libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Added AliCloud server access dissector. (#1672)	Toni	2022-07-23
\| \| \| \|	Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	TLS: improve reassembler (#1669)	Ivan Nardi	2022-07-22
\| \| \| \| \| \| \| \|	* TLS: cosmetic changes * TLS: improve reassembler We might need to contemporary re-order messages from both directions: use one buffer per direction.
*	DTLS: fix exclusion of DTLS protocol	Nardi Ivan	2022-07-20
\| \| \| \|	Add an helper to exclude a generic protocol
*	SKYPE: remove detection over TCP	Nardi Ivan	2022-07-20
\| \| \| \| \| \|	Skype detection over TCP has been completely disable since 659f75138 (3 years ago!). Since that logic was too weak anyway, remove it.
*	reader_util: stop processing a flow (#1666)	Ivan Nardi	2022-07-20
\| \| \| \|	We should stop processing a flow if all protocols have been excluded or if we have already processed too many packets.
*	Improved Jabber/XMPP detection. (#1661)	Toni	2022-07-13
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Keep track of how many dissectors calls we made for each flow (#1657)	Ivan Nardi	2022-07-11
\|
*	Avoid spurious calls to extra dissection (#1648)	Ivan Nardi	2022-07-07
\| \| \| \|	If the extra callabck is not set, calling the extra dissection is only a waste of resources...
*	Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)	Ivan Nardi	2022-07-05
\|
*	Enhanced TLS risk info reported to users	Luca Deri	2022-06-28
\|
*	Added unidirectional traffic flow risk	Luca Deri	2022-06-20
\|
*	Updated DNS alert triggered only with TTL == 0	Luca Deri	2022-06-14
\|
*	Improved DNS traffic analysis	Luca Deri	2022-06-13
\| \| \| \|	Added ability to identify application and network protocols
*	Dissect host line if SSDP contains such. (#1586)	Toni	2022-06-07
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Updated risk results	Luca Deri	2022-05-30
\|
*	Updated tests results	Luca Deri	2022-05-30
\| \| \| \|	Code cleanup
*	Updated SkypeCall -> Skype_TeamsCall	Luca Deri	2022-05-26
\|
*	Improved TLS application data detection. (#1541)	Toni	2022-05-08
\| \| \| \| \| \|	* #1532 did fx TLS appdata detection only partially * use flow->l4.tcp.tls.message.buffer_used instead of packet->payload Signed-off-by: lns <matzeton@googlemail.com>
*	Sync unit tests results (#1533)	Ivan Nardi	2022-04-27
\|
*	Improved TLS application data detection. (#1532)	Toni	2022-04-27
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Silenced	Luca Deri	2022-02-14
\| \| \| \| \| \| \| \| \|	NDPI_SUSPICIOUS_DGA_DOMAIN, NDPI_BINARY_APPLICATION_TRANSFER, NDPI_HTTP_NUMERIC_IP_HOST, NDPI_MALICIOUS_JA3, for predefined connectivity check and cybersec categories
*	Add few scripts to easily update some IPs lists (#1436)	Ivan Nardi	2022-02-09
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add few scripts to easily update some IPs lists Some IPs lists should be updated frequently: try to easy the process. The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure addresses): one specific .c.inc file and one script for each protocol. Add the possibility to don't load a specific list. Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK, to identify Hotmail/Outlook/Exchange flows. TODO: ipv6 Remove the 9 addresses associated to BitTorrent: they have been added in e2f21116 but it is not clear why all the traffic to/from these ips should be classified as BitTorrent. * Added quotes * Added quotes Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
*	Improve protocol stacks (#1425)	Ivan Nardi	2022-01-30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We should have two protocols in classification results only when the "master" protocol allows some sub-protocols. Classifications like `AmazonAWS`, `TLS/AmazonAWS`, `DNS/AmazonAWS` are fine. However classifications like `NTP/Apple`, `BitTorrent/Azure`, `DNScrypt.AmazonAWS` or `NestLogSink.Google` are misleading. For example, `ndpiReader`shows `BitTorrent/Azure` flows under `Azure` statistics; that seems to be wrong or, at least, very misleading. This is quite important since we have lots of addresses from CDN operators. The only drawback of this solution is that right now ICMP traffic is classified simply as `ICMP`; if we are really interested in ICMP stuff we can restore the old behaviour later.
*	Sync unit tests results (#1423)	Ivan Nardi	2022-01-28
\| \| \|	Fix: 7a3aa41a
*	Add a "confidence" field about the reliability of the classification. (#1395)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \|	As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
*	ndpiReader: slight simplificaton of the output (#1378)	Ivan Nardi	2021-11-27
\|
*	Fixed cleartext protocol assignment (#1357)	Ivan Nardi	2021-10-25
\|
*	Refreshed results list	Luca Deri	2021-10-16
\|
*	Updated test results after latest commit	Luca Deri	2021-10-16
\|
*	Improved DGA detection for skipping potential DGAs of known/popular domain names	Luca Deri	2021-10-05
\|
*	Update unit tests results after da8eed5a (#1323)	Ivan Nardi	2021-10-05
\|
*	Fixed some invalid TLS guesses	Luca Deri	2021-08-17
\|
*	Updated output	Luca Deri	2021-08-07
\|
*	ndpiReader: add statistics about nDPI performance (#1240)	Ivan Nardi	2021-07-13
\| \| \| \| \| \| \|	The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
*	Renamed Skyp in Skype_Teams as the protocol is now shared across these apps	Luca Deri	2021-06-02
\|
*	Added flow risk score	Luca Deri	2021-05-18
\|
*	Updated protocol category	Luca Deri	2021-05-15
\|
*	Fixed invalid DNS dissection	Luca Deri	2021-04-26
\|
*	Improved DNS dissector	Luca Deri	2021-02-26
\|
*	Implemented TLS Certificate Sibject matching	Luca Deri	2021-02-22
\| \| \| \|	Improved AnyDesk detection
*	Improved (partial) TLS dissection	Luca Deri	2021-02-04
\|
*	Fixes #1029	Luca Deri	2020-11-27
\|
*	Tests update	Luca Deri	2020-10-02
\|
*	Reworked MDNS dissector that is not based on the DNS dissector	Luca Deri	2020-09-17
\|
*	Stddev calculation changes	Luca Deri	2020-08-30
\|
*	Fixed false positive in suspicous user agent	Luca Deri	2020-08-30
\| \| \| \|	Optimized stddev calculation
*	Fixed partial TLS dissection	Luca Deri	2020-07-30
\|
*	Changed due to bin size extension	Luca Deri	2020-07-30
\|
*	Updated test results due to bin changes	Luca Deri	2020-07-09
\|
*	Fixes #906	Luca Deri	2020-06-22
\| \| \| \|	Packet bins are not printed wehn empty