| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Add a "confidence" field about the reliability of the classification. (#1395) | Ivan Nardi | 2022-01-11 |
| | | | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic. | ||
| * | ndpiReader: slight simplificaton of the output (#1378) | Ivan Nardi | 2021-11-27 |
| | | |||
| * | Reworked HTTP protocol dissection including HTTP proxy and HTTP connect | Luca Deri | 2021-11-25 |
| | | |||
| * | Fix writes to `flow->protos` union fields (#1354) | Ivan Nardi | 2021-11-15 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | We can write to `flow->protos` only after a proper classification. This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP, SMTP, IMAP and POP code. There are two kinds of fixes: * write to `flow->protos` only if a final protocol has been detected * move protocol state out of `flow->protos` The hard part is to find, for each protocol, the right tradeoff between memory usage and code complexity. Handle Kerberos like DNS: if we find a request, we set the protocol and an extra callback to further parsing the reply. For all the other protocols, move the state out of `flow->protos`. This is an issue only for the FTP/MAIL stuff. Add DHCP Class Identification value to the output of ndpiReader and to the Jason serialization. Extend code coverage of fuzz tests. Close #1343 Close #1342 | ||
| * | Detect invalid characters in text and set a risk. Fixes #1347. (#1363) | Toni | 2021-10-26 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fixed cleartext protocol assignment (#1357) | Ivan Nardi | 2021-10-25 |
| | | |||
| * | Refreshed results list | Luca Deri | 2021-10-16 |
| | | |||
| * | Updated test results after latest commit | Luca Deri | 2021-10-16 |
| | | |||
| * | Updated output | Luca Deri | 2021-08-07 |
| | | |||
| * | Reworked flow risk implementation | Luca Deri | 2021-07-23 |
| | | |||
| * | ndpiReader: add statistics about nDPI performance (#1240) | Ivan Nardi | 2021-07-13 |
| | | | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits. | ||
| * | Added flow risk score | Luca Deri | 2021-05-18 |
| | | |||
| * | Improved DGA detection with trigrams. Disadvantage: slower startup time | Luca Deri | 2021-03-03 |
| | | | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent | ||
| * | Split HTTP request from response Content-Type. Request Content-Type should ↵ | Luca Deri | 2021-01-06 |
| | | | | | be present with POSTs and not with other methods such as GET | ||
| * | Fixes #1029 | Luca Deri | 2020-11-27 |
| | | |||
| * | Updated results with numeric IP detection | Luca Deri | 2020-11-01 |
| | | |||
| * | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 |
| | | |||
| * | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵ | Luca Deri | 2020-08-30 |
| | | | | | not condidered safe/secure | ||
| * | Stddev calculation changes | Luca Deri | 2020-08-30 |
| | | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 |
| | | | | | Optimized stddev calculation | ||
| * | Added the ability do identigy as DGA those host/domain names with too many ↵ | Luca Deri | 2020-08-21 |
| | | | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf | ||
| * | Fixed partial TLS dissection | Luca Deri | 2020-07-30 |
| | | |||
| * | Changed due to bin size extension | Luca Deri | 2020-07-30 |
| | | |||
| * | Updated test results due to bin changes | Luca Deri | 2020-07-09 |
| | | |||
| * | Fixes #906 | Luca Deri | 2020-06-22 |
| | | | | | Packet bins are not printed wehn empty | ||
| * | Added ndpi_bin_XXX API | Luca Deri | 2020-06-22 |
| | | | | | Added packet lenght distribution bins | ||
| * | Added checks for DGA detection | Luca Deri | 2020-06-17 |
| | | |||
| * | Added DGA risk for names that look like a DGA | Luca Deri | 2020-06-11 |
| | | |||
| * | Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS | Luca Deri | 2020-06-08 |
| | | |||
| * | Added fix to avoid potential heap buffer overflow in H.323 dissector | Luca Deri | 2020-05-19 |
| | | | | | Modified HTTP report information to make it closer to the HTTP field names | ||
| * | Added check for invalid HTTP URLs | Luca Deri | 2020-05-16 |
| | | |||
| * | Added TLS weak cipher and obsolete protocol version detection | Luca Deri | 2020-05-10 |
| | | |||
| * | Added the ability to detect when a known protocol is using a non-standard port | Luca Deri | 2020-05-10 |
| | | | | | Added check to spot executables exchanged via HTTP | ||
| * | NetBIOS dissection improvements | Luca Deri | 2020-03-01 |
| | | |||
| * | Remove decimals in test results for IAT, packet lengths and goodput ratio | emanuele-f | 2020-02-14 |
| | | |||
| * | Improved DNS response decoding | Luca Deri | 2020-02-04 |
| | | | | | The first decoded address is now reported by ndpiReader | ||
| * | Reworked TLS dissection | Luca | 2020-01-01 |
| | | |||
| * | Improved category detection with HTTP | Luca Deri | 2019-12-01 |
| | | |||
| * | Improvements to stop dissection when the first protocol is detected | Luca Deri | 2019-11-28 |
| | | | | | | Used IP-based detection to compute the application protocol Improved application detection | ||
| * | Updated results | Luca Deri | 2019-11-21 |
| | | |||
| * | Initial work towards HTTP content-type export | Luca | 2019-10-31 |
| | | |||
| * | Added telnet dissector | Luca | 2019-10-29 |
| | | | | | Improved data report | ||
| * | Added capwap support | Luca Deri | 2019-10-27 |
| | | |||
| * | Improved HTTP reporting in ndpiReader | Luca Deri | 2019-10-25 |
| | | |||
| * | Added NetBIOS metadata export | Luca Deri | 2019-10-08 |
| | | |||
| * | Manual merge of pull #769 | Luca Deri | 2019-10-02 |
| | | |||
| * | Added URL in results | Luca Deri | 2019-10-01 |
| | | |||
| * | Reworked categories handling | Luca Deri | 2019-09-29 |
| | | | | | | Removed GenericProtocol and replaced with categories Removed ndpi_pref_enable_category_substring_match option: substring matching is now default | ||
| * | Improved category handlign in subprotocols | Luca Deri | 2019-09-27 |
| | | | | | | Further DNS dissection fixes Fixed WeChat invalid category | ||
| * | Improves IAT calculation | Luca | 2019-09-24 |
| | | |||