| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
Removed bigram_automata, impossible_bigram_automata, trigram_automata.
The ahocorasick structure is replaced with a bitmap.
The bitmap size for ndpi_en_bigram is 176 bytes.
The bitmap size for ndpi_en_trigram is 2201 bytes.
On the test machine, the test execution time was reduced from 27.3 seconds to 24.7 (9%).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Added ndpi_dump_risks_score() API score
|
| |
|
|
| |
Added ndpi_get_upper_proto() API call
|
| |
|
|
| |
Removed fragment manager code
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
```
In file included from protocols/fasttrack.c:29:
../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers]
1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk);
| ^~~~~
In file included from protocols/amazon_video.c:28:
../include/ndpi_api.h:1504:3: warning: type qualifiers ignored on function return type [-Wignored-qualifiers]
1504 | const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk);
| ^~~~~
...
ndpi_utils.c: In function ‘ndpi_risk2severity’:
ndpi_utils.c:1834:1: warning: control reaches end of non-void function [-Wreturn-type]
1834 | }
| ^
```
|
| | |
|
| |
|
|
|
|
| |
* Increased risk bitmask to 64bit (instead of 32bit).
* Removed annoying "Unknown datalink" error message for fuzzers.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
Reworked Tor dissector embedded in TLS (fixes #1141)
Removed false positive on HTTP User-Agent
|
| |
|
|
|
|
|
| |
* DTLS: add some pcap tests
* DTLS: fix parsing of Client/Server Helllo message
* DTLS: add parsing of server certificates
|
| |
|
|
|
|
| |
* An external file which contains known malicious SSL certificate SHA-1 hashes
can be loaded via ndpi_load_malicious_sha1_file(...)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
| |
Added ndpi_load_malicious_ja3_file() API call
|
| | |
|
| | |
|
| |
|
|
|
|
| |
- NDPI_RISKY_ASN
- NDPI_RISKY_DOMAIN
- NDPI_RISKY_COUNTRY
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Management of tcp segments managements.
Co-authored-by: ragostino <ragostino73@gmail.com>
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| | |
|
| |
|
|
| |
Modified TLS memory free
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name
Close #1077
* QUIC: fix matching of custom categories
* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions
* QUIC: fix serialization
* QUIC: add DGA check for older GQUIC versions
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Fixed stack overflow caused by missing buffer space for the trailing \0 added by sprintf()
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Remove the autoconf cache value from the previous and failed check before checking again.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Improved QUIC serialization
|
| |
|
|
| |
Warning fix
|
| |
|
|
|
| |
- invalid DNS traffic (probably carrying exfiltrated data)
- TLS traffic with no SNI extension
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |\
| |
| | |
Added support for mingw xcompile.
|
| | |
| |
| |
| | |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
| |
not condidered safe/secure
|
| | |
|