| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | HTTP: fix memory access in ndpi_http_parse_subprotocol() (#1151) | Ivan Nardi | 2021-03-09 | |
| | | ||||
| * | Ookla detection improvement | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Added Ookla detection over IPv6 | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Ookla fixes | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Improved detection of Ookla speedtest and openspeedtest.com | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Add support for Snapchat voip calls (#1147) | Ivan Nardi | 2021-03-06 | |
| | | | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled | |||
| * | Improved DGA detection with trigrams. Disadvantage: slower startup time | Luca Deri | 2021-03-03 | |
| | | | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent | |||
| * | DTLS: improve support (#1146) | Ivan Nardi | 2021-03-02 | |
| | | | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates | |||
| * | Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) | Toni | 2021-02-26 | |
| | | | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Improved DNS dissector | Luca Deri | 2021-02-26 | |
| | | ||||
| * | Added NDPI_MALICIOUS_JA3 flow risk | Luca Deri | 2021-02-22 | |
| | | | | | Added ndpi_load_malicious_ja3_file() API call | |||
| * | Implemented TLS Certificate Sibject matching | Luca Deri | 2021-02-22 | |
| | | | | | Improved AnyDesk detection | |||
| * | Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now | Luca Deri | 2021-02-10 | |
| | | ||||
| * | Improved FTP_CONTROL detection | Luca Deri | 2021-02-10 | |
| | | ||||
| * | Added check for avoiding long dissections | Luca Deri | 2021-02-10 | |
| | | ||||
| * | Fixed CPHA missing protocol initialization | Luca Deri | 2021-02-10 | |
| | | | | | Improved IEC104 and IRC detection | |||
| * | Dissection inprovements | Luca Deri | 2021-02-09 | |
| | | ||||
| * | Added checks for giving up faster on IRC and SMTP | Luca Deri | 2021-02-09 | |
| | | ||||
| * | Improved (partial) TLS dissection | Luca Deri | 2021-02-04 | |
| | | ||||
| * | HTTP: fix user-agent parsing (#1124) | Ivan Nardi | 2021-02-03 | |
| | | | | | | | | | | | | User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported... | |||
| * | HTTP: fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1123) | Ivan Nardi | 2021-02-03 | |
| | | ||||
| * | Increased number of extra packets that is necessary since the frgament ↵ | Luca Deri | 2021-02-03 | |
| | | | | | mananger introduction | |||
| * | debug message bugfix (#1108) | ragostino | 2021-02-03 | |
| | | | | you can not look for memory enlargement if you print debug message after updating the variables | |||
| * | Improved wireguard dissection | Luca Deri | 2021-01-29 | |
| | | ||||
| * | DCE/RPC improvement to avoid false positives | Luca Deri | 2021-01-29 | |
| | | ||||
| * | Cleaned up tls/quic datatypes | Luca Deri | 2021-01-21 | |
| | | ||||
| * | Reworked TLS fingerprint calcolation | Luca Deri | 2021-01-21 | |
| | | | | | Modified TLS memory free | |||
| * | Rewored UPnP protocol that in essence was WSD hence it has been renamed | Luca | 2021-01-20 | |
| | | | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol | |||
| * | Improves STUN dissection removing an invalid termination condition that ↵ | Luca Deri | 2021-01-13 | |
| | | | | | prevented Skype calls to be properly identified | |||
| * | (C) Update | Luca Deri | 2021-01-07 | |
| | | ||||
| * | Warning fix | Luca Deri | 2021-01-07 | |
| | | ||||
| * | STUN: avoid false positives (#1110) | Ivan Nardi | 2021-01-07 | |
| | | | | STUN traffic doesn't use multicast addresses | |||
| * | HTTP: fix compilation and a memory error when NDPI_ENABLE_DEBUG_MESSAGES is ↵ | Ivan Nardi | 2021-01-07 | |
| | | | | | defined (#1109) | |||
| * | QUIC: add suppport for DNS-over-QUIC (#1107) | Ivan Nardi | 2021-01-07 | |
| | | | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ | |||
| * | Quic fixes (#1106) | Ivan Nardi | 2021-01-07 | |
| | | | | | | * QUIC: fix heap-buffer-overflow * TLS: fix parsing of QUIC Transport Parameters | |||
| * | QUIC: improve handling of SNI (#1105) | Ivan Nardi | 2021-01-07 | |
| | | | | | | | | | | | | | | * QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name Close #1077 * QUIC: fix matching of custom categories * QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions * QUIC: fix serialization * QUIC: add DGA check for older GQUIC versions | |||
| * | Split HTTP request from response Content-Type. Request Content-Type should ↵ | Luca Deri | 2021-01-06 | |
| | | | | | be present with POSTs and not with other methods such as GET | |||
| * | Added check for invalid HTTP content | Luca Deri | 2021-01-06 | |
| | | ||||
| * | QUIC: update to draft-33 (#1104) | Ivan Nardi | 2021-01-04 | |
| | | | | QUIC (final!?) constants for v1 are defined in draft-33 | |||
| * | Remove FB_ZERO protocol (#1102) | Ivan Nardi | 2021-01-04 | |
| | | | | | | | FB_ZERO was an experimental protocol run by Facebook. They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but them so it is definitely dead. See: https://engineering.fb.com/2018/08/06/security/fizz/ | |||
| * | Fixed missing symbol | Luca Deri | 2021-01-02 | |
| | | ||||
| * | Added HTTP suspicious content securirty risk (useful for tracking trickbot) | Luca Deri | 2021-01-02 | |
| | | ||||
| * | Added known protocol on unknown port for ntop | Luca Deri | 2020-12-28 | |
| | | ||||
| * | Introduced fix on TLS for discarding traffic out of sequence that might ↵ | Luca Deri | 2020-12-22 | |
| | | | | | invalidate dissection | |||
| * | Type change to avoid Windows compilation issues | Luca Deri | 2020-12-17 | |
| | | ||||
| * | Improved HTTP dissection | Luca Deri | 2020-12-16 | |
| | | ||||
| * | soulseek: fix heap buffer overflow (#1083) | Ivan Nardi | 2020-12-11 | |
| | | | | Close #1082 | |||
| * | Added initialization | Luca Deri | 2020-12-11 | |
| | | ||||
| * | Rename Jabber detection name as we are not sure if it is unencrypted e.g. if ↵ | Toni | 2020-12-08 | |
| | | | | | | START_TLS used. (#1079) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Add a connectionless DCE/RPC detection (#1078) | rafaliusz | 2020-12-08 | |
| | | | | | | | | * Add connectionless DCE/RPC detection * Add DCE/RPC pcap file as well as its test result Co-authored-by: rafal <rafal.burzynski@cryptomage.com> | |||