aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
Commit message (Collapse)AuthorAge
...
* Updated category labelsLuca Deri2021-07-08
|
* Fix for #1230 (#1235)Vitaly Lavrov2021-07-07
| | | | | | | | | | | | | | | * Revert "Fix return value of ndpi_match_string_subprotocol() (#1230)" This reverts commit 58665e93a98d014b53d131b2481ccab074efc9ff. * Checking the return code after calling ndpi_match_string_subprotocol() ndpi_api.h: Description of the returned error codes for the ndpi_match_string_subprotocol() function. If the ndpi_match_string_subprotocol() function returned an error, then return NDPI_PROTOCOL_UNKNOWN. http: The "Content-type" header is only checked if it is not empty.
* Improved RTSP detection the second. (#1232) (#1233)Toni2021-07-07
| | | | | | | * RTSP is no subprotocol of HTTP (most of the time) * detection patterns should stay in rtsp.c * set detected HTTP protocol only if at least a valid HTTP method detected Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved RTSP via HTTP detection. (#1232)Toni2021-07-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix return value of ndpi_match_string_subprotocol() (#1230)Ivan Nardi2021-07-06
|
* Added protocols to HTTP as subprotocols. (#1228)Toni2021-07-05
| | | | | | * if HTTP was detected, all of those defined subprotocol detection routines should called Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve content match lists (#1226)Ivan Nardi2021-07-05
| | | | | | Add support for Likee app (https://likee.video/) and GitLab Improve detection of Google domains ("gtv1.com" added in 6dd42d19f was likely a typo) Improve Snapchat and Tiktok detection
* Removed ht_hash as it is not used anymore. (#1220)Toni2021-06-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added Z39.50 protocol. (#1219)Toni2021-06-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* reconcile PPSTREAM protocol category with content_match declarations (#1218)vpiserchia2021-06-28
| | | | | | | * reconcile PPSTREAM protocol category with content_match declarations * remove duplicate declaration for PPSTREAM protocol Co-authored-by: vpiserchia <vito.piserchia@dreamlab.net>
* QUIC: add basic support for fragmented Client Hello (#1216)Ivan Nardi2021-06-24
| | | | Only in-order and non overlapping fragments are handled See #1195
* Speed and memory size optimisation (#1214)Vitaly Lavrov2021-06-23
| | | | | | | Removed bigram_automata, impossible_bigram_automata, trigram_automata. The ahocorasick structure is replaced with a bitmap. The bitmap size for ndpi_en_bigram is 176 bytes. The bitmap size for ndpi_en_trigram is 2201 bytes. On the test machine, the test execution time was reduced from 27.3 seconds to 24.7 (9%).
* Addesses partial application matching (#1207)Luca Deri2021-06-21
|
* Restored 32 bit value in ndpi_match_string_value()Luca Deri2021-06-21
|
* Code review. (#1205)Vitaly Lavrov2021-06-15
| | | | | | | | | | | | | | | The common actions required to call the ac_automata_search() function have been moved to the ndpi_match_string_common function. This made it possible to simplify the ndpi_match_string, ndpi_match_string_protocol_id, ndpi_match_string_value, ndpi_match_custom_category, ndpi_match_string_subprotocol, ndpi_match_bigram, ndpi_match_trigram functions. Using u_int16_t type for protocol identifiers when working with the ahocorasick library (changes src/include/ndpi_api.h.in and src/include/ndpi_typedefs.h). Reworked "finalization" of all AC_AUTOMATA_t structures. Changing the order of fields in the ndpi_call_function_struct structure reduces the size of the ndpi_detection_module_struct structure by 10 kB (for x86_64).
* Call ac_automata_release with free_pattern = 1 (malloc'ed patterns expected ↵Alfredo Cardigliano2021-06-14
| | | | in ndpi_add_string_to_automa)
* Fixes https://github.com/ntop/ntopng/issues/5482Luca Deri2021-06-11
|
* Bug in ndpi_lru_find_cache (#1204)Vitaly Lavrov2021-06-10
| | | Key value check is missing.
* Win changesLuca Deri2021-06-08
|
* Added report on score cli/srv breakdownLuca Deri2021-06-07
|
* New version of the ahocorasick library (#1200)Vitaly Lavrov2021-06-07
| | | | | | | | | | | | | | | | The new version is about 25% faster with -O2 and 45% faster with -O3. No recursion is used (smaller stack size required). Uses less memory (by valgrind info) bigram: - original 1796 allocs, 247864 bytes allocated - new 1232 allocs, 158880 bytes allocated host_match: - original 18038 allocs, 3004576 bytes allocated - new 6861 allocs, 396624 bytes allocated The function ac_automata_search() is thread safe. Optional case-insensitive comparison. Matching at the beginning and at the end of the string is supported. One code file and one header file.
* Renamed Skyp in Skype_Teams as the protocol is now shared across these appsLuca Deri2021-06-02
|
* Removed xbox and playstation invalid port guessesLuca Deri2021-06-02
|
* Reworked ndpi flow risk score adding client and server scoreLuca2021-06-01
|
* Fix warningsAlfredo Cardigliano2021-05-25
|
* Added risk/score dump (ndpiReader -h)Luca Deri2021-05-18
| | | | Added ndpi_dump_risks_score() API score
* Updated API for ndpi_risk2score()Luca Deri2021-05-17
| | | | Added ndpi_get_upper_proto() API call
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Added TLS certifiacate cachingLuca Deri2021-05-15
| | | | Added Fortigate protocol
* Added (partial) Activision protocol support (based on tencent cloud)Luca Deri2021-05-10
|
* Removed DGA check for ipv6 reverse IPsLuca Deri2021-04-27
|
* Removed protocol space in Genshin ImpactLuca Deri2021-04-25
|
* Add Genshin Impact protocol. (#1173)Toni2021-04-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add HP Virtual Machine Group Management (hpvirtgrp) protocol. (#1170)Toni2021-04-20
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for ↵Luca Deri2021-04-12
| | | | remote assistance sessions
* Fixed mispelled wordLuca Deri2021-03-31
|
* Added missing tracker/Ads breedLuca Deri2021-03-30
|
* Ignore TLD .local .lan and .home in DGA domain checkLuca Deri2021-03-26
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Fixed support for custom DGA detection libraryrLuca Deri2021-03-18
|
* Added experiemntal JA3+ implementation that can be used with -z i ndpiReaderLuca Deri2021-03-09
|
* Added Ookla detection over IPv6Luca Deri2021-03-09
|
* Added the ability to define a custom DGA detection function by overwritingLuca Deri2021-03-08
| | | | | the value of the function pointer ndpi_dga_function curently set to NULL (that means the nDPI internal DGA function will be used)
* Fix some stack-use-after-return errors in automa code (#1150)Ivan Nardi2021-03-08
|
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Improved DGA detectionLuca Deri2021-03-03
| | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
* Removed check for knowns protocols (major and app protocols)Luca Deri2021-03-03
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
Powered by cgit, Themed by Ted Yin.