| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Add configuration parameter to enable/disable export of flow risk info (#2761) | Ivan Nardi | 2025-03-05 |
| | | | | | For the most common protocols, avoid creating the string message if we are not going to use it | ||
| * | Flow risk infos are always exported "in order" (by flow risk id) | Ivan Nardi | 2025-03-04 |
| | | | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order. | ||
| * | Improved RTP dissection with EVS and other mobile voice codecs | Luca Deri | 2025-02-20 |
| | | |||
| * | Exported RTP payload in packet metadata | Luca Deri | 2025-02-19 |
| | | | | | Added ndpi_rtp_payload_type2str() API call | ||
| * | added metadata fields for M-NOTIFY (#2733) | Ivan Kapranov | 2025-02-17 |
| | | |||
| * | Implement SSDP Metadata export (#2729) | Ivan Kapranov | 2025-02-16 |
| | | | | Close #2524 | ||
| * | reworked ntp info extraction (#2723) | Ivan Kapranov | 2025-02-15 |
| | | |||
| * | Added ndpi_find_protocol_qoe() API call | Luca Deri | 2025-02-10 |
| | | | | | Updated (C) | ||
| * | Renamed ips_match to ndpi_ips_match | Luca Deri | 2025-01-17 |
| | | |||
| * | TLS: remove JA3C (#2679) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551 | ||
| * | Fixes https://github.com/ntop/nDPI/issues/2673 | Luca Deri | 2025-01-13 |
| | | |||
| * | Add the ability to enable/disable every specific flow risks (#2653) | Ivan Nardi | 2025-01-06 |
| | | |||
| * | IPv6: fix bad ipv6 format (#1890) (#2651) | paolomonti | 2024-12-20 |
| | | | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890 | ||
| * | Telegram STUN improvement | Luca Deri | 2024-12-13 |
| | | |||
| * | Added STUN custom support | Luca Deri | 2024-12-02 |
| | | |||
| * | Enhanced STUN stats | Luca Deri | 2024-11-28 |
| | | |||
| * | SIP: export metadata via json (#2630) | Ivan Nardi | 2024-11-26 |
| | | | | Fix: 1bda2bf41 | ||
| * | Update `flow->flow_multimedia_types` to a bitmask (#2625) | Ivan Nardi | 2024-11-25 |
| | | | | In the same flow, we can have multiple multimedia types | ||
| * | Added ndpi_intoav6() | Luca Deri | 2024-11-17 |
| | | | | | Implemented Mikrotik JSON serialization | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | fuzz: improve coverage (#2612) | Ivan Nardi | 2024-11-01 |
| | | | | Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()` | ||
| * | HTTP: fix leak and out-of-bound error on credential extraction (#2611) | Ivan Nardi | 2024-11-01 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | DNS reponse addresses are now serialized in JSON | Luca | 2024-10-30 |
| | | |||
| * | Added ndpi_str_endswith() | Luca Deri | 2024-10-28 |
| | | |||
| * | Reworked TCP fingeprint implementation | Luca Deri | 2024-10-20 |
| | | |||
| * | Renamed os hints to avoid name clashes | Luca Deri | 2024-10-19 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Added -L <domain suffix> for loading domain suffixes | Luca Deri | 2024-10-15 |
| | | | | | Exported domainanme in JSON file (-K JSON) | ||
| * | Implemented nDPI TCP fingerprint | Luca Deri | 2024-10-15 |
| | | |||
| * | Slightly better ndpi_strrstr implementation (#2570) | Vladimir Gavrilov | 2024-09-25 |
| | | |||
| * | Changed too restrictive check | Luca Deri | 2024-09-25 |
| | | |||
| * | buffer lenghtt is now returned by ndpi_quick_encrypt() and ndpi_quick_deecrypt() | Luca Deri | 2024-09-24 |
| | | |||
| * | Added new API calls | Luca Deri | 2024-09-24 |
| | | | | | | u_int ndpi_hex2bin(u_char *out, u_int out_len, u_char* in, u_int in_len); u_int ndpi_bin2hex(u_char *out, u_int out_len, u_char* in, u_int in_len); | ||
| * | Added ndpi_quick_encrypt() ndpi_quick_decrypt() APi calls (#2568) | Luca Deri | 2024-09-24 |
| | | | | | | * Added ndpi_quick_encrypt() ndpi_quick_decrypt(0 APi calls based on AES * Added aes.c | ||
| * | Fix `ndpi_strrstr()` (#2565) | Ivan Nardi | 2024-09-23 |
| | | | | | | | | | | | | | | ``` ==6591==ERROR: AddressSanitizer: SEGV on unknown address 0x502000230000 (pc 0x55fbd836a5a0 bp 0x7ffdf4503670 sp 0x7ffdf4502e28 T0) ==6591==The signal is caused by a READ memory access. #0 0x55fbd836a5a0 in __sanitizer::internal_strlen(char const*) /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cpp:176:10 #1 0x55fbd82cfc28 in StrstrCheck(void*, char*, char const*, char const*) /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:579:17 #2 0x55fbd82cfbc2 in strstr /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:598:5 #3 0x55fbd840a04a in ndpi_strrstr /src/ndpi/src/lib/ndpi_utils.c:3471:15 #4 0x55fbd840ba95 in ndpi_get_host_domain /src/ndpi/src/lib/ndpi_domains.c:149:9 #5 0x55fbd83ef751 in ndpi_check_dga_name /src/ndpi/src/lib/ndpi_main.c:10748:17 ``` Found by oss-fuzz | ||
| * | Implemented ndpi_strrstr() | Luca Deri | 2024-09-19 |
| | | | | | Fixed bug in ndpi_get_host_domain | ||
| * | Improved fingerprint serialization | Luca | 2024-09-17 |
| | | |||
| * | Added DHCP class idnetifier | Luca | 2024-09-17 |
| | | |||
| * | Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547) | Ivan Nardi | 2024-09-16 |
| | | | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default. | ||
| * | Reworked fingerprint export now in JSON | Luca | 2024-09-16 |
| | | |||
| * | Align serialized risk names to all others (first letter; uppercase letter) ↵ | Toni | 2024-09-03 |
| | | | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | TLS: better state about handshake (#2534) | Ivan Nardi | 2024-09-03 |
| | | | | | Keep track if we received CH or/and SH messsages: usefull with unidirectional flows | ||
| * | fuzz: improve fuzzing coverage (#2535) | Ivan Nardi | 2024-09-03 |
| | | | | | Updtae pl7m code (fix a Use-of-uninitialized-value error and add GTP support) | ||
| * | Add missing risks in ndpi_risk2code and ndpi_risk2code | Alfredo Cardigliano | 2024-08-28 |
| | | |||
| * | Added print_ndpi_address_port in nDPi API | Luca Deri | 2024-08-27 |
| | | |||
| * | Added ndpi_risk2code and ndpi_code2risk | Luca Deri | 2024-08-27 |
| | | |||
| * | Changed NDPI_MALICIOUS_JA3 to NDPI_MALICIOUS_FINGERPRINT | Luca Deri | 2024-08-25 |
| | | |||
| * | Introduced ndpi_master_app_protocol typedef | Luca Deri | 2024-08-24 |
| | | |||
| * | FPC: add DNS correlation (#2497) | mmanoj | 2024-07-22 |
| | | | | | | | | | | Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||