aboutsummaryrefslogtreecommitdiff
path: root/src/lib/third_party
Commit message (Collapse)AuthorAge
* Implementation of flow risk eception (work in progress)Luca Deri2021-07-22
|
* ahoсorasick. Code review. Part 2. (#1236)Vitaly Lavrov2021-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Simplified the process of adding lines to AC_AUTOMATA_t. Use the ndpi_string_to_automa() function to add patterns with domain names. For other cases can use ndpi_add_string_value_to_automa(). ac_automata_feature(ac_automa, AC_FEATURE_LC) allows adding and compare data in a case insensitive manner. For mandatory pattern comparison from the end of the line, the "ac_pattern.rep.at_end=1" flag is used. This eliminated unnecessary conversions to lowercase and adding "$" for end-of-line matching in domain name patterns. ac_match_handler() has been renamed ac_domain_match_handler() and has been greatly simplified. ac_domain_match_handler() looks for the template with the highest domain level. For special cases it is possible to manually specify the domain level. Added test for checking ambiguous domain names like: - short.weixin.qq.com is QQ, not Wechat - instagram.faae1-1.fna.fbcdn.net is Instagram, not Facebook If you specify a NULL handler when creating the AC_AUTOMATA_t structure, then a pattern with the maximum length that satisfies the search conditions will be found (exact match, from the beginning of the string, from the end of the string, or a substring). Added debugging for ac_automata_search. To do this, you need to enable debugging globally using ac_automata_enable_debug(1) and enable debugging in the AC_AUTOMATA_t structure using ac_automata_name("name", AC_FEATURE_DEBUG). The search will display "name" and a list of matching patterns. Running "AHO_DEBUG=1 ndpiReader ..." will show the lines that were searched for templates and which templates were found. The ac_automata_dump() prototype has been changed. Now it outputs data to a file. If it is specified as NULL, then the output will be directed to stdout. If you need to get data as a string, then use open_memstream(). Added the ability to run individual tests via the do.sh script
* Removed ht_hash as it is not used anymore. (#1220)Toni2021-06-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Code review. (#1205)Vitaly Lavrov2021-06-15
| | | | | | | | | | | | | | | The common actions required to call the ac_automata_search() function have been moved to the ndpi_match_string_common function. This made it possible to simplify the ndpi_match_string, ndpi_match_string_protocol_id, ndpi_match_string_value, ndpi_match_custom_category, ndpi_match_string_subprotocol, ndpi_match_bigram, ndpi_match_trigram functions. Using u_int16_t type for protocol identifiers when working with the ahocorasick library (changes src/include/ndpi_api.h.in and src/include/ndpi_typedefs.h). Reworked "finalization" of all AC_AUTOMATA_t structures. Changing the order of fields in the ndpi_call_function_struct structure reduces the size of the ndpi_detection_module_struct structure by 10 kB (for x86_64).
* Win fixLuca Deri2021-06-15
|
* Minor code cleanupLuca2021-06-09
|
* Win changesLuca Deri2021-06-08
|
* New version of the ahocorasick library (#1200)Vitaly Lavrov2021-06-07
| | | | | | | | | | | | | | | | The new version is about 25% faster with -O2 and 45% faster with -O3. No recursion is used (smaller stack size required). Uses less memory (by valgrind info) bigram: - original 1796 allocs, 247864 bytes allocated - new 1232 allocs, 158880 bytes allocated host_match: - original 18038 allocs, 3004576 bytes allocated - new 6861 allocs, 396624 bytes allocated The function ac_automata_search() is thread safe. Optional case-insensitive comparison. Matching at the beginning and at the end of the string is supported. One code file and one header file.
* Reworked ndpi patricia includes to avoid compilation issues on some platformsLuca Deri2021-03-31
|
* Windows code cleanupLuca Deri2021-02-24
|
* Add more utility functions to work with patricia treesAlfredo Cardigliano2021-02-23
|
* Update ndpi_patricia_walk_inorder APIAlfredo Cardigliano2021-02-23
|
* Add support for MAC to Patricia tree. Expose full API to applications. Add ↵Alfredo Cardigliano2021-02-23
| | | | utility functions.
