| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add few scripts to easily update some IPs lists
Some IPs lists should be updated frequently: try to easy the process.
The basic idea is taken from d59fefd0 and a8fe74e5 (for Azure
addresses): one specific .c.inc file and one script for each protocol.
Add the possibility to don't load a specific list.
Rename the old NDPI_PROTOCOL_HOTMAIL id to NDPI_PROTOCOL_MS_OUTLOOK,
to identify Hotmail/Outlook/Exchange flows.
TODO: ipv6
Remove the 9 addresses associated to BitTorrent: they have been added in
e2f21116 but it is not clear why all the traffic to/from these ips
should be classified as BitTorrent.
* Added quotes
* Added quotes
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.
In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).
Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve Microsoft, GMail, Likee, Whatsapp, DisneyPlus and Tiktok
detection.
Add Vimeo, Fuze, Alibaba and Firebase Crashlytics detection.
Try to differentiate between Messenger/Signal standard flows (i.e chat)
and their VOIP (video)calls (like we already do for Whatsapp and
Snapchat).
Add a partial list of some ADS/Tracking stuff.
Fix Cassandra, Radius and GTP false positives.
Fix DNS, Syslog and SIP false negatives.
Improve GTP (sub)classification: differentiate among GTP-U, GTP_C and
GTP_PRIME.
Fix 3 LGTM warnings.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.
Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
|
| |
|
|
| |
Removed fragment manager code
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Optimized various UDP dissectors
Removed dead protocols such as pando and pplive
|
| | |
|
| |
|
|
|
| |
Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC
Still no sub-classification for Q050 and QUIC
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Packet bins are not printed wehn empty
|
| |
|
|
| |
Added packet lenght distribution bins
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
The first decoded address is now reported by ndpiReader
|
| | |
|
| | |
|
| |
|
|
| |
Removed ndpi_pref_http_dont_dissect_response and ndpi_pref_dns_dont_dissect_response as the ndpi_extra_dissection_possible() call will now handle everything
|
| | |
|
| |
|
|
|
| |
Removed GenericProtocol and replaced with categories
Removed ndpi_pref_enable_category_substring_match option: substring matching is now default
|
| |
|
|
|
| |
Further DNS dissection fixes
Fixed WeChat invalid category
|
| | |
|
| |
|
|
|
|
| |
has been removed
Various improvemenets in detection quality
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Improved IAT and byte distribution
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Renamed ssl to tls
|
| | |
|
| |
|
|
| |
Default human readeable strings lenght is not 5 chars (used to be 8)
|
| | |
|
| | |
|
| |
|
|
|
| |
-v 1 now prints only unknown flows
-v 2 now prints all flows
|