aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
* Add GearUP Booster protocol dissector (heuristic based).add/gearup_booster-protocol-dissectorToni Uhlig2025-03-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add GearUP Booster application protocol. (#2764)Toni2025-03-06
| | | | | protocol dissector will follow Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Autonomous System Organization to geoip (#2763)Leonardo Teixeira Alves2025-03-06
| | | Co-authored-by: Leonardo Teixeira Alves <leonardo.alves@zerum.com>
* Add configuration parameter to enable/disable export of flow risk info (#2761)Ivan Nardi2025-03-05
| | | | For the most common protocols, avoid creating the string message if we are not going to use it
* Fix function checking if a packet is multicastIvan Nardi2025-03-04
|
* custom rules: try to have a coherent behaviourIvan Nardi2025-03-04
| | | | | | | | | | | | | Custom rules with *new* protocols are checked "first": if there is a match, the first packet of the flow provides a complete and final classification. The same logic should apply to custom rules with "existing" protocols: if there is match, nDPI shouldn't do anything else. Remove the `tcp:3000@ntop` custom rule. Fix the default port for ElasticSearch (in the protocol file)
* Flow risk infos are always exported "in order" (by flow risk id)Ivan Nardi2025-03-04
| | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order.
* ICMP: move all the logic to the proper dissector fileIvan Nardi2025-02-28
| | | | | | | There are no reasons to keep entropy calculation and sanity checks code on the "guessing" algorithm. BTW, this change also fix the entropy calculation for non TCP/UDP/ICMP flows
* Added valid TLS extensions that used to trigger invalid risksLuca Deri2025-02-27
|
* Add a basic example to show how to use geo API (#2747)Ivan Nardi2025-02-25
| | | Credits to @LTxAlves
* Improved Tor detectionLuca Deri2025-02-24
|
* Sync unit tests resultsIvan Nardi2025-02-24
|
* Improved Tor exit node download and added IPv6 supportLuca Deri2025-02-24
|
* Improved Google PlayStore detectionLuca Deri2025-02-24
|
* UBNTAC2: rework detection (#2744)Ivan Nardi2025-02-23
|
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Update the capture length of the ssdp example (#2741)Ivan Nardi2025-02-21
| | | | | | | | Some old libpcap versions don't handle pcap files with capture length bigger than 262144 bytes ``` ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144 ```
* Create a new protocol id to handle Mozilla/Firefox generic traffic (#2740)Ivan Nardi2025-02-21
| | | Close #2738
* Updated test resultLuca2025-02-21
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Updated test rsults after RTP payload extractionLuca Deri2025-02-19
|
* Fixed bug in domain name computationLuca Deri2025-02-17
|
* DNS: rework "extra-dissection" code (#2735)Ivan Nardi2025-02-17
|
* DNS: fix message parsing (#2732)Ivan Nardi2025-02-16
|
* Implement SSDP Metadata export (#2729)Ivan Kapranov2025-02-16
| | | Close #2524
* DNS: fix parsing of hostname for empty response messages (#2731)Ivan Nardi2025-02-16
|
* DNS: rework adding entries to the FPC-DNS cache (#2730)Ivan Nardi2025-02-16
| | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support
* DNS: improved detection and handling of TCP packets (#2728)Ivan Nardi2025-02-15
|
* DNS: rework code (#2727)Ivan Nardi2025-02-15
|
* Added RUTUBE (#2725)Ivan Kapranov2025-02-15
|
* DNS: fix dissection (#2726)Ivan Nardi2025-02-15
|
* DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724)Ivan Nardi2025-02-15
| | | We already set the same flow risk for invalid request messages
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
* DNS: try to simplify the code (#2718)Ivan Nardi2025-02-12
| | | Set the classification in only one place in the code.
* ndpiReader: print more DNS information (#2717)Ivan Nardi2025-02-11
|
* DNS: fix check for DGA domain (#2716)Ivan Nardi2025-02-11
| | | | If we have a (potential) valid sub-classification, we shoudn't check for DGA, even if the subclassification itself is disabled!
* DNS: disable subclassification by default (#2715)Ivan Nardi2025-02-11
| | | | Prelimary change to start supporting multiple DNS transactions on the same flow
* DNS: evaluate all flow risks even if sub-classification is disabled (#2714)Ivan Nardi2025-02-11
|
* dns: fix writing to `flow->protos.dns`Ivan Nardi2025-02-11
| | | | | We can't write to `flow->protos.dns` until we are sure it is a valid DNS flow
* DNS: fix dissection when there is only the response messageIvan Nardi2025-02-11
|
* DNS: extend testsIvan Nardi2025-02-11
|
* Added ndpi_find_protocol_qoe() API callLuca Deri2025-02-10
| | | | Updated (C)
* Remove some redundant tests (#2710)Ivan Nardi2025-02-04
|
* Extend regression testsIvan Nardi2025-02-04
|
* DNS: another fix about the relationship between FPC and subclassification ↵Ivan Nardi2025-01-31
| | | | | (#2709) See: c669bb314
* bittorrent: add configuration for "hash" metadata (#2706)Ivan Nardi2025-01-31
| | | Fix confidence value for same TCP flows
* HTTP: add configuration for some metadata (#2704)Ivan Nardi2025-01-31
| | | Extend file configuration for just subclassification.
* Auto-generate Microsoft-related list of domains (#2688)Ivan Nardi2025-01-31
|
* Create a specific configuration for classification only (#2689)Ivan Nardi2025-01-31
| | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.
Powered by cgit, Themed by Ted Yin.