aboutsummaryrefslogtreecommitdiff
path: root/src/lib
Commit message (Collapse)AuthorAge
...
* Added NDPI_TLS_ALPN_SNI_MISMATCH flow riskLuca Deri2023-09-07
|
* CleanupLuca2023-09-07
|
* Disabled debug messageLuca Deri2023-09-05
|
* Minor warning fixesLuca Deri2023-09-05
|
* Improved classification further reducing memory usedLuca Deri2023-09-05
|
* Compilation fixes for old compilersLuca Deri2023-09-05
|
* Added sub-domain classification fixLuca Deri2023-09-05
|
* Classification fixesLuca Deri2023-09-05
|
* Added ndpi_bitmap64 supportLuca Deri2023-09-05
|
* Added ndpi_murmur_hash to the nDPI APILuca Deri2023-09-04
|
* Merged new and old version of ndpi_domain_classify.c codeLuca Deri2023-09-02
|
* Reworked domain classification based on binary filtersLuca Deri2023-09-02
|
* Improvement for reducing false positivesLuca Deri2023-09-01
|
* Code cleanupLuca Deri2023-09-01
|
* Added ndpi_binary_bitmap datastrutureLuca Deri2023-08-31
| | | | | It is similar to ndpi_filter but based on binary search and with the ability to store a category per value (as ndpi_domain_classify)
* Fixed heap-buffer-overflow issueLuca Deri2023-08-31
|
* Code cleanupLuca Deri2023-08-31
|
* Warning fixesLuca Deri2023-08-29
|
* Swap from Aho-Corasick to an experimental/home-grown algorithm that uses a ↵Luca Deri2023-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | probabilistic approach for handling Internet domain names. For switching back to Aho-Corasick it is necessary to edit ndpi-typedefs.h and uncomment the line // #define USE_LEGACY_AHO_CORASICK [1] With Aho-Corasick $ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory nDPI Memory statistics: nDPI Memory (once): 37.34 KB Flow Memory (per flow): 960 B Actual Memory: 33.09 MB Peak Memory: 33.09 MB [2] With the new algorithm $ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory nDPI Memory statistics: nDPI Memory (once): 37.31 KB Flow Memory (per flow): 960 B Actual Memory: 7.42 MB Peak Memory: 7.42 MB In essence from ~33 MB to ~7 MB This new algorithm will enable larger lists to be loaded (e.g. top 1M domans https://s3-us-west-1.amazonaws.com/umbrella-static/index.html) In ./lists there are file names that are named as <category>_<string>.list With -G ndpiReader can load all of them at startup
* fix compilation and symbol checkToni Uhlig2023-08-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fix compilationToni Uhlig2023-08-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Search fixesLuca Deri2023-08-26
|
* Changes for supporinng more efficient sub-string matchingLuca Deri2023-08-26
|
* LEak fixLuca Deri2023-08-26
|
* Added ndpi_domain_classify_XXX(0 APILuca Deri2023-08-26
|
* Warning fixLuca Deri2023-08-25
|
* added bimap and/or with allocationLuca Deri2023-08-24
|
* Minor improvementsLuca Deri2023-08-23
|
* Added ndpi_bitmap_is_empty() and ndpi_bitmap_optimize() API callsLuca2023-08-23
|
* Boundary checkLuca2023-08-21
|
* Improved Wireguard detectionLuca2023-08-21
|
* Removed empty lineLuca2023-08-21
|
* Added ndpi_bitmap_andnot API callLuca2023-08-21
|
* fuzz: extend coverage (#2073)Ivan Nardi2023-08-20
|
* Fix compilation on Windows (#2072)Ivan Nardi2023-08-14
|
* Replaces free() with ndpi_free()Luca Deri2023-08-14
|
* Reworked ndpi_filter_xxx implementation using compressed bitmapsLuca Deri2023-08-14
|
* TypoLuca Deri2023-08-12
|
* ARM compilation fixLuca Deri2023-08-12
|
* Fixed to address issueLuca Deri2023-08-12
| | | | | | | | Run ./utils/check_symbols.sh || { FAILED=$?; echo "::error file=${NDPI_LIB}::Unwanted libc symbols found: ${FAILED}. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free."; false; } [ndpi_filter.o]: calloc Unwanted symbols found: 1 Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free Error: Unwanted libc symbols found: 1. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of
* Added ndpi_filter_add_multi() API callLuca Deri2023-08-11
|
* Minor initialization fixesLuca Deri2023-08-11
|
* Added new API calls for implementing Bloom-filter like data structuresLuca Deri2023-08-11
| | | | | | | ndpi_filter* ndpi_filter_alloc(uint32_t elements_number); bool ndpi_filter_add(ndpi_filter *f, uint64_t value); bool ndpi_filter_contains(ndpi_filter *f, uint64_t value); void ndpi_filter_free(ndpi_filter *f);
* Typo fixLuca2023-08-07
|
* Added ndpi_bitmap_copy() API callLuca2023-08-06
|
* Mullvad VPN service added (based on entry node IP addresses) (#2062)snicket21002023-08-02
|
* Compilation fixes for older C compilersLuca Deri2023-08-01
|
* Add Service Location Protocol dissector. (#2036)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added `slackb.com` SNI. (#2067)Toni2023-08-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* DNS: extract geolocation information, if available (#2065)Ivan Nardi2023-07-31
| | | | | | | The option NSID (RFC5001) is used by Google DNS to report the airport code of the metro where the DNS query is handled. This option is quite rare, but the added overhead in DNS code is pretty much zero for "normal" DNS traffic
Powered by cgit, Themed by Ted Yin.