libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)	Ivan Nardi	2021-10-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet") in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid saving dissection information of "current packet" into the "flow" state, i.e. in the flow management table. The nDPI detection module processes only one packet at the time, so it is safe to save packet dissection information in `struct ndpi_detection_module_struct`, reusing always the same "packet" instance and saving a huge amount of memory. Bottom line: we need only one copy of "packet" (for detection module), not one for each "flow". It is not clear how/why "packet" ended up in "flow" in the first place. It has been there since the beginning of the GIT history, but in the original OpenDPI code `struct ipoque_packet_struct` was embedded in `struct ipoque_detection_module_struct`, i.e. there was the same exact situation this commit wants to achieve. Most of the changes in this PR are some boilerplate to update something like "flow->packet" into something like "module->packet" throughout the code. Some attention has been paid to update `ndpi_init_packet()` since we need to reset some "packet" fields before starting to process another packet. There has been one important change, though, in ndpi_detection_giveup(). Nothing changed for the applications/users, but this function can't access "packet" anymore. The reason is that this function can be called "asynchronously" with respect to the data processing, i.e in context where there is no valid notion of "current packet"; for example ndpiReader calls it after having processed all the traffic, iterating the entire session table. Mining LRU stuff seems a bit odd (even before this patch): probably we need to rethink it, as a follow-up.
*	Remove `detected_protocol_stack` field from `ndpi_packet_struct` (#1317)	Ivan Nardi	2021-09-29
\| \| \| \| \| \| \| \| \| \| \| \| \|	This field is an exact copy of `ndpi_flow_struct->detected_protocol_stack[2]`: * at the very beginning of packet dissection, the value saved in `flow->detected_protocol_stack` is copied in `packet->detected_protocol_stack` (via `ndpi_detection_process_packet()` -> `ndpi_init_packet_header()`) * every time we update `flow->detected_protocol_stack` we update `packet->detected_protocol_stack` too (via `ndpi_int_change_protocol()` -> `ndpi_int_change_packet_protocol()`) These two fields are always in sync: keeping the same value in two different places is useless.
*	Small fixes after latest commits (#1308)	Ivan Nardi	2021-09-18
\|
*	Improved fragmented DNS detection	Luca Deri	2021-09-17
\|
*	DNS dissection fixes	Luca Deri	2021-09-17
\|
*	Progetto esame Gestione di Reti - Debora Cerretini (#1290)	deboracerretini	2021-09-17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Add files via upload Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
*	Reworked flow risk implementation	Luca Deri	2021-07-23
\|
*	Fixed invalid DNS dissection	Luca Deri	2021-04-26
\|
*	Improved DGA detection with trigrams. Disadvantage: slower startup time	Luca Deri	2021-03-03
\| \| \| \| \|	Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
*	Improved DNS dissector	Luca Deri	2021-02-26
\|
*	Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now	Luca Deri	2021-02-10
\|
*	(C) Update	Luca Deri	2021-01-07
\|
*	Various optimizations to reduce not-necessary calls	Luca Deri	2020-09-24
\| \| \| \| \|	Optimized various UDP dissectors Removed dead protocols such as pando and pplive
*	Added risks for checking	Luca Deri	2020-09-21
\| \| \| \| \|	- invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
*	Reworked MDNS dissector that is not based on the DNS dissector	Luca Deri	2020-09-17
\|
*	Added extension to detect nested subdomains as used in Browsertunnel attack tool	Luca Deri	2020-09-09
\| \| \| \|	https://github.com/veggiedefender/browsertunnel
*	Added malformed packet risk support	Luca Deri	2020-06-26
\|
*	Added checks for DGA detection	Luca Deri	2020-06-17
\|
*	Added DGA risk for names that look like a DGA	Luca Deri	2020-06-11
\|
*	Adds different checks against overflows	Philippe Antoine	2020-03-19
\|
*	Fix buffer over read in dns	Philippe Antoine	2020-03-12
\|
*	Fix various buffer over reads	Philippe Antoine	2020-02-18
\|
*	Improvements for DNS continuous flow dissection	Luca	2020-02-06
\|
*	Improved DNS response decoding	Luca Deri	2020-02-04
\| \| \| \|	The first decoded address is now reported by ndpiReader
*	Fix undefined shift in dns	Philippe Antoine	2020-01-31
\|
*	Updated (C)	Luca Deri	2020-01-05
\|
*	Code cleanup	Luca Deri	2019-12-09
\|
*	Fixed buffer overflow in DNS dissection	Luca Deri	2019-11-26
\|
*	Major cleanup	Luca Deri	2019-10-24
\| \| \| \|	Removed ndpi_pref_http_dont_dissect_response and ndpi_pref_dns_dont_dissect_response as the ndpi_extra_dissection_possible() call will now handle everything
*	Added extra processing for POP and SMTP	Luca Deri	2019-10-22
\|
*	Handle TCP DNS replies and add is_reply flag	emanuele-f	2019-10-03
\|
*	Fix DNS reply dissection issues	emanuele-f	2019-10-03
\|
*	Improved category handlign in subprotocols	Luca Deri	2019-09-27
\| \| \| \| \|	Further DNS dissection fixes Fixed WeChat invalid category
*	Fixed partial string matches	Luca Deri	2019-09-27
\|
*	Added ndpi_extra_dissection_possible() API call	Luca Deri	2019-09-26
\|
*	Restructure DNS search code	emanuele-f	2019-09-26
\|
*	Adedd DTLS check in STUN	Luca Deri	2019-09-21
\| \| \| \|	Uodated (C)
*	Code cleanup	Luca Deri	2019-07-27
\|
*	Fix DNS rsp_addr missing in some tiny responses	emanuele-f	2019-04-15
\|
*	Implemented ndpi_process_partial_detection() API call to handle partial ↵	Luca Deri	2019-04-01
\| \| \| \|	matches due to the nDPI specified configuration
*	Add DNS response address	emanuele-f	2019-03-29
\|
*	Merge pull request #673 from vel21ripn/dns_fix_name	Luca Deri	2019-03-23
\|\ \| \| \| \|	More accurate hostname verification in a DNS query.
\| *	More accurate hostname verification in a DNS query.	Vitaly Lavrov	2019-02-27
\| \|
* \|	Fixes possibly broken dissection of invalid DNS responses	Simone Mainardi	2019-03-04
\|/
*	Fix invalid TCP DNS dissection	emanuele-f	2019-02-19
\|
*	Aligned DNS to HTTP dissection	Luca Deri	2019-02-07
\|
*	Completed custom category implementation	Luca Deri	2018-08-16
\|
*	Major code cleanup	Luca	2018-07-21
\| \| \| \|	Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
*	Merge branch 'dev' into dev	Michele Campus	2017-12-07
\|\
\| *	Return before calling ndpi_match_host_subprotocol when dns_dissect_response ↵	Darryl Sokoloski	2017-11-30
\| \| \| \| \| \| \| \| \| \| \| \|	enabled. Otherwise responses will never be seen if a host sub-protocol matched.