| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | HTTP: improve detection of WindowsUpdate (#1658) | Ivan Nardi | 2022-07-10 | |
| | | | | | WindowsUpdate is also transported over HTTP, using a numeric IP as hostname (some kinds of CDN?) | |||
| * | SNMP: fix detection (#1655) | Ivan Nardi | 2022-07-10 | |
| | | | | | | | We can write to `flow->protos` only when we are sure about SNMP classification. Use the generic wrapper to decode ASN1 BER integer | |||
| * | SIP: improve detection (#1654) | Ivan Nardi | 2022-07-09 | |
| | | ||||
| * | TFTP: fix memory access (#1653) | Ivan Nardi | 2022-07-08 | |
| | | ||||
| * | LDAP: rewrite dissection (#1649) | Ivan Nardi | 2022-07-08 | |
| | | ||||
| * | SMB: add (partial) support for messages split into multiple TCP segments (#1644) | Ivan Nardi | 2022-07-07 | |
| | | ||||
| * | SMTP: add support for X-ANONYMOUSTLS comamnd (#1650) | Ivan Nardi | 2022-07-07 | |
| | | ||||
| * | Kerberos: add support for Krb-Error messages (#1647) | Ivan Nardi | 2022-07-07 | |
| | | ||||
| * | Spotify: remove some useless ip ranges (#1646) | Ivan Nardi | 2022-07-07 | |
| | | | | | | | | These AS numbers are no more related to Spotify (or, if they are, they don't have any prefixes anyway). Even if we find some valid Spotify AS, we should handle them via the generic "autogenerated logic" used for every AS, and not in the dissector code. | |||
| * | MONGODB: avoid false positives | Nardi Ivan | 2022-07-07 | |
| | | ||||
| * | TLS: ignore invalid Content Type values | Nardi Ivan | 2022-07-07 | |
| | | ||||
| * | Added Threema Messenger. (#1643) | Toni | 2022-07-06 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added another RiotGames signature. | Toni Uhlig | 2022-07-06 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639) | Toni | 2022-07-06 | |
| | | | | | | | | | | | | | | | | | | * Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Revert "SMTP with STARTTLS is now identified as SMTPS" This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482. * Revert "Compilation fix" This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5. * Sync unit tests. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | SMTP with STARTTLS is now identified as SMTPS | Luca Deri | 2022-07-05 | |
| | | ||||
| * | Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes ↵ | Toni | 2022-07-05 | |
| | | | | | | | | #1630. (#1637) * FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Exported username in flow information | Luca Deri | 2022-07-04 | |
| | | ||||
| * | Cleaned-up issuer DN check code adding | Luca Deri | 2022-07-04 | |
| | | | | | | | | | | u_int8_t ndpi_check_issuerdn_risk_exception(struct ndpi_detection_module_struct *ndpi_str, char *issuerDN); Added new API function for checking nDPI-configured exceptions u_int8_t ndpi_check_flow_risk_exception(struct ndpi_detection_module_struct *ndpi_str, u_int num_params, ndpi_risk_params **params); | |||
| * | Replaced malicious JA3-md5/SSL-cert-sha1 ac automata with hashmaps. | Toni Uhlig | 2022-07-04 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added UltraSurf protocol dissector. (#1618) | Toni | 2022-07-04 | |
| | | | | | | * TLSv1.3 UltraSurf flows are not detected by now Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added i3D and RiotGames protocol dissectors. (#1609) | Toni | 2022-07-03 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | TargusDataspeed: avoid false positives (#1628) | Ivan Nardi | 2022-07-03 | |
| | | | | | | TargusDataspeed dissector doesn't perform any real DPI checks but it only looks at the TCP/UDP ports. Delete it, and use standard logic to classify these flows by port. | |||
| * | Skinny: rework and improve classification (#1625) | Ivan Nardi | 2022-07-03 | |
| | | ||||
| * | Skype_Teams, Mining, SnapchatCall: fix flow category (#1624) | Ivan Nardi | 2022-07-03 | |
| | | ||||
| * | Usenet: improve dissection (#1622) | Ivan Nardi | 2022-07-03 | |
| | | ||||
| * | TLS: add support for old DTLS versions and for detection of mid-sessions (#1619) | Ivan Nardi | 2022-07-03 | |
| | | ||||
| * | Improved TFTP. Dissect Read/Write Request filenames. (#1617) | Toni | 2022-07-03 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Removed space from "Genshin Impact" | Luca Deri | 2022-06-30 | |
| | | ||||
| * | Renamed Z39.50 -> Z3950 as the '.' breaks the naming convention | Luca | 2022-06-28 | |
| | | | | | QUIC is a network protocol | |||
| * | Enhanced TLS risk info reported to users | Luca Deri | 2022-06-28 | |
| | | ||||
| * | Improved SOAP via HTTP. (#1605) | Toni | 2022-06-18 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Improved GenshinImpact protocol dissector. (#1604) | Toni | 2022-06-18 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Added collectd dissector (again). (#1601) | Toni | 2022-06-17 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Improved IPSec/ISAKMP detection. (#1600) | Toni | 2022-06-16 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Add support for PIM (Protocol Indipendent Multicast) protocol (#1599) | Ivan Nardi | 2022-06-15 | |
| | | | | Close #1598 | |||
| * | Improved WhatsApp detection. (#1595) | Toni | 2022-06-14 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | DNS: fix TTL check and sync unit test results (#1594) | Ivan Nardi | 2022-06-14 | |
| | | ||||
| * | Updated DNS alert triggered only with TTL == 0 | Luca Deri | 2022-06-14 | |
| | | ||||
| * | Added check for DGA names that resolve to a valid record | Luca Deri | 2022-06-13 | |
| | | ||||
| * | Improved DNS traffic analysis | Luca Deri | 2022-06-13 | |
| | | | | | Added ability to identify application and network protocols | |||
| * | Added DNS record TTL check | Luca Deri | 2022-06-13 | |
| | | ||||
| * | Added Pragmatic General Multicast (PGM) protocol detection | Luca Deri | 2022-06-08 | |
| | | ||||
| * | Dissect host line if SSDP contains such. (#1586) | Toni | 2022-06-07 | |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Fixed syslog false negatives. (#1582) | Toni | 2022-06-05 | |
| | | | | | | - RSH vs Syslog may still happen for midstream traffic Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Fix some debug messages (#1583) | Ivan Nardi | 2022-06-05 | |
| | | | | Increase max number of flows handled during fuzzing | |||
| * | Fixed invalid DHCP dissection | Luca Deri | 2022-06-05 | |
| | | ||||
| * | Fixed DHCP dissection bug | Luca Deri | 2022-06-05 | |
| | | ||||
| * | Added RSH dissector. Fixes #202. (#1581) | Toni | 2022-06-04 | |
| | | | | | | | - added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Fix syslog heap overflow introduced in ↵ | Toni | 2022-06-04 | |
| | | | | | | | | 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c. (#1579) - fixes #1578 Signed-off-by: lns <matzeton@googlemail.com> | |||
| * | Fixed syslog false positives. (#1577) | Toni | 2022-06-03 | |
| | | | | | | | | * syslog: removed unnecessary/unreliable printable string check * added `ndpi_isalnum()` * splitted `ndpi_is_printable_string()` into `ndpi_is_printable_buffer()` and `ndpi_normalize_printable_string()` Signed-off-by: lns <matzeton@googlemail.com> | |||