aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
...
* Improved mining detection supportLuca Deri2021-03-30
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Win compilation fixLuca Deri2021-03-22
|
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Removed duplicate extesions lenLuca Deri2021-03-19
|
* Added ALPN and elliptic curve in JA3S+Luca Deri2021-03-19
|
* Implemented JA3+ also for JA3SLuca Deri2021-03-19
|
* Reworked JA3Luca Deri2021-03-19
|
* JA3 debug improvementsLuca Deri2021-03-19
|
* Fix compilation warningAlfredo Cardigliano2021-03-12
|
* Fixed JA3+ computationLuca Deri2021-03-11
|
* Added experiemntal JA3+ implementation that can be used with -z i ndpiReaderLuca Deri2021-03-09
|
* HTTP: fix memory access in ndpi_http_parse_subprotocol() (#1151)Ivan Nardi2021-03-09
|
* Ookla detection improvementLuca Deri2021-03-09
|
* Added Ookla detection over IPv6Luca Deri2021-03-09
|
* Ookla fixesLuca Deri2021-03-09
|
* Improved detection of Ookla speedtest and openspeedtest.comLuca Deri2021-03-09
|
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved DNS dissectorLuca Deri2021-02-26
|
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable nowLuca Deri2021-02-10
|
* Improved FTP_CONTROL detectionLuca Deri2021-02-10
|
* Added check for avoiding long dissectionsLuca Deri2021-02-10
|
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection
* Dissection inprovementsLuca Deri2021-02-09
|
* Added checks for giving up faster on IRC and SMTPLuca Deri2021-02-09
|
* Improved (partial) TLS dissectionLuca Deri2021-02-04
|
* HTTP: fix user-agent parsing (#1124)Ivan Nardi2021-02-03
| | | | | | | | | | | User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported...
* HTTP: fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1123)Ivan Nardi2021-02-03
|
* Increased number of extra packets that is necessary since the frgament ↵Luca Deri2021-02-03
| | | | mananger introduction
* debug message bugfix (#1108)ragostino2021-02-03
| | | you can not look for memory enlargement if you print debug message after updating the variables
* Improved wireguard dissectionLuca Deri2021-01-29
|
* DCE/RPC improvement to avoid false positivesLuca Deri2021-01-29
|
* Cleaned up tls/quic datatypesLuca Deri2021-01-21
|
* Reworked TLS fingerprint calcolationLuca Deri2021-01-21
| | | | Modified TLS memory free
* Rewored UPnP protocol that in essence was WSD hence it has been renamedLuca2021-01-20
| | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
* Improves STUN dissection removing an invalid termination condition that ↵Luca Deri2021-01-13
| | | | prevented Skype calls to be properly identified
* (C) UpdateLuca Deri2021-01-07
|
* Warning fixLuca Deri2021-01-07
|
* STUN: avoid false positives (#1110)Ivan Nardi2021-01-07
| | | STUN traffic doesn't use multicast addresses
* HTTP: fix compilation and a memory error when NDPI_ENABLE_DEBUG_MESSAGES is ↵Ivan Nardi2021-01-07
| | | | defined (#1109)
* QUIC: add suppport for DNS-over-QUIC (#1107)Ivan Nardi2021-01-07
| | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
* Quic fixes (#1106)Ivan Nardi2021-01-07
| | | | | * QUIC: fix heap-buffer-overflow * TLS: fix parsing of QUIC Transport Parameters
* QUIC: improve handling of SNI (#1105)Ivan Nardi2021-01-07
| | | | | | | | | | | | | * QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name Close #1077 * QUIC: fix matching of custom categories * QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions * QUIC: fix serialization * QUIC: add DGA check for older GQUIC versions
* Split HTTP request from response Content-Type. Request Content-Type should ↵Luca Deri2021-01-06
| | | | be present with POSTs and not with other methods such as GET
* Added check for invalid HTTP contentLuca Deri2021-01-06
|
Powered by cgit, Themed by Ted Yin.