| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Improved RTSP via HTTP detection.improved/rtsp_detection | Toni Uhlig | 2021-07-06 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Updated prototype | Luca Deri | 2021-07-05 |
| | | |||
| * | Minor fix | Luca Deri | 2021-07-05 |
| | | |||
| * | Code cleanup | Luca Deri | 2021-07-05 |
| | | |||
| * | Fix possible segfault/leak | Alfredo Cardigliano | 2021-07-05 |
| | | |||
| * | Added protocols to HTTP as subprotocols. (#1228) | Toni | 2021-07-05 |
| | | | | | | | * if HTTP was detected, all of those defined subprotocol detection routines should called Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | TLS: fix a memory error in JA3 code (#1227) | Ivan Nardi | 2021-07-05 |
| | | | | | protocols/tls.c:1856:5: runtime error: index 256 out of bounds for type 'char [256]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior protocols/tls.c:1856:5 | ||
| * | Improve content match lists (#1226) | Ivan Nardi | 2021-07-05 |
| | | | | | | | Add support for Likee app (https://likee.video/) and GitLab Improve detection of Google domains ("gtv1.com" added in 6dd42d19f was likely a typo) Improve Snapchat and Tiktok detection | ||
| * | Improved Z39.50 detection. (#1225) | Toni | 2021-07-05 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fixed off-by-one memory error for TLS-JA3. (#1222) | Toni | 2021-06-29 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Removed ht_hash as it is not used anymore. (#1220) | Toni | 2021-06-29 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Added Z39.50 protocol. (#1219) | Toni | 2021-06-29 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | reconcile PPSTREAM protocol category with content_match declarations (#1218) | vpiserchia | 2021-06-28 |
| | | | | | | | | * reconcile PPSTREAM protocol category with content_match declarations * remove duplicate declaration for PPSTREAM protocol Co-authored-by: vpiserchia <vito.piserchia@dreamlab.net> | ||
| * | QUIC: add basic support for fragmented Client Hello (#1216) | Ivan Nardi | 2021-06-24 |
| | | | | | Only in-order and non overlapping fragments are handled See #1195 | ||
| * | Speed and memory size optimisation (#1214) | Vitaly Lavrov | 2021-06-23 |
| | | | | | | | | Removed bigram_automata, impossible_bigram_automata, trigram_automata. The ahocorasick structure is replaced with a bitmap. The bitmap size for ndpi_en_bigram is 176 bytes. The bitmap size for ndpi_en_trigram is 2201 bytes. On the test machine, the test execution time was reduced from 27.3 seconds to 24.7 (9%). | ||
| * | Addesses partial application matching (#1207) | Luca Deri | 2021-06-21 |
| | | |||
| * | Restored 32 bit value in ndpi_match_string_value() | Luca Deri | 2021-06-21 |
| | | |||
| * | Upgraded exponential smoothing to 64 bit values | Luca Deri | 2021-06-18 |
| | | |||
| * | Added bitmap boundary checks | Luca Deri | 2021-06-17 |
| | | |||
| * | Extende nDPI API with ndpi_netbios_name_interpret() | Luca Deri | 2021-06-17 |
| | | |||
| * | NetBIOS decoding changes | Luca Deri | 2021-06-16 |
| | | |||
| * | Code review. (#1205) | Vitaly Lavrov | 2021-06-15 |
| | | | | | | | | | | | | | | | | The common actions required to call the ac_automata_search() function have been moved to the ndpi_match_string_common function. This made it possible to simplify the ndpi_match_string, ndpi_match_string_protocol_id, ndpi_match_string_value, ndpi_match_custom_category, ndpi_match_string_subprotocol, ndpi_match_bigram, ndpi_match_trigram functions. Using u_int16_t type for protocol identifiers when working with the ahocorasick library (changes src/include/ndpi_api.h.in and src/include/ndpi_typedefs.h). Reworked "finalization" of all AC_AUTOMATA_t structures. Changing the order of fields in the ndpi_call_function_struct structure reduces the size of the ndpi_detection_module_struct structure by 10 kB (for x86_64). | ||
