aboutsummaryrefslogtreecommitdiff
path: root/src/include
Commit message (Collapse)AuthorAge
...
* Reworked ndpi patricia includes to avoid compilation issues on some platformsLuca Deri2021-03-31
|
* Fixed mispelled wordLuca Deri2021-03-31
|
* Improved mining detection supportLuca Deri2021-03-30
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Implemented square erro rollup to avoid overflowLuca Deri2021-03-14
|
* Added double exponential smoothing implementationLuca2021-03-11
|
* Added single exponential smoothing APILuca Deri2021-03-11
| | | | | int ndpi_ses_init(struct ndpi_ses_struct *ses, double alpha, float significance); int ndpi_ses_add_value(struct ndpi_ses_struct *ses, const u_int32_t _value, double *forecast, double *confidence_band);
* Fixed nDPI prefs definitionLuca Deri2021-03-09
|
* Added experiemntal JA3+ implementation that can be used with -z i ndpiReaderLuca Deri2021-03-09
|
* Added Ookla detection over IPv6Luca Deri2021-03-09
|
* Added the ability to define a custom DGA detection function by overwritingLuca Deri2021-03-08
| | | | | the value of the function pointer ndpi_dga_function curently set to NULL (that means the nDPI internal DGA function will be used)
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Add ndpi_serialize_binary_boolean for consistency. Fix comments.Alfredo Cardigliano2021-03-04
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Windows code cleanupLuca Deri2021-02-24
|
* Add more utility functions to work with patricia treesAlfredo Cardigliano2021-02-23
|
* Update ndpi_patricia_walk_inorder APIAlfredo Cardigliano2021-02-23
|
* Add support for MAC to Patricia tree. Expose full API to applications. Add ↵Alfredo Cardigliano2021-02-23
| | | | utility functions.
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Removed unused NDPI_RISKY_COUNTRYLuca Deri2021-02-21
|
* Added risky domain flow-risk supportLuca Deri2021-02-21
|
* Added ndpi_get_geoip() APi callLuca Deri2021-02-18
|
* Initial geoip supportLuca Deri2021-02-18
|
* Fixes due to the fragment mananegr codeLuca Deri2021-02-18
|
* Added new risks (future use)Luca Deri2021-02-16
| | | | | | - NDPI_RISKY_ASN - NDPI_RISKY_DOMAIN - NDPI_RISKY_COUNTRY
* Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable nowLuca Deri2021-02-10
|
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection
* Extended the API to calculate jitterLuca Deri2021-02-09
| | | | | | - ndpi_jitter_init() - ndpi_jitter_free() - ndpi_jitter_add_value()
* Added timeseries forecasting support implementing Holt-Winters with ↵Luca Deri2021-02-08
| | | | | | | | | confidence interval New API calls added - ndpi_hw_init() - ndpi_hw_add_value() - ndpi_hw_free()
* Partial fix for #1129Luca Deri2021-02-05
|
* Implemented more efficient and memory savvy RSILuca Deri2021-02-05
|
* RSI enhancementsLuca Deri2021-02-05
|
* Implemented API for computing RSI (Relative Strenght Index)Luca Deri2021-02-04
| | | | | | void ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values); void ndpi_free_rsi(struct ndpi_rsi_struct *s); float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value);
* HTTP: fix user-agent parsing (#1124)Ivan Nardi2021-02-03
| | | | | | | | | | | User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported...
* fragments management added (#1122)Roberto AGOSTINO2021-02-03
| | | | | | Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Cleaned up tls/quic datatypesLuca Deri2021-01-21
|
* Reworked TLS fingerprint calcolationLuca Deri2021-01-21
| | | | Modified TLS memory free
* Added simple hash implementation to the nDPI APILuca Deri2021-01-20
|
* Rewored UPnP protocol that in essence was WSD hence it has been renamedLuca2021-01-20
| | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
* (C) UpdateLuca Deri2021-01-07
|
* Increase SNI hostname buffer length to 256. (#1111)Darryl Sokoloski2021-01-07
| | | | | | | | | According to RFC 4366, SNI host names can be up to 255 bytes. Previous size of 64 resulted in failed application matches due to truncation. For example: 0976e041e65b1aece3e720df36ac6bd7.safeframe.googlesyndication.co|m Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* QUIC: add suppport for DNS-over-QUIC (#1107)Ivan Nardi2021-01-07
| | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
* Split HTTP request from response Content-Type. Request Content-Type should ↵Luca Deri2021-01-06
| | | | be present with POSTs and not with other methods such as GET
* Added check for invalid HTTP contentLuca Deri2021-01-06
|
* Remove FB_ZERO protocol (#1102)Ivan Nardi2021-01-04
| | | | | | FB_ZERO was an experimental protocol run by Facebook. They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but them so it is definitely dead. See: https://engineering.fb.com/2018/08/06/security/fizz/
* Added a new API function `ndpi_free_flow_data' which free's all members of ↵Toni2021-01-04
| | | | | ndpi_flow_struct but not the struct itself. (#1101) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added HTTP suspicious content securirty risk (useful for tracking trickbot)Luca Deri2021-01-02
|
* Updated ndpi_ptree_match_addr() prototypeLuca Deri2020-12-30
|
Powered by cgit, Themed by Ted Yin.