aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_utils.c
Commit message (Collapse)AuthorAge
* Follow-up of latest Signal call change (see: 4d41588a7)Ivan Nardi2025-04-05
|
* OS fingerprint code cleanupLuca Deri2025-03-31
|
* Added ndpi_str_to_utf8() API call to convert an ISO 8859 stirng to UTF-8Luca2025-03-27
|
* Improved configuration to enable/disable export of flow risk info (#2780)Ivan Nardi2025-03-25
| | | | Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the configuration is for flow-risk, not global
* Added API calls to load TCP fingeprintsLuca Deri2025-03-25
| | | | | | | int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str, char *fingerprint, enum operating_system_hint os); int load_tcp_fingerprint_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); int ndpi_load_tcp_fingerprint_file(struct ndpi_detection_module_struct *ndpi_str, const char *path);
* Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779)Ivan Nardi2025-03-25
| | | | | | | Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk. Disable fully-encryption detection by default, like all the obfuscation heuristics.
* Remove `NDPI_TLS_SUSPICIOUS_ESNI_USAGE` flow risk (#2778)Ivan Nardi2025-03-25
| | | | | | That flow risk was introduced in 79b89d286605635f15edfe3c21297aaa3b5f3acf but we can now use the generic `NDPI_TLS_SUSPICIOUS_EXTENSION` instead: ESNI is quite suspicious nowadays in itself (i.e. even without SNI). Note that ESNI support has been removed in cae9fb9989838f213eeb857b8fc4bbeac6940049
* Update ndpi_utils.cIvan Kapranov2025-03-11
|
* Add configuration parameter to enable/disable export of flow risk info (#2761)Ivan Nardi2025-03-05
| | | | For the most common protocols, avoid creating the string message if we are not going to use it
* Flow risk infos are always exported "in order" (by flow risk id)Ivan Nardi2025-03-04
| | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order.
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Exported RTP payload in packet metadataLuca Deri2025-02-19
| | | | Added ndpi_rtp_payload_type2str() API call
* added metadata fields for M-NOTIFY (#2733)Ivan Kapranov2025-02-17
|
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* reworked ntp info extraction (#2723)Ivan Kapranov2025-02-15
|
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* Renamed ips_match to ndpi_ips_matchLuca Deri2025-01-17
|
* TLS: remove JA3C (#2679)Ivan Nardi2025-01-14
| | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551
* Fixes https://github.com/ntop/nDPI/issues/2673Luca Deri2025-01-13
|
* Add the ability to enable/disable every specific flow risks (#2653)Ivan Nardi2025-01-06
|
* IPv6: fix bad ipv6 format (#1890) (#2651)paolomonti2024-12-20
| | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
* Telegram STUN improvementLuca Deri2024-12-13
|
* Added STUN custom supportLuca Deri2024-12-02
|
* Enhanced STUN statsLuca Deri2024-11-28
|
* SIP: export metadata via json (#2630)Ivan Nardi2024-11-26
| | | Fix: 1bda2bf41
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* Added ndpi_intoav6()Luca Deri2024-11-17
| | | | Implemented Mikrotik JSON serialization
* SIP: extract some basic metadataIvan Nardi2024-11-12
|
* fuzz: improve coverage (#2612)Ivan Nardi2024-11-01
| | | Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()`
* HTTP: fix leak and out-of-bound error on credential extraction (#2611)Ivan Nardi2024-11-01
|
* Added HTTP credentials extractionLuca Deri2024-10-31
|
* DNS reponse addresses are now serialized in JSONLuca2024-10-30
|
* Added ndpi_str_endswith()Luca Deri2024-10-28
|
* Reworked TCP fingeprint implementationLuca Deri2024-10-20
|
* Renamed os hints to avoid name clashesLuca Deri2024-10-19
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Added -L <domain suffix> for loading domain suffixesLuca Deri2024-10-15
| | | | Exported domainanme in JSON file (-K JSON)
* Implemented nDPI TCP fingerprintLuca Deri2024-10-15
|
* Slightly better ndpi_strrstr implementation (#2570)Vladimir Gavrilov2024-09-25
|
* Changed too restrictive checkLuca Deri2024-09-25
|
* buffer lenghtt is now returned by ndpi_quick_encrypt() and ndpi_quick_deecrypt()Luca Deri2024-09-24
|
* Added new API callsLuca Deri2024-09-24
| | | | | u_int ndpi_hex2bin(u_char *out, u_int out_len, u_char* in, u_int in_len); u_int ndpi_bin2hex(u_char *out, u_int out_len, u_char* in, u_int in_len);
* Added ndpi_quick_encrypt() ndpi_quick_decrypt() APi calls (#2568)Luca Deri2024-09-24
| | | | | * Added ndpi_quick_encrypt() ndpi_quick_decrypt(0 APi calls based on AES * Added aes.c
* Fix `ndpi_strrstr()` (#2565)Ivan Nardi2024-09-23
| | | | | | | | | | | | | ``` ==6591==ERROR: AddressSanitizer: SEGV on unknown address 0x502000230000 (pc 0x55fbd836a5a0 bp 0x7ffdf4503670 sp 0x7ffdf4502e28 T0) ==6591==The signal is caused by a READ memory access. #0 0x55fbd836a5a0 in __sanitizer::internal_strlen(char const*) /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cpp:176:10 #1 0x55fbd82cfc28 in StrstrCheck(void*, char*, char const*, char const*) /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:579:17 #2 0x55fbd82cfbc2 in strstr /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:598:5 #3 0x55fbd840a04a in ndpi_strrstr /src/ndpi/src/lib/ndpi_utils.c:3471:15 #4 0x55fbd840ba95 in ndpi_get_host_domain /src/ndpi/src/lib/ndpi_domains.c:149:9 #5 0x55fbd83ef751 in ndpi_check_dga_name /src/ndpi/src/lib/ndpi_main.c:10748:17 ``` Found by oss-fuzz
* Implemented ndpi_strrstr()Luca Deri2024-09-19
| | | | Fixed bug in ndpi_get_host_domain
* Improved fingerprint serializationLuca2024-09-17
|
* Added DHCP class idnetifierLuca2024-09-17
|
* Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547)Ivan Nardi2024-09-16
| | | | | | | | | | | | Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default.
* Reworked fingerprint export now in JSONLuca2024-09-16
|
* Align serialized risk names to all others (first letter; uppercase letter) ↵Toni2024-09-03
| | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.