* Code cleanup: third party uthash is at the right placeLuca Deri2021-01-20
|
* (C) UpdateLuca Deri2021-01-07
|
* Fix some warnings when compiling with "-W -Wall" flags (#1103)Ivan Nardi2021-01-04
|
* Split ptree user data in 32 and 64 bit entriesLuca Deri2020-12-30
|
* Added HLL notesLuca Deri2020-08-11
|
* Minor HLL fixesLuca Deri2020-07-22
|
* HLL memory usage notesLuca Deri2020-07-22
|
* Add ndpi_hll_reset() API callLuca Deri2020-07-15
| | | | Fixes bug in ndpi_data_window_average() with zero points
* Values stored in patricia tree are now 32 bit (they used to be 16 bit) longLuca Deri2020-06-26
|
* Added HyperLogLog cardinality estimator API callsLuca Deri2020-06-10
| | | | | | | | | | | | | /* Memory lifecycle */ int ndpi_hll_init(struct ndpi_hll *hll, u_int8_t bits); void ndpi_hll_destroy(struct ndpi_hll *hll); /* Add values */ void ndpi_hll_add(struct ndpi_hll *hll, const char *data, size_t data_len); void ndpi_hll_add_number(struct ndpi_hll *hll, u_int32_t value) ; /* Get cardinality estimation */ double ndpi_hll_count(struct ndpi_hll *hll);
* Win fixesLuca Deri2020-06-08
|
* API cleanup for indetifying explicitly in automa's what we're searching ↵Luca Deri2020-05-06
| | | | | | (protocol or category) Removed hyperscan support that is apperently unused
* Updated automa API to use 32 bit values splits from protocol/categpryLuca Deri2020-05-06
|
* Introduced custom protocols with IP and (optional) port supportLuca Deri2020-05-06
| | | | | | | | | | | | | | | | Example - Single IP address ip:213.75.170.11@CustomProtocol - IP address with CIDR ip:213.75.170.11/32@CustomProtocol - IP address with CIDR and port ip:213.75.170.11/32:443@CustomProtocol Please note that there are some restrictions on the port usage. They have been listed in example/protos.txt
* Various fixes to patricia tree handlingLuca Deri2020-05-06
|
* False positive fixesLuca Deri2020-05-06
|
* Reworked protocol handling chnging it is u_int16_tLuca Deri2020-05-06
|
* Fix an harmless memory leakNardi Ivan2020-04-08
| | | | Leak introduced in 90e08b35, while fixing #845
* Fixes #837Luca Deri2020-02-19
|
* Fixes #845Luca Deri2020-02-19
|
* FIXED - nDPI now detect RCE injections via PCRE instead Intel HyperscanMrTiz92020-02-01
|
* nDPI now detect RCE injections via PCRE instead Intel Hyperscan - BUGGY, ↵MrTiz92020-01-30
| | | | DOES NOT COMPILE
* nDPI now detect RCE in HTTP GET requestsMrTiz92020-01-24
|
* Win fixesLuca Deri2019-12-14
|
* Code cleanupLuca Deri2019-12-09
|
* Integration of the libinjection library to detect SQL injections and XSS ↵MrTiz92019-12-05
| | | | type attacks in HTTP requests
* Added ndpi_finalize_initalization() initialization functionLuca2019-11-07
|
* Code cleanupLuca Deri2019-10-02
|
* Fix double free after b19bfa1e207a8d4972bfc701fde5d5c014f95383emanuele-f2019-10-02
|
* Fixes leaks in ndpi_add_host_url_subprotocolemanuele-f2019-10-02
| | | | | It is now possible to deallocate strings in ac_automata_release via an additional parameter
* TLS cerficate hash calculationLuca Deri2019-09-14
|
* Implemented HASSH (https://github.com/salesforce/hassh)Luca Deri2019-08-22
|
* Fix missing bracesStuart Reilly2019-06-28
|
* Fix two resource leaksStuart Reilly2019-06-28
|
* Fix potential NULL deref in libcacheStuart Reilly2019-06-28
|
* Removed this party LRU and replaced with home grownLuca Deri2019-01-17
|
* Added Ookla cacheLuca Deri2018-12-17
|