aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
Commit message (Collapse)AuthorAge
...
* Renamed Skyp in Skype_Teams as the protocol is now shared across these appsLuca Deri2021-06-02
|
* Removed xbox and playstation invalid port guessesLuca Deri2021-06-02
|
* Reworked ndpi flow risk score adding client and server scoreLuca2021-06-01
|
* Fix warningsAlfredo Cardigliano2021-05-25
|
* Added risk/score dump (ndpiReader -h)Luca Deri2021-05-18
| | | | Added ndpi_dump_risks_score() API score
* Updated API for ndpi_risk2score()Luca Deri2021-05-17
| | | | Added ndpi_get_upper_proto() API call
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Added TLS certifiacate cachingLuca Deri2021-05-15
| | | | Added Fortigate protocol
* Added (partial) Activision protocol support (based on tencent cloud)Luca Deri2021-05-10
|
* Removed DGA check for ipv6 reverse IPsLuca Deri2021-04-27
|
* Removed protocol space in Genshin ImpactLuca Deri2021-04-25
|
* Add Genshin Impact protocol. (#1173)Toni2021-04-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add HP Virtual Machine Group Management (hpvirtgrp) protocol. (#1170)Toni2021-04-20
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for ↵Luca Deri2021-04-12
| | | | remote assistance sessions
* Fixed mispelled wordLuca Deri2021-03-31
|
* Added missing tracker/Ads breedLuca Deri2021-03-30
|
* Ignore TLD .local .lan and .home in DGA domain checkLuca Deri2021-03-26
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Fixed support for custom DGA detection libraryrLuca Deri2021-03-18
|
* Added experiemntal JA3+ implementation that can be used with -z i ndpiReaderLuca Deri2021-03-09
|
* Added Ookla detection over IPv6Luca Deri2021-03-09
|
* Added the ability to define a custom DGA detection function by overwritingLuca Deri2021-03-08
| | | | | the value of the function pointer ndpi_dga_function curently set to NULL (that means the nDPI internal DGA function will be used)
* Fix some stack-use-after-return errors in automa code (#1150)Ivan Nardi2021-03-08
|
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Improved DGA detectionLuca Deri2021-03-03
| | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
* Removed check for knowns protocols (major and app protocols)Luca Deri2021-03-03
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* [Fix] replace free to ndpi_free (#1140)pengtian2021-02-25
| | | same as https://github.com/ntop/nDPI/issues/1096
* Fix ndpi_fill_prefix_v6Alfredo Cardigliano2021-02-24
|
* Add more utility functions to work with patricia treesAlfredo Cardigliano2021-02-23
|
* Add support for MAC to Patricia tree. Expose full API to applications. Add ↵Alfredo Cardigliano2021-02-23
| | | | utility functions.
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Added risky domain flow-risk supportLuca Deri2021-02-21
|
* Removed old unused codeLuca Deri2021-02-19
|
* Fix leakAlfredo Cardigliano2021-02-19
|
* Initial geoip supportLuca Deri2021-02-18
|
* Improved nDPI string matching algorithmLuca Deri2021-02-18
|
* Fixes due to the fragment mananegr codeLuca Deri2021-02-18
|
* Fix warningAlfredo Cardigliano2021-02-12
|
* Performance optimization to avoid un-necessary calls and thus increase the ↵Luca Deri2021-02-11
| | | | overall performance
* Some optimizations during flow guessLuca Deri2021-02-10
|
* Code refactoryLuca Deri2021-02-10
|
* Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable nowLuca Deri2021-02-10
|
* Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132)Toni2021-02-10
| | | | | | | | | | | | | | | * Fixed memory leaks caused by conditional free'ing for some TLS connections. * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent reader_util.c from exit()'ing if maximum flow count reached. This confuses the fuzzer. * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS. That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN improvementsLuca Deri2021-02-10
|
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection