| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| |
|
|
| |
overall performance
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed memory leaks caused by conditional free'ing for some TLS connections.
* Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.
* Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
| |
Improved IEC104 and IRC detection
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
packets belonging to flows whose initial part (e.g. the 3WH) was not observed by nDPI (e.g. capture started in the middle of the flow)
|
| |
|
|
|
|
| |
Management of tcp segments managements.
Co-authored-by: ragostino <ragostino73@gmail.com>
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
|
| |
Modified TLS memory free
|
| |
|
|
| |
Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00
In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
|
| |
|
|
| |
be present with POSTs and not with other methods such as GET
|
| |
|
|
|
|
| |
FB_ZERO was an experimental protocol run by Facebook.
They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but
them so it is definitely dead.
See: https://engineering.fb.com/2018/08/06/security/fizz/
|
| |
|
|
|
| |
ndpi_flow_struct but not the struct itself. (#1101)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
| |
this bug is from commit `427002d14` `2020-05-06 00:31:40`
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
START_TLS used. (#1079)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* Add connectionless DCE/RPC detection
* Add DCE/RPC pcap file as well as its test result
Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add AmazonAlexa protocol.
* Add AmazonAlexa test file and result.
* Include pcapng as file format.
* Rename Category to VirtualAssistant.
* Add AppleSiri virtual assistant.
* Fix pcapng test files format support.
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
* Add Tumblr protocol.
* Add Tumblr test file and result.
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
* Add Reddit protocol.
* Add Reddit test file and result.
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
* Add Pinterest protocol.
* Add Pinterest test file and result.
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
|
|
| |
* Add new skype pcap
PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap)
* Improve skype detection
|
| |
|
|
| |
Removed heuristic from CiscoVPN as it leads to false positives
|
| |
|
|
|
|
| |
application data TLS blocks are now ignored when exchanged before
- the end of certificate negotiation (up to TLS 1.2)
- change cipher
|
| | |
|