Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | Renamed Skyp in Skype_Teams as the protocol is now shared across these apps | Luca Deri | 2021-06-02 | |
| | ||||
* | Removed xbox and playstation invalid port guesses | Luca Deri | 2021-06-02 | |
| | ||||
* | Reworked ndpi flow risk score adding client and server score | Luca | 2021-06-01 | |
| | ||||
* | Fix warnings | Alfredo Cardigliano | 2021-05-25 | |
| | ||||
* | Added risk/score dump (ndpiReader -h) | Luca Deri | 2021-05-18 | |
| | | | | Added ndpi_dump_risks_score() API score | |||
* | Updated API for ndpi_risk2score() | Luca Deri | 2021-05-17 | |
| | | | | Added ndpi_get_upper_proto() API call | |||
* | Reworked human readeable string search in flows | Luca Deri | 2021-05-17 | |
| | | | | Removed fragment manager code | |||
* | Added TLS certifiacate caching | Luca Deri | 2021-05-15 | |
| | | | | Added Fortigate protocol | |||
* | Added (partial) Activision protocol support (based on tencent cloud) | Luca Deri | 2021-05-10 | |
| | ||||
* | Removed DGA check for ipv6 reverse IPs | Luca Deri | 2021-04-27 | |
| | ||||
* | Removed protocol space in Genshin Impact | Luca Deri | 2021-04-25 | |
| | ||||
* | Add Genshin Impact protocol. (#1173) | Toni | 2021-04-25 | |
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Add HP Virtual Machine Group Management (hpvirtgrp) protocol. (#1170) | Toni | 2021-04-20 | |
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for ↵ | Luca Deri | 2021-04-12 | |
| | | | | remote assistance sessions | |||
* | Fixed mispelled word | Luca Deri | 2021-03-31 | |
| | ||||
* | Added missing tracker/Ads breed | Luca Deri | 2021-03-30 | |
| | ||||
* | Ignore TLD .local .lan and .home in DGA domain check | Luca Deri | 2021-03-26 | |
| | ||||
* | Refactored nDPI subprotocol handling and aimini protocol detection. (#1156) | Toni | 2021-03-23 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Better DGA detection (slightly decreased accuracy) | Luca Deri | 2021-03-20 | |
| | ||||
* | Fixed support for custom DGA detection libraryr | Luca Deri | 2021-03-18 | |
| | ||||
* | Added experiemntal JA3+ implementation that can be used with -z i ndpiReader | Luca Deri | 2021-03-09 | |
| | ||||
* | Added Ookla detection over IPv6 | Luca Deri | 2021-03-09 | |
| | ||||
* | Added the ability to define a custom DGA detection function by overwriting | Luca Deri | 2021-03-08 | |
| | | | | | the value of the function pointer ndpi_dga_function curently set to NULL (that means the nDPI internal DGA function will be used) | |||
* | Fix some stack-use-after-return errors in automa code (#1150) | Ivan Nardi | 2021-03-08 | |
| | ||||
* | Add support for Snapchat voip calls (#1147) | Ivan Nardi | 2021-03-06 | |
| | | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled | |||
* | Improved DGA detection | Luca Deri | 2021-03-03 | |
| | | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49% | |||
* | Removed check for knowns protocols (major and app protocols) | Luca Deri | 2021-03-03 | |
| | ||||
* | Improved DGA detection with trigrams. Disadvantage: slower startup time | Luca Deri | 2021-03-03 | |
| | | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent | |||
* | DTLS: improve support (#1146) | Ivan Nardi | 2021-03-02 | |
| | | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates | |||
* | Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) | Toni | 2021-02-26 | |
| | | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | [Fix] replace free to ndpi_free (#1140) | pengtian | 2021-02-25 | |
| | | | same as https://github.com/ntop/nDPI/issues/1096 | |||
* | Fix ndpi_fill_prefix_v6 | Alfredo Cardigliano | 2021-02-24 | |
| | ||||
* | Add more utility functions to work with patricia trees | Alfredo Cardigliano | 2021-02-23 | |
| | ||||
* | Add support for MAC to Patricia tree. Expose full API to applications. Add ↵ | Alfredo Cardigliano | 2021-02-23 | |
| | | | | utility functions. | |||
* | Added NDPI_MALICIOUS_JA3 flow risk | Luca Deri | 2021-02-22 | |
| | | | | Added ndpi_load_malicious_ja3_file() API call | |||
* | Implemented TLS Certificate Sibject matching | Luca Deri | 2021-02-22 | |
| | | | | Improved AnyDesk detection | |||
* | Added risky domain flow-risk support | Luca Deri | 2021-02-21 | |
| | ||||
* | Removed old unused code | Luca Deri | 2021-02-19 | |
| | ||||
* | Fix leak | Alfredo Cardigliano | 2021-02-19 | |
| | ||||
* | Initial geoip support | Luca Deri | 2021-02-18 | |
| | ||||
* | Improved nDPI string matching algorithm | Luca Deri | 2021-02-18 | |
| | ||||
* | Fixes due to the fragment mananegr code | Luca Deri | 2021-02-18 | |
| | ||||
* | Fix warning | Alfredo Cardigliano | 2021-02-12 | |
| | ||||
* | Performance optimization to avoid un-necessary calls and thus increase the ↵ | Luca Deri | 2021-02-11 | |
| | | | | overall performance | |||
* | Some optimizations during flow guess | Luca Deri | 2021-02-10 | |
| | ||||
* | Code refactory | Luca Deri | 2021-02-10 | |
| | ||||
* | Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now | Luca Deri | 2021-02-10 | |
| | ||||
* | Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132) | Toni | 2021-02-10 | |
| | | | | | | | | | | | | | | | * Fixed memory leaks caused by conditional free'ing for some TLS connections. * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent reader_util.c from exit()'ing if maximum flow count reached. This confuses the fuzzer. * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS. That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | STUN improvements | Luca Deri | 2021-02-10 | |
| | ||||
* | Fixed CPHA missing protocol initialization | Luca Deri | 2021-02-10 | |
| | | | | Improved IEC104 and IRC detection |