aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_utils.c
Commit message (Collapse)AuthorAge
* Added risk/score dump (ndpiReader -h)Luca Deri2021-05-18
| | | | Added ndpi_dump_risks_score() API score
* Updated API for ndpi_risk2score()Luca Deri2021-05-17
| | | | Added ndpi_get_upper_proto() API call
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Implemented heuristic to detect Safari and Firefox TLS browsingLuca Deri2021-05-13
|
* Implemented flow score in Wireshark integrationLuca Deri2021-05-10
|
* Fix some warnings (#1181)Ivan Nardi2021-05-09
| | | | | | | | | | | | | | | | | | | ``` In file included from protocols/fasttrack.c:29: ../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers] 1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk); | ^~~~~ In file included from protocols/amazon_video.c:28: ../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers] 1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk); | ^~~~~ ... ndpi_utils.c: In function ‘ndpi_risk2severity’: ndpi_utils.c:1834:1: warning: control reaches end of non-void function [-Wreturn-type] 1834 | } | ^ ```
* Added ndpi_risk2severity() API callLuca2021-05-02
|
* Check for common ALPNs and set a flow risk if not known. (#1175)Toni2021-04-27
| | | | | | * Increased risk bitmask to 64bit (instead of 32bit). * Removed annoying "Unknown datalink" error message for fuzzers. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add vxlan enum to ndpi_packet_tunnelAlfredo Cardigliano2021-04-21
|
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION flow riskLuca Deri2021-04-11
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added protocol breed to JSON serializer. (#1137)Toni2021-02-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Modified JA3 fingerprint messageLuca Deri2021-02-24
|
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Removed unused NDPI_RISKY_COUNTRYLuca Deri2021-02-21
|
* Fixes due to the fragment mananegr codeLuca Deri2021-02-18
|
* Added new risks (future use)Luca Deri2021-02-16
| | | | | | - NDPI_RISKY_ASN - NDPI_RISKY_DOMAIN - NDPI_RISKY_COUNTRY
* Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable nowLuca Deri2021-02-10
|
* Partial fix for #1129Luca Deri2021-02-05
|
* Code cleanup and safety checks in the fragment manager (#1129)Alfredo Cardigliano2021-02-05
|
* Cosmetic fixesLuca Deri2021-02-03
|
* fragments management added (#1122)Roberto AGOSTINO2021-02-03
| | | | | | Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Cleaned up tls/quic datatypesLuca Deri2021-01-21
|
* Reworked TLS fingerprint calcolationLuca Deri2021-01-21
| | | | Modified TLS memory free
* Added simple hash implementation to the nDPI APILuca Deri2021-01-20
|
* (C) UpdateLuca Deri2021-01-07
|
* QUIC: improve handling of SNI (#1105)Ivan Nardi2021-01-07
| | | | | | | | | | | | | * QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name Close #1077 * QUIC: fix matching of custom categories * QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions * QUIC: fix serialization * QUIC: add DGA check for older GQUIC versions
* Added HTTP suspicious content securirty risk (useful for tracking trickbot)Luca Deri2021-01-02
|
* Win fixesLuca Deri2020-12-17
|
* Type change to avoid Windows compilation issuesLuca Deri2020-12-17
|
* Fix/overflow and libgerror check (#1068)Toni2020-11-26
| | | | | | | | | * Fixed stack overflow caused by missing buffer space for the trailing \0 added by sprintf() Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Remove the autoconf cache value from the previous and failed check before checking again. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved processing of IPv6 headerLuca Deri2020-10-15
| | | | Improved QUIC serialization
* Added ndpi_quick_16_byte_hashLuca2020-10-05
| | | | Warning fix
* Added risks for checkingLuca Deri2020-09-21
| | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
* Do not re-define libc functions for mingw builds.Toni Uhlig2020-09-20
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #1017 from lnslbrty/fix/mingw-xcompileLuca Deri2020-09-20
|\ | | | | Added support for mingw xcompile.
| * Fixed shlib xcompile for x86_64-w64-mingw32Toni Uhlig2020-09-08
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
|/
* Added some additional TLS mappingsLuca Deri2020-09-02
|
* Added check for ndpi_ssl_version2str()Luca Deri2020-08-31
|
* Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵Luca Deri2020-08-30
| | | | not condidered safe/secure
* Fixes control reaches end of non-void functionSimone Mainardi2020-08-27
|
* Passes method_len param to ndpi_http_str2methodSimone Mainardi2020-08-27
|
* Added ndpi_http_method ndpi_http_str2method(const char* method) API callLuca Deri2020-08-26
|
* Added ndpi_http_method2str() API callLuca Deri2020-08-26
|
* Added new check for detecting suspicious (too long) namesLuca Deri2020-08-21
|
* Merge pull request #973 from IvanNardi/esni3Luca Deri2020-08-06
|\ | | | | Add risk flag about suspicious ESNI usage
| * Add risk flag about suspicious ESNI usageNardi Ivan2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon
Powered by cgit, Themed by Ted Yin.