aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/ssh.c
Commit message (Collapse)AuthorAge
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* Update copyrightAlfredo Cardigliano2022-01-03
|
* Remove `struct ndpi_packet_struct` from `struct ndpi_flow_struct` (#1319)Ivan Nardi2021-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are no real reasons to embed `struct ndpi_packet_struct` (i.e. "packet") in `struct ndpi_flow_struct` (i.e. "flow"). In other words, we can avoid saving dissection information of "current packet" into the "flow" state, i.e. in the flow management table. The nDPI detection module processes only one packet at the time, so it is safe to save packet dissection information in `struct ndpi_detection_module_struct`, reusing always the same "packet" instance and saving a huge amount of memory. Bottom line: we need only one copy of "packet" (for detection module), not one for each "flow". It is not clear how/why "packet" ended up in "flow" in the first place. It has been there since the beginning of the GIT history, but in the original OpenDPI code `struct ipoque_packet_struct` was embedded in `struct ipoque_detection_module_struct`, i.e. there was the same exact situation this commit wants to achieve. Most of the changes in this PR are some boilerplate to update something like "flow->packet" into something like "module->packet" throughout the code. Some attention has been paid to update `ndpi_init_packet()` since we need to reset some "packet" fields before starting to process another packet. There has been one important change, though, in ndpi_detection_giveup(). Nothing changed for the applications/users, but this function can't access "packet" anymore. The reason is that this function can be called "asynchronously" with respect to the data processing, i.e in context where there is no valid notion of "current packet"; for example ndpiReader calls it after having processed all the traffic, iterating the entire session table. Mining LRU stuff seems a bit odd (even before this patch): probably we need to rethink it, as a follow-up.
* Reworked flow risk implementationLuca Deri2021-07-23
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* (C) UpdateLuca Deri2021-01-07
|
* Improved SSH protocol detection. (#1052)Toni2020-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* SSH code cleanupLuca Deri2020-07-25
|
* added other ssh implementations to checkMrRadix2020-07-24
|
* added cipher checkMrRadix2020-07-22
|
* Resolved conflicts on fetchMrRadix2020-07-22
|\
| * Added changes for handlign SSSH cipher detectionLuca Deri2020-07-22
| |
* | fixed bug inside set bit macro callMrRadix2020-07-22
| |
* | added sscanf error handlingMrRadix2020-07-22
| |
* | improved performance and legibilityMrRadix2020-07-22
| |
* | improved performance by removing linear scanMrRadix2020-07-22
| |
* | added ssh_analyse_signature_version and ssh_has_old_signature for check old ↵MrRadix2020-07-21
|/ | | | signature version of ssh
* Added skeleton for checking SSH signatureLuca Deri2020-07-20
|
* SSH boundary check reworkLuca Deri2020-04-30
|
* Minor cleanupLuca Deri2020-04-30
|
* Better fix for integer overflow in SSHPhilippe Antoine2020-04-30
| | | | Credits to GHSL
* ssh: fixing unsigned overflow leading to heap overflowPhilippe Antoine2020-04-02
| | | | cf GHSL-2020-051
* ssh: adds systematic bounds checks in concat_hash_stringPhilippe Antoine2020-04-02
| | | | cf GHSL-2020-052
* ssh: fix heap-overflow errorNardi Ivan2020-03-27
|
* Fixed invalid allocationLuca Deri2020-03-24
|
* Adds different checks against overflowsPhilippe Antoine2020-03-19
|
* Minor fixesLuca Deri2020-01-21
|
* Merge branch 'dev' of https://github.com/ntop/nDPI into devLuca Deri2020-01-05
|\
| * Removed disable_metadata_export preference that is no longer usefulLuca2019-12-29
| | | | | | | | since ndpi_process_extra_packet() can drive limited or full metadata export
* | Updated (C)Luca Deri2020-01-05
|/
* Fix invalid reads and add valgrind testemanuele-f2019-12-04
|
* SSH dissection improvementsLuca Deri2019-10-25
|
* SMTP and SSH dissection fixesLuca Deri2019-10-24
|
* Added STUN check to avoid false positivesLuca Deri2019-09-11
| | | | | Added fingerprint comments in SSH/TLS Added netflow test pcap
* SSH hash fixLuca Deri2019-08-26
|
* Add more length checks in HASSHemanuele-f2019-08-23
| | | | This to prevent possible crashes on invalid packets
* Implemented HASSH (https://github.com/salesforce/hassh)Luca Deri2019-08-22
|
* Major code cleanupLuca2018-07-21
| | | | Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
* Added ndpi_set_detection_preferences() APi callLuca Deri2018-05-14
|
* SSH: increase client's maximum payload length from 100 to 500Alexander Gozman2018-05-04
| | | | | | | According to RFC4253, a client may send additional data right after its identification string (before receiving the server's identification string). For instance, PuTTY sends supported ciphers. This exceeds 100 bytes and nDPI fails to detect such SSH sessions.
* Refactoring the debugging output.Vitaly Lavrov2017-10-26
| | | | | | | | | | | | | | levels of debug output: 0 - ERROR: Only for errors. 1 - TRACE: Start of each packets and if found protocol. 2 - DEBUG: Start of searching each protocol and excluding protocols. 3 - DEBUG_EXTRA: For all other messages. Added field ndpi_struct->debug_logging for enable debug output of each protocols. Simple macros for debugging output are added: NDPI_LOG_ERR(), NDPI_LOG_INFO(), NDPI_LOG_DBG(), NDPI_LOG_DBG2(), NDPI_EXCLUDE_PROTO()
* Dissected SSH client/server versions and reported in data structuresLuca Deri2017-02-11
|
* Reworked protocol initialization. Work in progress (more cleanup is needed)Luca2015-07-08
|
* Split former protocol into upper and lower protocolLuca2015-07-01
|
* Removed commented codeLuca2015-07-01
| | | | Renamed ndpi_int_add_connection() with ndpi_set_detected_protocol()
* deleted protocol type (real-correlated)Michele Campus2015-06-29
|
* Initial import from SVNLuca Deri2015-04-19
Powered by cgit, Themed by Ted Yin.