| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | fixes issue #1050 Syntax error caused buffer pointer to equal 0x1 (#1051) | Don J. Rude | 2020-11-09 | |
| | | | | | | | | | | | | | | | | | | * Syntax error caused buffer pointer to equal 0x1 Possible copy-paste from lines 141-142? * Another comma operator * whitespace matching * another comma operator * another comma operator * another comma operator * Check for non-zero payload | |||
| * | Updated ESNI/SNI alarm generation prolicy | Luca Deri | 2020-11-08 | |
| | | ||||
| * | Reworked IEC60870 dissector | Luca Deri | 2020-11-04 | |
| | | ||||
| * | IEC60870 dissection improvements | Luca Deri | 2020-11-04 | |
| | | ||||
| * | :bulb: Add mongodb protocol dissector (#1048) | Leonn | 2020-11-03 | |
| | | ||||
| * | QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044) | Ivan Nardi | 2020-11-03 | |
| | | | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak | |||
| * | Fix for detecting numeric IPs | Luca Deri | 2020-11-01 | |
| | | ||||
| * | Added boundary check | Luca Deri | 2020-10-27 | |
| | | ||||
| * | Improve skype detection (#1039) | Igor Duarte | 2020-10-27 | |
| | | | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection | |||
| * | Added -D flag for detecting DoH in the wild | Luca Deri | 2020-10-26 | |
| | | | | | Removed heuristic from CiscoVPN as it leads to false positives | |||
| * | Various improvemement when using ndpi_pref_enable_tls_block_dissection: | Luca Deri | 2020-10-24 | |
| | | | | | | | application data TLS blocks are now ignored when exchanged before - the end of certificate negotiation (up to TLS 1.2) - change cipher | |||
| * | Added CPHA - CheckPoint High Availability Protocol protocl support | Luca Deri | 2020-10-22 | |
| | | ||||
| * | Fixes #1033 | Luca Deri | 2020-10-21 | |
| | | ||||
| * | Added fix for invalid SNI check when SNI is missing | Luca Deri | 2020-10-02 | |
| | | ||||
| * | QUIC: fix dissection of "offset" field (#1025) | Ivan Nardi | 2020-09-29 | |
| | | | | | | | | The "offset" field is a variable-length integer. This bug hasn't any practical effects right now, since we are ignoring any packet with "offset" != 0 (and the value 0 is always encoded in only one byte). But extracting a correct "offset" is important if we are ever going to handle fragmented Client Hello messages. | |||
| * | Added extra boundary checks | Luca Deri | 2020-09-26 | |
| | | ||||
| * | Boundary fix | Luca Deri | 2020-09-25 | |
| | | ||||
| * | Various optimizations to reduce not-necessary calls | Luca Deri | 2020-09-24 | |
| | | | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive | |||
| * | Improved boundary check to prevent overflow | Luca Deri | 2020-09-23 | |
| | | ||||
| * | Minor UA handling improvement to avoid heap-overflow | Luca Deri | 2020-09-22 | |
| | | ||||
| * | Minor change for alignment issue | Luca Deri | 2020-09-21 | |
| | | ||||
| * | Added risks for checking | Luca Deri | 2020-09-21 | |
| | | | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension | |||
| * | Merge pull request #1019 from IvanNardi/quic_fb | Luca Deri | 2020-09-20 | |
| |\ | | | | | QUIC: add support for MVFST EXPERIMENTAL version | |||
| | * | QUIC: add support for MVFST EXPERIMENTAL version | Nardi Ivan | 2020-09-20 | |
| | | | ||||
| * | | Merge pull request #1017 from lnslbrty/fix/mingw-xcompile | Luca Deri | 2020-09-20 | |
| |\ \ | |/ |/| | Added support for mingw xcompile. | |||
| | * | Fixed shlib xcompile for x86_64-w64-mingw32 | Toni Uhlig | 2020-09-08 | |
| | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 | |
| | | | ||||
| * | | Merge pull request #1012 from IvanNardi/ua | Luca Deri | 2020-09-17 | |
| |\ \ | | | | | | | QUIC: extract User Agent information | |||
| | * | | TLS: fix memory accesses in QUIC transport parameters extension | Nardi Ivan | 2020-09-10 | |
| | | | | ||||
| | * | | QUIC: extract User Agent information | Nardi Ivan | 2020-09-08 | |
| | | | | ||||
| | * | | http: create a common function to parse User Agent field | Nardi Ivan | 2020-09-08 | |
| | | | | | | | | | | | | | Prepare the code to handle UA information from flows other than HTTP | |||
| * | | | Disabled QUIC tracing that pollutes the output | Luca Deri | 2020-09-17 | |
| | | | | ||||
| * | | | Added boundary check | Luca Deri | 2020-09-10 | |
| | | | | ||||
| * | | | Merge pull request #1014 from lnslbrty/improved/teamspeak | Luca Deri | 2020-09-09 | |
| |\ \ \ | | | | | | | | | Improved Teamspeak(3) protocol detection. | |||
| | * | | | Improved Teamspeak(3) protocol detection. | Toni Uhlig | 2020-09-09 | |
| | |/ / | | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * / / | Added extension to detect nested subdomains as used in Browsertunnel attack tool | Luca Deri | 2020-09-09 | |
| |/ / | | | | | | | https://github.com/veggiedefender/browsertunnel | |||
| * / | Improved dnscrypt v1/v2 protocol detection. | Toni Uhlig | 2020-09-06 | |
| |/ | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed off-by-one error in Kerberos protocol. | Toni Uhlig | 2020-09-02 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵ | Toni Uhlig | 2020-09-02 | |
| | | | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added boundary check | Luca Deri | 2020-09-01 | |
| | | ||||
| * | Added (optional) notifier for LRU add | Luca Deri | 2020-08-31 | |
| | | ||||
| * | QUIC: add support for GQUIC T050 and T051 | Nardi Ivan | 2020-08-30 | |
| | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol. | |||
| * | Improved ntop detection over HTTP | Luca Deri | 2020-08-30 | |
| | | | | | Added cap on number of attempts for CiscoVPN | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 | |
| | | | | | Optimized stddev calculation | |||
| * | Merge pull request #996 from lnslbrty/fix/travis-ci | Luca Deri | 2020-08-28 | |
| |\ | | | | | Fix travis-ci related errors. | |||
| | * | Fixed use-of-uninitialized-value in QUIC clho decryption probably caused by ↵ | Toni Uhlig | 2020-08-27 | |
| | | | | | | | | | | | | | a BUG in libgcrypt (not verified). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| | * | Moved NDPI_CURRENT_PROTO define before ndpi_api.h include to prevent a ↵ | Toni Uhlig | 2020-08-27 | |
| | | | | | | | | | | | | | redefinition warning. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Passes method_len param to ndpi_http_str2method | Simone Mainardi | 2020-08-27 | |
| | | | ||||
| * | | Added ndpi_http_method ndpi_http_str2method(const char* method) API call | Luca Deri | 2020-08-26 | |
| |/ | ||||
| * | QUIC: minor fixes | Nardi Ivan | 2020-08-24 | |
| | | | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990) | |||