aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Add HP Virtual Machine Group Management (hpvirtgrp) protocol.add/hpvirtgrpToni Uhlig2021-04-20
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Win compilation fixLuca Deri2021-03-22
|
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Removed duplicate extesions lenLuca Deri2021-03-19
|
* Added ALPN and elliptic curve in JA3S+Luca Deri2021-03-19
|
* Implemented JA3+ also for JA3SLuca Deri2021-03-19
|
* Reworked JA3Luca Deri2021-03-19
|
* JA3 debug improvementsLuca Deri2021-03-19
|
* Fixed support for custom DGA detection libraryrLuca Deri2021-03-18
|
* Implemented square erro rollup to avoid overflowLuca Deri2021-03-14
|
* Fix compilation warningAlfredo Cardigliano2021-03-12
|
* Added double exponential smoothing implementationLuca2021-03-11
|
* Added single exponential smoothing APILuca Deri2021-03-11
| | | | | int ndpi_ses_init(struct ndpi_ses_struct *ses, double alpha, float significance); int ndpi_ses_add_value(struct ndpi_ses_struct *ses, const u_int32_t _value, double *forecast, double *confidence_band);
* Fixed JA3+ computationLuca Deri2021-03-11
|
* Fixed nDPI prefs definitionLuca Deri2021-03-09
|
* Added experiemntal JA3+ implementation that can be used with -z i ndpiReaderLuca Deri2021-03-09
|
* HTTP: fix memory access in ndpi_http_parse_subprotocol() (#1151)Ivan Nardi2021-03-09
|
* Ookla detection improvementLuca Deri2021-03-09
|
* Added Ookla detection over IPv6Luca Deri2021-03-09
|
* Ookla fixesLuca Deri2021-03-09
|
* Improved detection of Ookla speedtest and openspeedtest.comLuca Deri2021-03-09
|
* Added the ability to define a custom DGA detection function by overwritingLuca Deri2021-03-08
| | | | | the value of the function pointer ndpi_dga_function curently set to NULL (that means the nDPI internal DGA function will be used)
* Fix some stack-use-after-return errors in automa code (#1150)Ivan Nardi2021-03-08
|
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Add ndpi_serialize_binary_boolean for consistency. Fix comments.Alfredo Cardigliano2021-03-04
|
* Improved DGA detectionLuca Deri2021-03-03
| | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
* Removed check for knowns protocols (major and app protocols)Luca Deri2021-03-03
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
* TOR: update node list (#1144)Ivan Nardi2021-03-02
| | | | | https://panwdbl.appspot.com/lists/ettor.txt list is no more available Close #1141
* Added HW checksLuca Deri2021-03-01
|
* Added further HW checksLuca Deri2021-03-01
|
* Holt-Winters calculation improvementLuca Deri2021-02-27
|
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved DNS dissectorLuca Deri2021-02-26
|
* [Fix] replace free to ndpi_free (#1140)pengtian2021-02-25
| | | same as https://github.com/ntop/nDPI/issues/1096
* Added protocol breed to JSON serializer. (#1137)Toni2021-02-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix ndpi_fill_prefix_v6Alfredo Cardigliano2021-02-24
|
* Windows code cleanupLuca Deri2021-02-24
|
* Modified JA3 fingerprint messageLuca Deri2021-02-24
|
* Add more utility functions to work with patricia treesAlfredo Cardigliano2021-02-23
|
* Update ndpi_patricia_walk_inorder APIAlfredo Cardigliano2021-02-23
|
* Add support for MAC to Patricia tree. Expose full API to applications. Add ↵Alfredo Cardigliano2021-02-23
| | | | utility functions.
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Removed unused NDPI_RISKY_COUNTRYLuca Deri2021-02-21
|
* Added risky domain flow-risk supportLuca Deri2021-02-21
|
* Fixes #1136Luca Deri2021-02-19
|
* Removed old unused codeLuca Deri2021-02-19
|
Powered by cgit, Themed by Ted Yin.