| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
| |
Fix: 7a3aa41a
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.
In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).
Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can write to `flow->protos` only after a proper classification.
This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP,
SMTP, IMAP and POP code.
There are two kinds of fixes:
* write to `flow->protos` only if a final protocol has been detected
* move protocol state out of `flow->protos`
The hard part is to find, for each protocol, the right tradeoff between
memory usage and code complexity.
Handle Kerberos like DNS: if we find a request, we set the protocol
and an extra callback to further parsing the reply.
For all the other protocols, move the state out of `flow->protos`. This
is an issue only for the FTP/MAIL stuff.
Add DHCP Class Identification value to the output of ndpiReader and to
the Jason serialization.
Extend code coverage of fuzz tests.
Close #1343
Close #1342
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.
Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
|
| | |
|
| |
|
|
| |
Removed fragment manager code
|
| | |
|
| |
|
|
|
|
|
|
| |
Before
Accuracy 66%, Precision 86%, Recall 38%
After
Accuracy 71%, Precision 89%, Recall 49%
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name
Close #1077
* QUIC: fix matching of custom categories
* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions
* QUIC: fix serialization
* QUIC: add DGA check for older GQUIC versions
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Improve Spotify detection.
* Improve Skype detection.
* Improve Microsoft detection.
* Fix Microsoft detection categories.
* Improve Waze detection.
* Improve Apple detection.
* Improve WindowsUpdate detection.
* Improve TikTok detection.
* Improve Teams detection.
* Improve Youtube detection.
* Improve Messenger detection.
* Improve Twitch detection.
* Improve Hulu detection.
* Improve Facebook detection.
* Improve AmazonVideo detection.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
not condidered safe/secure
|
| |
|
|
| |
Optimized stddev calculation
|
| | |
|
| | |
|
| |
|
|
| |
Added packet lenght distribution bins
|
| |
|