| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Removed master protocol as it was only used for STUN and via also removed ↵fix/ndpi-subprotocol-detection-and-refactoring | Toni Uhlig | 2021-03-20 |
| | | | | | | | | | API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Prevent some code duplication by using macros for ndpi_int_one_line_struct ↵ | Toni Uhlig | 2021-03-19 |
| | | | | | | | string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Refactor subprotocol handling (2/2). | Toni Uhlig | 2021-03-19 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Refactor subprotocol handling (1/2). | Toni Uhlig | 2021-03-11 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add support for Snapchat voip calls (#1147) | Ivan Nardi | 2021-03-06 |
| | | | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled | ||
| * | Add ndpi_serialize_binary_boolean for consistency. Fix comments. | Alfredo Cardigliano | 2021-03-04 |
| | | |||
| * | Improved DGA detection with trigrams. Disadvantage: slower startup time | Luca Deri | 2021-03-03 |
| | | | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent | ||
| * | Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) | Toni | 2021-02-26 |
| | | | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Windows code cleanup | Luca Deri | 2021-02-24 |
| | | |||
| * | Add more utility functions to work with patricia trees | Alfredo Cardigliano | 2021-02-23 |
| | | |||
| * | Update ndpi_patricia_walk_inorder API | Alfredo Cardigliano | 2021-02-23 |
| | | |||
| * | Add support for MAC to Patricia tree. Expose full API to applications. Add ↵ | Alfredo Cardigliano | 2021-02-23 |
| | | | | | utility functions. | ||
| * | Added NDPI_MALICIOUS_JA3 flow risk | Luca Deri | 2021-02-22 |
| | | | | | Added ndpi_load_malicious_ja3_file() API call | ||
| * | Implemented TLS Certificate Sibject matching | Luca Deri | 2021-02-22 |
| | | | | | Improved AnyDesk detection | ||
| * | Removed unused NDPI_RISKY_COUNTRY | Luca Deri | 2021-02-21 |
| | | |||
| * | Added risky domain flow-risk support | Luca Deri | 2021-02-21 |
| | | |||
| * | Added ndpi_get_geoip() APi call | Luca Deri | 2021-02-18 |
| | | |||
| * | Initial geoip support | Luca Deri | 2021-02-18 |
| | | |||
| * | Fixes due to the fragment mananegr code | Luca Deri | 2021-02-18 |
| | | |||
| * | Added new risks (future use) | Luca Deri | 2021-02-16 |
| | | | | | | | - NDPI_RISKY_ASN - NDPI_RISKY_DOMAIN - NDPI_RISKY_COUNTRY | ||
| * | Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now | Luca Deri | 2021-02-10 |
| | | |||
| * | Fixed CPHA missing protocol initialization | Luca Deri | 2021-02-10 |
| | | | | | Improved IEC104 and IRC detection | ||
| * | Extended the API to calculate jitter | Luca Deri | 2021-02-09 |
| | | | | | | | - ndpi_jitter_init() - ndpi_jitter_free() - ndpi_jitter_add_value() | ||
| * | Added timeseries forecasting support implementing Holt-Winters with ↵ | Luca Deri | 2021-02-08 |
| | | | | | | | | | | confidence interval New API calls added - ndpi_hw_init() - ndpi_hw_add_value() - ndpi_hw_free() | ||
| * | Partial fix for #1129 | Luca Deri | 2021-02-05 |
| | | |||
| * | Implemented more efficient and memory savvy RSI | Luca Deri | 2021-02-05 |
| | | |||
| * | RSI enhancements | Luca Deri | 2021-02-05 |
| | | |||
| * | Implemented API for computing RSI (Relative Strenght Index) | Luca Deri | 2021-02-04 |
| | | | | | | | void ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values); void ndpi_free_rsi(struct ndpi_rsi_struct *s); float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value); | ||
| * | HTTP: fix user-agent parsing (#1124) | Ivan Nardi | 2021-02-03 |
| | | | | | | | | | | | | User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported... | ||
| * | fragments management added (#1122) | Roberto AGOSTINO | 2021-02-03 |
| | | | | | | | Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com> | ||
| * | Cleaned up tls/quic datatypes | Luca Deri | 2021-01-21 |
| | | |||
| * | Reworked TLS fingerprint calcolation | Luca Deri | 2021-01-21 |
| | | | | | Modified TLS memory free | ||
| * | Added simple hash implementation to the nDPI API | Luca Deri | 2021-01-20 |
| | | |||
| * | Rewored UPnP protocol that in essence was WSD hence it has been renamed | Luca | 2021-01-20 |
| | | | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol | ||
| * | (C) Update | Luca Deri | 2021-01-07 |
| | | |||
| * | Increase SNI hostname buffer length to 256. (#1111) | Darryl Sokoloski | 2021-01-07 |
| | | | | | | | | | | According to RFC 4366, SNI host names can be up to 255 bytes. Previous size of 64 resulted in failed application matches due to truncation. For example: 0976e041e65b1aece3e720df36ac6bd7.safeframe.googlesyndication.co|m Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca> | ||
| * | QUIC: add suppport for DNS-over-QUIC (#1107) | Ivan Nardi | 2021-01-07 |
| | | | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ | ||
| * | Split HTTP request from response Content-Type. Request Content-Type should ↵ | Luca Deri | 2021-01-06 |
| | | | | | be present with POSTs and not with other methods such as GET | ||
| * | Added check for invalid HTTP content | Luca Deri | 2021-01-06 |
| | | |||
| * | Remove FB_ZERO protocol (#1102) | Ivan Nardi | 2021-01-04 |
| | | | | | | | FB_ZERO was an experimental protocol run by Facebook. They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but them so it is definitely dead. See: https://engineering.fb.com/2018/08/06/security/fizz/ | ||
| * | Added a new API function `ndpi_free_flow_data' which free's all members of ↵ | Toni | 2021-01-04 |
| | | | | | | ndpi_flow_struct but not the struct itself. (#1101) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Added HTTP suspicious content securirty risk (useful for tracking trickbot) | Luca Deri | 2021-01-02 |
| | | |||
| * | Updated ndpi_ptree_match_addr() prototype | Luca Deri | 2020-12-30 |
| | | |||
| * | Split ptree user data in 32 and 64 bit entries | Luca Deri | 2020-12-30 |
| | | |||
| * | Removed test code | Luca Deri | 2020-12-26 |
| | | |||
| * | Introduced fix on TLS for discarding traffic out of sequence that might ↵ | Luca Deri | 2020-12-22 |
| | | | | | invalidate dissection | ||
| * | Win fixes | Luca Deri | 2020-12-17 |
| | | |||
| * | Type change to avoid Windows compilation issues | Luca Deri | 2020-12-17 |
| | | |||
| * | Rule changes work in progress | Luca Deri | 2020-12-11 |
| | | |||
| * | Add NDPI_PROTOCOL_ANY_CATEGORY to ndpi_protocol_category_t enum | Alfredo Cardigliano | 2020-12-11 |
| | | |||