libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Improve protocol stacks (#1425)	Ivan Nardi	2022-01-30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
*	Sync unit tests results (#1423)	Ivan Nardi	2022-01-28
\| \| \|	Fix: 7a3aa41a
*	Improved MicrosoftAzure detection	Luca Deri	2022-01-12
\|
*	Add a "confidence" field about the reliability of the classification. (#1395)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \|	As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
*	Added Microsoft Azure support	Luca Deri	2021-12-19
\|
*	ndpiReader: slight simplificaton of the output (#1378)	Ivan Nardi	2021-11-27
\|
*	Fixed cleartext protocol assignment (#1357)	Ivan Nardi	2021-10-25
\|
*	Refreshed results list	Luca Deri	2021-10-16
\|
*	Updated test results after latest commit	Luca Deri	2021-10-16
\|
*	Clode cleanup (after last merge)	Luca Deri	2021-08-08
\|
*	Added entropy calculation to check for suspicious (encrypted) payload. (#1270)	Toni	2021-08-08
\| \| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
*	Updated output	Luca Deri	2021-08-07
\|
*	Reworked flow risk implementation	Luca Deri	2021-07-23
\|
*	ndpiReader: add statistics about nDPI performance (#1240)	Ivan Nardi	2021-07-13
\| \| \| \| \| \| \|	The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
*	Added flow risk score	Luca Deri	2021-05-18
\|
*	Added browser TLS heuristic	Luca Deri	2021-05-13
\|
*	Improved DGA detection	Luca Deri	2021-03-03
\| \| \| \| \| \| \| \|	Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
*	Improved DGA detection with trigrams. Disadvantage: slower startup time	Luca Deri	2021-03-03
\| \| \| \| \|	Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
*	Restored QUIC stats	Luca Deri	2020-12-30
\|
*	Fixed output when tLS (nad not QUIC) is used	Luca Deri	2020-12-28
\|
*	Quic fixes (#1067)	Ivan Nardi	2020-11-22
	* QUIC: fix return value on error path on quic_cipher_init() * QUIC: allow dissection of sessions forcing version negotiation Enhance heuristic to avoid false positives.