| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Add a "confidence" field about the reliability of the classification. (#1395) | Ivan Nardi | 2022-01-11 |
| | | | | | | | | | | | | | | As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic. | ||
| * | ndpiReader: slight simplificaton of the output (#1378) | Ivan Nardi | 2021-11-27 |
| | | |||
| * | Reworked HTTP protocol dissection including HTTP proxy and HTTP connect | Luca Deri | 2021-11-25 |
| | | |||
| * | Fix writes to `flow->protos` union fields (#1354) | Ivan Nardi | 2021-11-15 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | We can write to `flow->protos` only after a proper classification. This issue has been found in Kerberos, DHCP, HTTP, STUN, IMO, FTP, SMTP, IMAP and POP code. There are two kinds of fixes: * write to `flow->protos` only if a final protocol has been detected * move protocol state out of `flow->protos` The hard part is to find, for each protocol, the right tradeoff between memory usage and code complexity. Handle Kerberos like DNS: if we find a request, we set the protocol and an extra callback to further parsing the reply. For all the other protocols, move the state out of `flow->protos`. This is an issue only for the FTP/MAIL stuff. Add DHCP Class Identification value to the output of ndpiReader and to the Jason serialization. Extend code coverage of fuzz tests. Close #1343 Close #1342 | ||
| * | Fixed cleartext protocol assignment (#1357) | Ivan Nardi | 2021-10-25 |
| | | |||
| * | Refreshed results list | Luca Deri | 2021-10-16 |
| | | |||
| * | Updated test results after latest commit | Luca Deri | 2021-10-16 |
| | | |||
| * | Improved DGA detection for skipping potential DGAs of known/popular domain names | Luca Deri | 2021-10-05 |
| | | |||
| * | Update unit tests results after da8eed5a (#1323) | Ivan Nardi | 2021-10-05 |
| | | |||
| * | Updated output | Luca Deri | 2021-08-07 |
| | | |||
| * | ndpiReader: add statistics about nDPI performance (#1240) | Ivan Nardi | 2021-07-13 |
| | | | | | | | | The goal is to have a (roughly) idea about how many packets nDPI needs to properly classify a flow. Log this information (and guessed flows number too) during unit tests, to keep track of improvements/regressions across commits. | ||
| * | Added flow risk score | Luca Deri | 2021-05-18 |
| | | |||
| * | Added browser TLS heuristic | Luca Deri | 2021-05-13 |
| | | |||
| * | Improves STUN dissection removing an invalid termination condition that ↵ | Luca Deri | 2021-01-13 |
| | | | | | prevented Skype calls to be properly identified | ||
| * | Fixes #1029 | Luca Deri | 2020-11-27 |
| | | |||
| * | Various optimizations to reduce not-necessary calls | Luca Deri | 2020-09-24 |
| | | | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive | ||
| * | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 |
| | | |||
| * | Stddev calculation changes | Luca Deri | 2020-08-30 |
| | | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 |
| | | | | | Optimized stddev calculation | ||
| * | Fixed partial TLS dissection | Luca Deri | 2020-07-30 |
| | | |||
| * | Changed due to bin size extension | Luca Deri | 2020-07-30 |
| | | |||
| * | Updated test results due to bin changes | Luca Deri | 2020-07-09 |
| | | |||
| * | Fixes #906 | Luca Deri | 2020-06-22 |
| | | | | | Packet bins are not printed wehn empty | ||
| * | Added ndpi_bin_XXX API | Luca Deri | 2020-06-22 |
| | | | | | Added packet lenght distribution bins | ||
| * | Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS | Luca Deri | 2020-06-08 |
| | | |||
| * | Added TLS weak cipher and obsolete protocol version detection | Luca Deri | 2020-05-10 |
| | | |||
| * | Added the ability to detect when a known protocol is using a non-standard port | Luca Deri | 2020-05-10 |
| | | | | | Added check to spot executables exchanged via HTTP | ||
| * | Added TLS issuerDN and subjectDN | Luca Deri | 2020-05-07 |
| | | |||
| * | Results update | Luca Deri | 2020-04-17 |
| | | |||
| * | Remove decimals in test results for IAT, packet lengths and goodput ratio | emanuele-f | 2020-02-14 |
| | | |||
| * | Added export of TLS supported version in TLS header | Luca Deri | 2020-02-07 |
| | | |||
| * | Added TLS ALPN support | Luca Deri | 2020-02-07 |
| | | |||
| * | Improved DNS response decoding | Luca Deri | 2020-02-04 |
| | | | | | The first decoded address is now reported by ndpiReader | ||
| * | Reworked TLS dissection | Luca | 2020-01-01 |
| | | |||
| * | Improvements to stop dissection when the first protocol is detected | Luca Deri | 2019-11-28 |
| | | | | | | Used IP-based detection to compute the application protocol Improved application detection | ||
| * | Updated results | Luca Deri | 2019-11-21 |
| | | |||
| * | Major cleanup | Luca Deri | 2019-10-24 |
| | | | | | Removed ndpi_pref_http_dont_dissect_response and ndpi_pref_dns_dont_dissect_response as the ndpi_extra_dissection_possible() call will now handle everything | ||
| * | Manual merge of pull #769 | Luca Deri | 2019-10-02 |
| | | |||
| * | Added Zoom protocol support removing invalid STUN/Skype detections | Luca Deri | 2019-09-26 |