libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	Add Softether dissector. (#1679)	Toni	2022-07-29
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Patricia tree, Ahocarasick automa, LRU cache: add statistics (#1683)	Ivan Nardi	2022-07-29
\| \| \| \| \| \| \| \| \| \|	Add (basic) internal stats to the main data structures used by the library; they might be usefull to check how effective these structures are. Add an option to `ndpiReader` to dump them; enabled by default in the unit tests. This new option enables/disables dumping of "num dissectors calls" values, too (see b4cb14ec).
*	TINC: avoid processing SYN packets (#1676)	Ivan Nardi	2022-07-28
\| \| \| \| \| \| \| \| \| \| \|	Since e6b332aa, we have proper support for detecting client/server direction. So Tinc dissector is now able to properly initialize the cache entry only when needed and not anymore at the SYN time; initializing that entry for every SYN packets was a complete waste of resources. Since 4896dabb, the various `struct ndpi_call_function_struct` structures are not more separate objects and therefore comparing them using only their pointers is bogus: this bug was triggered by this change because `ndpi_str->callback_buffer_size_tcp_no_payload` is now 0.
*	Update the protocol bitmask for some protocols (#1675)	Ivan Nardi	2022-07-27
\| \| \| \| \| \| \|	Tcp retransmissions should be ignored. Remove some unused protocol bitmasks. Update script to download Whatsapp IP list.
*	Add AVAST dissector. (#1674)	Toni	2022-07-25
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Added AliCloud server access dissector. (#1672)	Toni	2022-07-23
\| \| \| \|	Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	TLS: improve reassembler (#1669)	Ivan Nardi	2022-07-22
\| \| \| \| \| \| \| \|	* TLS: cosmetic changes * TLS: improve reassembler We might need to contemporary re-order messages from both directions: use one buffer per direction.
*	DTLS: fix exclusion of DTLS protocol	Nardi Ivan	2022-07-20
\| \| \| \|	Add an helper to exclude a generic protocol
*	SKYPE: remove detection over TCP	Nardi Ivan	2022-07-20
\| \| \| \| \| \|	Skype detection over TCP has been completely disable since 659f75138 (3 years ago!). Since that logic was too weak anyway, remove it.
*	Improved Jabber/XMPP detection. (#1661)	Toni	2022-07-13
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Keep track of how many dissectors calls we made for each flow (#1657)	Ivan Nardi	2022-07-11
\|
*	SMB: add (partial) support for messages split into multiple TCP segments (#1644)	Ivan Nardi	2022-07-07
\|
*	Avoid spurious calls to extra dissection (#1648)	Ivan Nardi	2022-07-07
\| \| \| \|	If the extra callabck is not set, calling the extra dissection is only a waste of resources...
*	Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)	Ivan Nardi	2022-07-05
\|
*	Add two new confidence values: confidence by partial DPI (#1632)	Ivan Nardi	2022-07-04
\| \| \| \|	Used for all classifications based on partial/incomplete DPI information, i.e. all classifications done in `ndpi_detection_giveup()`.
*	Added unidirectional traffic flow risk	Luca Deri	2022-06-20
\|
*	Updated DNS alert triggered only with TTL == 0	Luca Deri	2022-06-14
\|
*	Improved DNS traffic analysis	Luca Deri	2022-06-13
\| \| \| \|	Added ability to identify application and network protocols
*	Fixed dispay bug for risk_info	Luca Deri	2022-05-30
\|
*	Updated tests results	Luca Deri	2022-05-30
\| \| \| \|	Code cleanup
*	Sync unit test results (#1554)	Ivan Nardi	2022-05-26
\|
*	Sync unit tests results (#1533)	Ivan Nardi	2022-04-27
\|
*	Improved TLS application data detection. (#1532)	Toni	2022-04-27
\| \| \|	Signed-off-by: lns <matzeton@googlemail.com>
*	Silenced	Luca Deri	2022-02-14
\| \| \| \| \| \| \| \| \|	NDPI_SUSPICIOUS_DGA_DOMAIN, NDPI_BINARY_APPLICATION_TRANSFER, NDPI_HTTP_NUMERIC_IP_HOST, NDPI_MALICIOUS_JA3, for predefined connectivity check and cybersec categories
*	Updated test results	Luca Deri	2022-02-03
\|
*	Sync unit tests results (#1423)	Ivan Nardi	2022-01-28
\| \| \|	Fix: 7a3aa41a
*	STUN: fix "confidence" value for some classifications (#1407)	Ivan Nardi	2022-01-15
\|
*	Improved MicrosoftAzure detection	Luca Deri	2022-01-12
\|
*	Add a "confidence" field about the reliability of the classification. (#1395)	Ivan Nardi	2022-01-11
\| \| \| \| \| \| \| \| \| \| \| \| \|	As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
*	Added Microsoft Azure support	Luca Deri	2021-12-19
\|
*	ndpiReader: slight simplificaton of the output (#1378)	Ivan Nardi	2021-11-27
\|
*	Fix writes to `flow->protos` union fields (#1354)	Ivan Nardi	2021-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We can write to `flow->protos` only after a proper classification. This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP, SMTP, IMAP and POP code. There are two kinds of fixes: * write to `flow->protos` only if a final protocol has been detected * move protocol state out of `flow->protos` The hard part is to find, for each protocol, the right tradeoff between memory usage and code complexity. Handle Kerberos like DNS: if we find a request, we set the protocol and an extra callback to further parsing the reply. For all the other protocols, move the state out of `flow->protos`. This is an issue only for the FTP/MAIL stuff. Add DHCP Class Identification value to the output of ndpiReader and to the Jason serialization. Extend code coverage of fuzz tests. Close #1343 Close #1342
*	Fixed cleartext protocol assignment (#1357)	Ivan Nardi	2021-10-25
\|
*	Refreshed results list	Luca Deri	2021-10-16
\|
*	Updated test results after latest commit	Luca Deri	2021-10-16
\|
*	Updated output	Luca Deri	2021-08-07
\|
*	ndpiReader: add statistics about nDPI performance (#1240)	Ivan Nardi	2021-07-13
\| \| \| \| \| \| \|	The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits.
*	Updated category labels	Luca Deri	2021-07-08
\|
*	Addesses partial application matching (#1207)	Luca Deri	2021-06-21
\|
*	Fixed expected output	Luca Deri	2021-06-03
\|
*	Improved TLS browser detection heuristics	Luca Deri	2021-05-19
\|
*	Added flow risk score	Luca Deri	2021-05-18
\|
*	Reworked human readeable string search in flows	Luca Deri	2021-05-17
\| \| \| \|	Removed fragment manager code
*	Added browser TLS heuristic	Luca Deri	2021-05-13
\|
*	Better DGA detection (slightly decreased accuracy)	Luca Deri	2021-03-20
\|
*	Improved DGA detection	Luca Deri	2021-03-03
\| \| \| \| \| \| \| \|	Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
*	Improved nDPI string matching algorithm	Luca Deri	2021-02-18
\|
*	STUN improvements	Luca Deri	2021-02-10
\|
*	(Temporarely) Disabled fragment manager (#1129)	Luca Deri	2021-02-05
\|
*	Updated results due to the new fragment manager handler	Luca Deri	2021-02-03
\|