aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
* Improved SSH protocol detection.improved/sshToni Uhlig2020-11-08
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated ESNI/SNI alarm generation prolicyLuca Deri2020-11-08
|
* Reworked IEC60870 dissectorLuca Deri2020-11-04
|
* IEC60870 dissection improvementsLuca Deri2020-11-04
|
* :bulb: Add mongodb protocol dissector (#1048)Leonn2020-11-03
|
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044)Ivan Nardi2020-11-03
| | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak
* Fix for detecting numeric IPsLuca Deri2020-11-01
|
* Added boundary checkLuca Deri2020-10-27
|
* Improve skype detection (#1039)Igor Duarte2020-10-27
| | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection
* Added -D flag for detecting DoH in the wildLuca Deri2020-10-26
| | | | Removed heuristic from CiscoVPN as it leads to false positives
* Various improvemement when using ndpi_pref_enable_tls_block_dissection:Luca Deri2020-10-24
| | | | | | application data TLS blocks are now ignored when exchanged before - the end of certificate negotiation (up to TLS 1.2) - change cipher
* Added CPHA - CheckPoint High Availability Protocol protocl supportLuca Deri2020-10-22
|
* Fixes #1033Luca Deri2020-10-21
|
* Added fix for invalid SNI check when SNI is missingLuca Deri2020-10-02
|
* QUIC: fix dissection of "offset" field (#1025)Ivan Nardi2020-09-29
| | | | | | | The "offset" field is a variable-length integer. This bug hasn't any practical effects right now, since we are ignoring any packet with "offset" != 0 (and the value 0 is always encoded in only one byte). But extracting a correct "offset" is important if we are ever going to handle fragmented Client Hello messages.
* Added extra boundary checksLuca Deri2020-09-26
|
* Boundary fixLuca Deri2020-09-25
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Improved boundary check to prevent overflowLuca Deri2020-09-23
|
* Minor UA handling improvement to avoid heap-overflowLuca Deri2020-09-22
|
* Minor change for alignment issueLuca Deri2020-09-21
|
* Added risks for checkingLuca Deri2020-09-21
| | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
* Merge pull request #1019 from IvanNardi/quic_fbLuca Deri2020-09-20
|\ | | | | QUIC: add support for MVFST EXPERIMENTAL version
| * QUIC: add support for MVFST EXPERIMENTAL versionNardi Ivan2020-09-20
| |
* | Merge pull request #1017 from lnslbrty/fix/mingw-xcompileLuca Deri2020-09-20
|\ \ | |/ |/| Added support for mingw xcompile.
| * Fixed shlib xcompile for x86_64-w64-mingw32Toni Uhlig2020-09-08
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
| |
* | Merge pull request #1012 from IvanNardi/uaLuca Deri2020-09-17
|\ \ | | | | | | QUIC: extract User Agent information
| * | TLS: fix memory accesses in QUIC transport parameters extensionNardi Ivan2020-09-10
| | |
| * | QUIC: extract User Agent informationNardi Ivan2020-09-08
| | |
| * | http: create a common function to parse User Agent fieldNardi Ivan2020-09-08
| | | | | | | | | | | | Prepare the code to handle UA information from flows other than HTTP
* | | Disabled QUIC tracing that pollutes the outputLuca Deri2020-09-17
| | |
* | | Added boundary checkLuca Deri2020-09-10
| | |
* | | Merge pull request #1014 from lnslbrty/improved/teamspeakLuca Deri2020-09-09
|\ \ \ | | | | | | | | Improved Teamspeak(3) protocol detection.
| * | | Improved Teamspeak(3) protocol detection.Toni Uhlig2020-09-09
| |/ / | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* / / Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ / | | | | | | https://github.com/veggiedefender/browsertunnel
* / Improved dnscrypt v1/v2 protocol detection.Toni Uhlig2020-09-06
|/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed off-by-one error in Kerberos protocol.Toni Uhlig2020-09-02
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵Toni Uhlig2020-09-02
| | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added boundary checkLuca Deri2020-09-01
|
* Added (optional) notifier for LRU addLuca Deri2020-08-31
|
* QUIC: add support for GQUIC T050 and T051Nardi Ivan2020-08-30
| | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol.
* Improved ntop detection over HTTPLuca Deri2020-08-30
| | | | Added cap on number of attempts for CiscoVPN
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* Merge pull request #996 from lnslbrty/fix/travis-ciLuca Deri2020-08-28
|\ | | | | Fix travis-ci related errors.
| * Fixed use-of-uninitialized-value in QUIC clho decryption probably caused by ↵Toni Uhlig2020-08-27
| | | | | | | | | | | | a BUG in libgcrypt (not verified). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * Moved NDPI_CURRENT_PROTO define before ndpi_api.h include to prevent a ↵Toni Uhlig2020-08-27
| | | | | | | | | | | | redefinition warning. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Passes method_len param to ndpi_http_str2methodSimone Mainardi2020-08-27
| |
* | Added ndpi_http_method ndpi_http_str2method(const char* method) API callLuca Deri2020-08-26
|/
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
Powered by cgit, Themed by Ted Yin.