aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
Commit message (Collapse)AuthorAge
...
* Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639)Toni2022-07-06
| | | | | | | | | | | | | | | | | * Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Revert "SMTP with STARTTLS is now identified as SMTPS" This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482. * Revert "Compilation fix" This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5. * Sync unit tests. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Compilation fixLuca Deri2022-07-05
|
* Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)Ivan Nardi2022-07-05
|
* Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes ↵Toni2022-07-05
| | | | | | | #1630. (#1637) * FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Set CiscoVPN as a network protocolLuca Deri2022-07-04
|
* Replaced malicious JA3-md5/SSL-cert-sha1 ac automata with hashmaps.Toni Uhlig2022-07-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added UltraSurf protocol dissector. (#1618)Toni2022-07-04
| | | | | * TLSv1.3 UltraSurf flows are not detected by now Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add two new confidence values: confidence by partial DPI (#1632)Ivan Nardi2022-07-04
| | | | Used for all classifications based on partial/incomplete DPI information, i.e. all classifications done in `ndpi_detection_giveup()`.
* Added i3D and RiotGames protocol dissectors. (#1609)Toni2022-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TargusDataspeed: avoid false positives (#1628)Ivan Nardi2022-07-03
| | | | | TargusDataspeed dissector doesn't perform any real DPI checks but it only looks at the TCP/UDP ports. Delete it, and use standard logic to classify these flows by port.
* Skype_Teams, Mining, SnapchatCall: fix flow category (#1624)Ivan Nardi2022-07-03
|
* Minor changes in how classification results are set (#1623)Ivan Nardi2022-07-03
| | | | | Protocol classification should always be set via `ndpi_set_detected_protocol()`: this way, the values in `flow->detected_protocol_stack[]` are always coherent.
* Fix category for mail sessions (#1621)Ivan Nardi2022-07-03
| | | Close #629
* Fixed SMTP default port 587Luca Deri2022-07-02
|
* Renamed Z39.50 -> Z3950 as the '.' breaks the naming conventionLuca2022-06-28
| | | | QUIC is a network protocol
* Enhanced TLS risk info reported to usersLuca Deri2022-06-28
|
* Added default port for syslog TCPLuca Deri2022-06-27
|
* Fix compilation and sync unit tests results (#1606)Ivan Nardi2022-06-20
|
* Added unidirectional traffic flow riskLuca Deri2022-06-20
|
* Improved SOAP via HTTP. (#1605)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added collectd dissector (again). (#1601)Toni2022-06-17
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved IPSec/ISAKMP detection. (#1600)Toni2022-06-16
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Add support for PIM (Protocol Indipendent Multicast) protocol (#1599)Ivan Nardi2022-06-15
| | | Close #1598
* Restored ndpi_set_proto_defaults() prototypeLuca Deri2022-06-13
| | | | Updated test results
* Improved DNS traffic analysisLuca Deri2022-06-13
| | | | Added ability to identify application and network protocols
* Added Pragmatic General Multicast (PGM) protocol detectionLuca Deri2022-06-08
|
* Fixed syslog false negatives. (#1582)Toni2022-06-05
| | | | | - RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns <matzeton@googlemail.com>
* Added RSH dissector. Fixes #202. (#1581)Toni2022-06-04
| | | | | | - added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations Signed-off-by: lns <matzeton@googlemail.com>
* Add support for GoTo products (mainly GoToMeeting) (#1580)Ivan Nardi2022-06-04
| | | There is some overlap with Citrix protocol.
* Improved message for known proto on non std portLuca Deri2022-05-30
|
* Added ability to return risk info in JSON format in ndpi_get_flow_risk_info()Luca2022-05-30
|
* Added RiskInfo stringLuca Deri2022-05-30
|
* Fix dissection of IPv4 header (#1561)Ivan Nardi2022-05-29
| | | | | See: https://github.com/ntop/nDPI/runs/6643914510?check_suite_focus=true Convert al the `MIN(a,b)` calls to `ndpi_min(a,b)`
* Compilation fixes for old ggc'sLuca Deri2022-05-29
|
* Added detection for WordPress exploitsLuca Deri2022-05-29
| | | | Fixed ndpi_iph_is_valid_and_not_fragmented() that was bugged with non UDP traffic
* Added MPEG-DASH dissector. Fixes #1223. (#1555)Toni2022-05-29
| | | | | | * Improved HTTP POST detection * Refactored subprotocol detection Signed-off-by: lns <matzeton@googlemail.com>
* Updated SkypeCall -> Skype_TeamsCallLuca Deri2022-05-26
|
* Moved RTSP http patterns to the protocol source file.lns2022-05-19
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* DNS-over-QUIC: update default port (#1548)Ivan Nardi2022-05-12
| | | | | | Final RFC (https://www.rfc-editor.org/rfc/rfc9250.txt) changed the default port to 853 (from the 784 used on the early drafts). Since there is at least one deployed implementation still stuck at draft-02, keep also the old value, for the time being.
* Added Softether(-VPN) DDNS service detection. (#1544)Toni2022-05-09
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added Edgecast and Cachefly CDNs. (#1540)Toni2022-05-07
| | | | | | | | * Improved ASN update script * Ran `utils/update_every_lists.sh' * `tests/do.sh.in' prints the amount of failed pcap(s) * `utils/asn_update.sh' prints the amount of failed download(s) Signed-off-by: lns <matzeton@googlemail.com>
* Fix compilation (if `--enable-debug-messages` is used) (#1539)Ivan Nardi2022-05-04
|
* Added extra check to make sure that the guessed protocol is the one we ↵Luca Deri2022-05-04
| | | | expect and not another one
* Fixes bug that prevents triggering alerts for traffic on non-standard ports ↵Luca Deri2022-05-04
| | | | | | that have been defined in the custom protocols file Fixes https://github.com/ntop/ntopng/issues/6458
* Added ndpi_get_flow_error_code() API callLuca Deri2022-05-02
| | | | Fixed typo
* Added ability to store custom category file in patricia treeLuca Deri2022-04-26
|
* Added generic user agent setter. (#1530)Toni2022-04-25
| | | | | * ndpiReader: Print user agent if one was set and not just for certain protocols. Signed-off-by: lns <matzeton@googlemail.com>
* XIAOMI: add detection of Xiaomi traffic (#1529)Ivan Nardi2022-04-25
| | | Most of the credits should go to @utoni (see #1521)
* Added RakNet protocol dissector. (#1527)Toni2022-04-24
| | | | | * Frame Set PDU's do not get fully dissected for the sake of simplicity Signed-off-by: lns <matzeton@googlemail.com>
* Code cleanup (removed redundancy)Luca Deri2022-04-22
|
Powered by cgit, Themed by Ted Yin.