Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) | Toni | 2021-02-26 | |
| | | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | [Fix] replace free to ndpi_free (#1140) | pengtian | 2021-02-25 | |
| | | | same as https://github.com/ntop/nDPI/issues/1096 | |||
* | Fix ndpi_fill_prefix_v6 | Alfredo Cardigliano | 2021-02-24 | |
| | ||||
* | Add more utility functions to work with patricia trees | Alfredo Cardigliano | 2021-02-23 | |
| | ||||
* | Add support for MAC to Patricia tree. Expose full API to applications. Add ↵ | Alfredo Cardigliano | 2021-02-23 | |
| | | | | utility functions. | |||
* | Added NDPI_MALICIOUS_JA3 flow risk | Luca Deri | 2021-02-22 | |
| | | | | Added ndpi_load_malicious_ja3_file() API call | |||
* | Implemented TLS Certificate Sibject matching | Luca Deri | 2021-02-22 | |
| | | | | Improved AnyDesk detection | |||
* | Added risky domain flow-risk support | Luca Deri | 2021-02-21 | |
| | ||||
* | Removed old unused code | Luca Deri | 2021-02-19 | |
| | ||||
* | Fix leak | Alfredo Cardigliano | 2021-02-19 | |
| | ||||
* | Initial geoip support | Luca Deri | 2021-02-18 | |
| | ||||
* | Improved nDPI string matching algorithm | Luca Deri | 2021-02-18 | |
| | ||||
* | Fixes due to the fragment mananegr code | Luca Deri | 2021-02-18 | |
| | ||||
* | Fix warning | Alfredo Cardigliano | 2021-02-12 | |
| | ||||
* | Performance optimization to avoid un-necessary calls and thus increase the ↵ | Luca Deri | 2021-02-11 | |
| | | | | overall performance | |||
* | Some optimizations during flow guess | Luca Deri | 2021-02-10 | |
| | ||||
* | Code refactory | Luca Deri | 2021-02-10 | |
| | ||||
* | Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now | Luca Deri | 2021-02-10 | |
| | ||||
* | Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132) | Toni | 2021-02-10 | |
| | | | | | | | | | | | | | | | * Fixed memory leaks caused by conditional free'ing for some TLS connections. * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent reader_util.c from exit()'ing if maximum flow count reached. This confuses the fuzzer. * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS. That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | STUN improvements | Luca Deri | 2021-02-10 | |
| | ||||
* | Fixed CPHA missing protocol initialization | Luca Deri | 2021-02-10 | |
| | | | | Improved IEC104 and IRC detection | |||
* | Removed debug statement | Luca Deri | 2021-02-09 | |
| | ||||
* | Partial fix for #1129 | Luca Deri | 2021-02-05 | |
| | ||||
* | Fix some memory leakes in reassembler code (#1127) | Ivan Nardi | 2021-02-04 | |
| | ||||
* | Added missing check | Luca Deri | 2021-02-04 | |
| | ||||
* | Fixed leak with DTLS | Luca Deri | 2021-02-03 | |
| | ||||
* | Fixes an issue with https://github.com/ntop/nDPI/pull/1122 that misprocsssed ↵ | Luca Deri | 2021-02-03 | |
| | | | | packets belonging to flows whose initial part (e.g. the 3WH) was not observed by nDPI (e.g. capture started in the middle of the flow) | |||
* | fragments management added (#1122) | Roberto AGOSTINO | 2021-02-03 | |
| | | | | | | Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com> | |||
* | DGA name improvement | Luca Deri | 2021-01-27 | |
| | ||||
* | Cleaned up tls/quic datatypes | Luca Deri | 2021-01-21 | |
| | ||||
* | Reworked TLS fingerprint calcolation | Luca Deri | 2021-01-21 | |
| | | | | Modified TLS memory free | |||
* | Rewored UPnP protocol that in essence was WSD hence it has been renamed | Luca | 2021-01-20 | |
| | | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol | |||
* | (C) Update | Luca Deri | 2021-01-07 | |
| | ||||
* | QUIC: add suppport for DNS-over-QUIC (#1107) | Ivan Nardi | 2021-01-07 | |
| | | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ | |||
* | Split HTTP request from response Content-Type. Request Content-Type should ↵ | Luca Deri | 2021-01-06 | |
| | | | | be present with POSTs and not with other methods such as GET | |||
* | Remove FB_ZERO protocol (#1102) | Ivan Nardi | 2021-01-04 | |
| | | | | | | FB_ZERO was an experimental protocol run by Facebook. They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but them so it is definitely dead. See: https://engineering.fb.com/2018/08/06/security/fizz/ | |||
* | Added a new API function `ndpi_free_flow_data' which free's all members of ↵ | Toni | 2021-01-04 | |
| | | | | | ndpi_flow_struct but not the struct itself. (#1101) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Fix memory leak introduced in b7376cc6 (#1100) | Ivan Nardi | 2021-01-04 | |
| | ||||
* | Updated ndpi_ptree_match_addr() prototype | Luca Deri | 2020-12-30 | |
| | ||||
* | Split ptree user data in 32 and 64 bit entries | Luca Deri | 2020-12-30 | |
| | ||||
* | Bugfix for host check (#1097) | pengtian | 2020-12-29 | |
| | | | this bug is from commit `427002d14` `2020-05-06 00:31:40` | |||
* | Added known protocol on unknown port for ntop | Luca Deri | 2020-12-28 | |
| | ||||
* | Initialization fix | Luca Deri | 2020-12-28 | |
| | ||||
* | Free flow fix | Luca Deri | 2020-12-28 | |
| | ||||
* | Removed space from protocol name | Luca Deri | 2020-12-23 | |
| | ||||
* | Fixed invalid TLS check for extra processing detection | Luca Deri | 2020-12-21 | |
| | ||||
* | Rule changes work in progress | Luca Deri | 2020-12-11 | |
| | ||||
* | Rename Jabber detection name as we are not sure if it is unencrypted e.g. if ↵ | Toni | 2020-12-08 | |
| | | | | | START_TLS used. (#1079) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Add a connectionless DCE/RPC detection (#1078) | rafaliusz | 2020-12-08 | |
| | | | | | | | * Add connectionless DCE/RPC detection * Add DCE/RPC pcap file as well as its test result Co-authored-by: rafal <rafal.burzynski@cryptomage.com> | |||
* | Add Virtual Asssitant (Alexa, Siri) support. (#1057) | Zied Aouini | 2020-11-16 | |
| | | | | | | | | | | | | | | | * Add AmazonAlexa protocol. * Add AmazonAlexa test file and result. * Include pcapng as file format. * Rename Category to VirtualAssistant. * Add AppleSiri virtual assistant. * Fix pcapng test files format support. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com> |