| * | Win fix | Luca Deri | 2021-06-15 |
| | | |||
| * | Call ac_automata_release with free_pattern = 1 (malloc'ed patterns expected ↵ | Alfredo Cardigliano | 2021-06-14 |
| | | | | | in ndpi_add_string_to_automa) | ||
| * | Fixes https://github.com/ntop/ntopng/issues/5482 | Luca Deri | 2021-06-11 |
| | | |||
| * | Reimplememnted SNMP dissector | Luca Deri | 2021-06-11 |
| | | |||
| * | Bug in ndpi_lru_find_cache (#1204) | Vitaly Lavrov | 2021-06-10 |
| | | | | Key value check is missing. | ||
| * | Minor code cleanup | Luca | 2021-06-09 |
| | | |||
| * | Win changes | Luca Deri | 2021-06-08 |
| | | |||
| * | Added report on score cli/srv breakdown | Luca Deri | 2021-06-07 |
| | | |||
| * | New version of the ahocorasick library (#1200) | Vitaly Lavrov | 2021-06-07 |
| | | | | | | | | | | | | | | | | | The new version is about 25% faster with -O2 and 45% faster with -O3. No recursion is used (smaller stack size required). Uses less memory (by valgrind info) bigram: - original 1796 allocs, 247864 bytes allocated - new 1232 allocs, 158880 bytes allocated host_match: - original 18038 allocs, 3004576 bytes allocated - new 6861 allocs, 396624 bytes allocated The function ac_automata_search() is thread safe. Optional case-insensitive comparison. Matching at the beginning and at the end of the string is supported. One code file and one header file. | ||
| * | Warnign fix | Luca Deri | 2021-06-03 |
| | | |||
| * | Renamed Skyp in Skype_Teams as the protocol is now shared across these apps | Luca Deri | 2021-06-02 |
| | | |||
| * | Removed xbox and playstation invalid port guesses | Luca Deri | 2021-06-02 |
| | | |||
| * | TLS: improve check for common ALPNs (#1191) | Ivan Nardi | 2021-06-01 |
| | | | | Facebook is still using its own ALPN for HTTP2 as well | ||
| * | Reworked ndpi flow risk score adding client and server score | Luca | 2021-06-01 |
| | | |||
| * | Fix warnings | Alfredo Cardigliano | 2021-05-25 |
| | | |||
| * | Added TLS check to avoid crash with UDP-based traffic | Luca | 2021-05-25 |
| | | |||
| * | Improved TLS browser detection heuristics | Luca Deri | 2021-05-19 |
| | | |||
| * | Added risk/score dump (ndpiReader -h) | Luca Deri | 2021-05-18 |
| | | | | | Added ndpi_dump_risks_score() API score | ||
| * | Updated API for ndpi_risk2score() | Luca Deri | 2021-05-17 |
| | | | | | Added ndpi_get_upper_proto() API call | ||
| * | Reworked human readeable string search in flows | Luca Deri | 2021-05-17 |
| | | | | | Removed fragment manager code | ||
| * | Added further checks | Luca Deri | 2021-05-15 |
| | | |||
| * | Added ndpi_check_subprotocol_risk() API call definition | Luca Deri | 2021-05-15 |
| | | |||
| * | Added TLS certifiacate caching | Luca Deri | 2021-05-15 |
| | | | | | Added Fortigate protocol | ||
| * | Added browser TLS heuristic | Luca Deri | 2021-05-13 |
| | | |||
| * | Implemented heuristic to detect Safari and Firefox TLS browsing | Luca Deri | 2021-05-13 |
| | | |||
| * | Improved SSL certificate name wildcard handling and risk. #1182 (#1183) | Toni | 2021-05-11 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Implemented flow score in Wireshark integration | Luca Deri | 2021-05-10 |
| | | |||
| * | Added check to reduce MongoDB false positive detection | Luca Deri | 2021-05-10 |
| | | |||