aboutsummaryrefslogtreecommitdiff
path: root/tests/result/pps.pcap.out
Commit message (Collapse)AuthorAge
* Add TiVoConnect dissector. Fixes #1697. (#1699)Toni2022-08-08
| | | | | * added static assert if supported, to complain if the flow struct changes Signed-off-by: lns <matzeton@googlemail.com>
* Add Discord dissector. (#1694)Toni2022-08-03
| | | | | * fixed RiotGames false positive Signed-off-by: lns <matzeton@googlemail.com>
* Add Activision dissector. (#1693)Toni2022-08-02
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Add Softether dissector. (#1679)Toni2022-07-29
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Patricia tree, Ahocarasick automa, LRU cache: add statistics (#1683)Ivan Nardi2022-07-29
| | | | | | | | | | Add (basic) internal stats to the main data structures used by the library; they might be usefull to check how effective these structures are. Add an option to `ndpiReader` to dump them; enabled by default in the unit tests. This new option enables/disables dumping of "num dissectors calls" values, too (see b4cb14ec).
* TINC: avoid processing SYN packets (#1676)Ivan Nardi2022-07-28
| | | | | | | | | | | Since e6b332aa, we have proper support for detecting client/server direction. So Tinc dissector is now able to properly initialize the cache entry only when needed and not anymore at the SYN time; initializing that entry for **every** SYN packets was a complete waste of resources. Since 4896dabb, the various `struct ndpi_call_function_struct` structures are not more separate objects and therefore comparing them using only their pointers is bogus: this bug was triggered by this change because `ndpi_str->callback_buffer_size_tcp_no_payload` is now 0.
* Update the protocol bitmask for some protocols (#1675)Ivan Nardi2022-07-27
| | | | | | | Tcp retransmissions should be ignored. Remove some unused protocol bitmasks. Update script to download Whatsapp IP list.
* Add AVAST dissector. (#1674)Toni2022-07-25
| | | Signed-off-by: lns <matzeton@googlemail.com>
* DTLS: fix exclusion of DTLS protocolNardi Ivan2022-07-20
| | | | Add an helper to exclude a generic protocol
* Improved Jabber/XMPP detection. (#1661)Toni2022-07-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Keep track of how many dissectors calls we made for each flow (#1657)Ivan Nardi2022-07-11
|
* Avoid spurious calls to extra dissection (#1648)Ivan Nardi2022-07-07
| | | | If the extra callabck is not set, calling the extra dissection is only a waste of resources...
* Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)Ivan Nardi2022-07-05
|
* Added unidirectional traffic flow riskLuca Deri2022-06-20
|
* Dissect host line if SSDP contains such. (#1586)Toni2022-06-07
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Updated tests resultsLuca Deri2022-05-30
| | | | Code cleanup
* Added MPEG-DASH dissector. Fixes #1223. (#1555)Toni2022-05-29
| | | | | | * Improved HTTP POST detection * Refactored subprotocol detection Signed-off-by: lns <matzeton@googlemail.com>
* Modified risk labelsLuca Deri2022-05-04
|
* Sync unit tests results (#1533)Ivan Nardi2022-04-27
|
* Extend tests coverage (#1476)Ivan Nardi2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now there is at least one flow under `tests/pcap` for 249 protocols out of the 284 ones supported by nDPI. The 35 protocols without any tests are: * P2P/sharing protocols: DIRECT_DOWNLOAD_LINK, OPENFT, FASTTRACK, EDONKEY, SOPCAST, THUNDER, APPLEJUICE, DIRECTCONNECT, STEALTHNET * games: CSGO, HALFLIFE2, ARMAGETRON, CROSSFIRE, DOFUS, FIESTA, FLORENSIA, GUILDWARS, MAPLESTORY, WORLD_OF_KUNG_FU * voip/streaming: VHUA, ICECAST, SHOUTCAST, TVUPLAYER, TRUPHONE * other: AYIYA, SOAP, TARGUS_GETDATA, RPC, ZMQ, REDIS, VMWARE, NOE, LOTUS_NOTES, EGP, SAP Most of these protocols (expecially the P2P and games ones) have been inherited by OpenDPI and have not been updated since then: even if they are still used, the detection rules might be outdated. However code coverage (of `lib/protocols`) only increases from 65.6% to 68.9%. Improve Citrix, Corba, Fix, Aimini, Megaco, PPStream, SNMP and Some/IP dissection. Treat IPP as a HTTP sub protocol. Fix Cassandra false positives. Remove `NDPI_PROTOCOL_QQLIVE` and `NDPI_PROTOCOL_REMOTE_SCAN`: these protocol ids are defined but they are never used. Remove Collectd support: its code has never been called. If someone is really interested in this protocol, we can re-add it later, updating the dissector. Add decoding of PPI (Per-Packet Information) data link type.
* Added cybersecurity category mapping to stringLuca Deri2022-02-10
|
* Added cybersecurity protocol and category that groups traffic towards ↵Luca Deri2022-02-10
| | | | leading cybersecurity companies and CDNs, useful to make destinations that should be marked as trusted in firewalls and security gateways
* Sync unit tests results (#1423)Ivan Nardi2022-01-28
| | | Fix: 7a3aa41a
* Add a "confidence" field about the reliability of the classification. (#1395)Ivan Nardi2022-01-11
| | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
* Updated resultLuca Deri2022-01-09
|
* ndpiReader: slight simplificaton of the output (#1378)Ivan Nardi2021-11-27
|
* Refreshed results listLuca Deri2021-10-16
|
* Updated test results after latest commitLuca Deri2021-10-16
|
* Updated outputLuca Deri2021-08-07
|
* Updated download category nameLuca Deri2021-07-16
|
* ndpiReader: add statistics about nDPI performance (#1240)Ivan Nardi2021-07-13
| | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
* Updated category labelsLuca Deri2021-07-08
|
* Added flow risk scoreLuca Deri2021-05-18
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* Updated results due to the new fragment manager handlerLuca Deri2021-02-03
|
* Split HTTP request from response Content-Type. Request Content-Type should ↵Luca Deri2021-01-06
| | | | be present with POSTs and not with other methods such as GET
* Fixes #1029Luca Deri2020-11-27
|
* Fixes #1033Luca Deri2020-10-21
|
* Stddev calculation changesLuca Deri2020-08-30
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* Changed due to bin size extensionLuca Deri2020-07-30
|
* User agent detection improvementsLuca Deri2020-07-21
|
* Updated test results due to bin changesLuca Deri2020-07-09
|
* Fixes #906Luca Deri2020-06-22
| | | | Packet bins are not printed wehn empty
* Added ndpi_bin_XXX APILuca Deri2020-06-22
| | | | Added packet lenght distribution bins
* Added fix to avoid potential heap buffer overflow in H.323 dissectorLuca Deri2020-05-19
| | | | Modified HTTP report information to make it closer to the HTTP field names
* Added check for invalid HTTP URLsLuca Deri2020-05-16
|
* Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_riskLuca Deri2020-05-15
|
* Added the ability to detect when a known protocol is using a non-standard portLuca Deri2020-05-10
| | | | Added check to spot executables exchanged via HTTP
* Remove decimals in test results for IAT, packet lengths and goodput ratioemanuele-f2020-02-14
|
Powered by cgit, Themed by Ted Yin.