aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
...
* Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132)Toni2021-02-10
| | | | | | | | | | | | | | | * Fixed memory leaks caused by conditional free'ing for some TLS connections. * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent reader_util.c from exit()'ing if maximum flow count reached. This confuses the fuzzer. * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS. That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN improvementsLuca Deri2021-02-10
|
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection
* Dissection inprovementsLuca Deri2021-02-09
|
* Added checks for giving up faster on IRC and SMTPLuca Deri2021-02-09
|
* Extended the API to calculate jitterLuca Deri2021-02-09
| | | | | | - ndpi_jitter_init() - ndpi_jitter_free() - ndpi_jitter_add_value()
* Minor code improvementsLuca Deri2021-02-09
|
* Removed debug statementLuca Deri2021-02-09
|
* Added timeseries forecasting support implementing Holt-Winters with ↵Luca Deri2021-02-08
| | | | | | | | | confidence interval New API calls added - ndpi_hw_init() - ndpi_hw_add_value() - ndpi_hw_free()
* Updated skype addressesLuca Deri2021-02-07
|
* IP address matching updateLuca Deri2021-02-07
|
* Partial fix for #1129Luca Deri2021-02-05
|
* Code cleanup and safety checks in the fragment manager (#1129)Alfredo Cardigliano2021-02-05
|
* Implemented more efficient and memory savvy RSILuca Deri2021-02-05
|
* RSI enhancementsLuca Deri2021-02-05
|
* Implemented API for computing RSI (Relative Strenght Index)Luca Deri2021-02-04
| | | | | | void ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values); void ndpi_free_rsi(struct ndpi_rsi_struct *s); float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value);
* Improved (partial) TLS dissectionLuca Deri2021-02-04
|
* Fix some memory leakes in reassembler code (#1127)Ivan Nardi2021-02-04
|
* Added missing checkLuca Deri2021-02-04
|
* Fixed leak with DTLSLuca Deri2021-02-03
|
* HTTP: fix user-agent parsing (#1124)Ivan Nardi2021-02-03
| | | | | | | | | | | User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported...
* HTTP: fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1123)Ivan Nardi2021-02-03
|
* Cosmetic fixesLuca Deri2021-02-03
|
* Increased number of extra packets that is necessary since the frgament ↵Luca Deri2021-02-03
| | | | mananger introduction
* Fixes an issue with https://github.com/ntop/nDPI/pull/1122 that misprocsssed ↵Luca Deri2021-02-03
| | | | packets belonging to flows whose initial part (e.g. the 3WH) was not observed by nDPI (e.g. capture started in the middle of the flow)
* fragments management added (#1122)Roberto AGOSTINO2021-02-03
| | | | | | Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* debug message bugfix (#1108)ragostino2021-02-03
| | | you can not look for memory enlargement if you print debug message after updating the variables
* Improved wireguard dissectionLuca Deri2021-01-29
|
* DCE/RPC improvement to avoid false positivesLuca Deri2021-01-29
|
* DGA name improvementLuca Deri2021-01-27
|
* Cleaned up tls/quic datatypesLuca Deri2021-01-21
|
* Reworked TLS fingerprint calcolationLuca Deri2021-01-21
| | | | Modified TLS memory free
* Added simple hash implementation to the nDPI APILuca Deri2021-01-20
|
* Code cleanup: third party uthash is at the right placeLuca Deri2021-01-20
|
* Rewored UPnP protocol that in essence was WSD hence it has been renamedLuca2021-01-20
| | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
* Improves STUN dissection removing an invalid termination condition that ↵Luca Deri2021-01-13
| | | | prevented Skype calls to be properly identified
* (C) UpdateLuca Deri2021-01-07
|
* Warning fixLuca Deri2021-01-07
|
* Increase SNI hostname buffer length to 256. (#1111)Darryl Sokoloski2021-01-07
| | | | | | | | | According to RFC 4366, SNI host names can be up to 255 bytes. Previous size of 64 resulted in failed application matches due to truncation. For example: 0976e041e65b1aece3e720df36ac6bd7.safeframe.googlesyndication.co|m Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* STUN: avoid false positives (#1110)Ivan Nardi2021-01-07
| | | STUN traffic doesn't use multicast addresses
* HTTP: fix compilation and a memory error when NDPI_ENABLE_DEBUG_MESSAGES is ↵Ivan Nardi2021-01-07
| | | | defined (#1109)
* QUIC: add suppport for DNS-over-QUIC (#1107)Ivan Nardi2021-01-07
| | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
* Quic fixes (#1106)Ivan Nardi2021-01-07
| | | | | * QUIC: fix heap-buffer-overflow * TLS: fix parsing of QUIC Transport Parameters
* QUIC: improve handling of SNI (#1105)Ivan Nardi2021-01-07
| | | | | | | | | | | | | * QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name Close #1077 * QUIC: fix matching of custom categories * QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions * QUIC: fix serialization * QUIC: add DGA check for older GQUIC versions
* Split HTTP request from response Content-Type. Request Content-Type should ↵Luca Deri2021-01-06
| | | | be present with POSTs and not with other methods such as GET
* Added check for invalid HTTP contentLuca Deri2021-01-06
|
* QUIC: update to draft-33 (#1104)Ivan Nardi2021-01-04
| | | QUIC (final!?) constants for v1 are defined in draft-33
* Fix some warnings when compiling with "-W -Wall" flags (#1103)Ivan Nardi2021-01-04
|
* Remove FB_ZERO protocol (#1102)Ivan Nardi2021-01-04
| | | | | | FB_ZERO was an experimental protocol run by Facebook. They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but them so it is definitely dead. See: https://engineering.fb.com/2018/08/06/security/fizz/
* Added a new API function `ndpi_free_flow_data' which free's all members of ↵Toni2021-01-04
| | | | | ndpi_flow_struct but not the struct itself. (#1101) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.