025-06-08
| | | | PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
* Sync unit tests resultsIvan Nardi2025-06-05
|
* Add a configuration to test a huge number of custom protocols (#2865)Ivan Nardi2025-06-03
| | | File taken from #2136
* Remove `ndpi_set_proto_defaults()` from the API (#2863)Ivan Nardi2025-06-03
| | | Add an explicit field to indicate if the protocol is custom or internal
* Fix test configurationIvan Nardi2025-06-03
| | | | | As reported in the comment at the beginning of the file, here we should only set default values
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Moved variable across filesLuca Deri2025-05-29
|
* Changed variable nameLuca Deri2025-05-29
|
* Added ndpi_load_protocols_dir() API call for loading IP-based protocol detectionLuca Deri2025-05-28
| | | | Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
* BFCP: fix check on payload length and extract metadata (#2854)Ivan Nardi2025-05-26
| | | | | | We should be able to identified this protocol on the first packet, without keeping any state Close #2745
* Add ndpi_memcasecmp, refactor mail protocol dissectors (#2849)Vladimir Gavrilov2025-05-24
|
* Added new APi callsLuca Deri2025-05-20
| | | | | | | - ndpi_is_master_only_protocol() - ndpi_normalize_protocol() These two APi calls are used to normalize mater/app nDPI protocols
* Fix unit test compilation on Window (#2802)Ivan Nardi2025-04-28
| | | | | | ``` ndpiReader.c:6415:28: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (65 chars into 64 available) [-Werror=unterminated-string-initialization] 6415 | u_char enc_dec_key[64] = "9dedb817e5a8805c1de62eb8982665b9a2b4715174c34d23b9a46ffafacfb2a7" /* SHA256("nDPI") */; ```
* TLS: avoid exporting TLS heuristic fingerprint as metadata (#2783)Ivan Nardi2025-03-27
|
* Improved configuration to enable/disable export of flow risk info (#2780)Ivan Nardi2025-03-25
| | | | Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the configuration is for flow-risk, not global
* Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779)Ivan Nardi2025-03-25
| | | | | | | Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk. Disable fully-encryption detection by default, like all the obfuscation heuristics.
* Fix typo in -P help for ndpiReader (#2775)Miguel Torres2025-03-24
|
* FastCGI: use specific metadata, not the HTTP ones (#2774)Ivan Nardi2025-03-19
| | | | We are going to use HTTP metadata only for real HTTP traffic; FastCGI should be the only protocol using them improperly
* custom rules: try to have a coherent behaviourIvan Nardi2025-03-04
| | | | | | | | | | | | | Custom rules with *new* protocols are checked "first": if there is a match, the first packet of the flow provides a complete and final classification. The same logic should apply to custom rules with "existing" protocols: if there is match, nDPI shouldn't do anything else. Remove the `tcp:3000@ntop` custom rule. Fix the default port for ElasticSearch (in the protocol file)
* ndpiReader: remove redundant checksIvan Nardi2025-02-28
|
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Move `rtp` info out of `flow->protos` (#2739)Ivan Nardi2025-02-21
| | | | | Thiw way, the code is ready to handle rtp info from STUN flows too. And, most important, this change works as workaround to fix some crashes reported by oss-fuzz
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* Further domain checksLuca Deri2025-02-19
|
* SSDP: add configuration for disabling metadata extraction (#2736)Ivan Nardi2025-02-17
|
* ndpiReader: print more DNS information (#2717)Ivan Nardi2025-02-11
|
* DNS: fix check for DGA domain (#2716)Ivan Nardi2025-02-11
| | | | If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* bittorrent: add configuration for "hash" metadata (#2706)Ivan Nardi2025-01-31
| | | Fix confidence value for same TCP flows
* HTTP: add configuration for some metadata (#2704)Ivan Nardi2025-01-31
| | | Extend file configuration for just subclassification.
* Create a specific configuration for classification only (#2689)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.
* fuzz: extend fuzzing coverage (#2696)Ivan Nardi2025-01-23
|
* ndpiReader: add some global statistics about FPC (#2680)Ivan Nardi2025-01-17
| | | Enabled via `--dump-fpc-stats` option
* TLS: remove JA3C (#2679)Ivan Nardi2025-01-14
| | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551
* Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678)Ivan Nardi2025-01-14
| | | | | | | | | It might be usefull to be able to match traffic against a list of suspicious JA4C fingerprints Use the same code/logic/infrastructure used for JA3C (note that we are going to remove JA3C...) See: #2551
* Fix code scanning alert no. 7: Multiplication result converted to larger ↵Luca Deri2025-01-13
| | | | | type (#2677) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Fixes https://github.com/ntop/nDPI/issues/2672Luca Deri2025-01-13
|
* Remove JA3C output from ndpiReader (#2667)Ivan Nardi2025-01-12
| | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* QUIC: extract "max idle timeout" parameter (#2649)Ivan Nardi2025-01-06
| | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager
Powered by cgit, Themed by Ted Yin.