aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
...
* STUN: slightly faster sub-classification with DTLS (#2404)Ivan Nardi2024-04-23
|
* Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398)0x41CEA552024-04-19
|
* Add KNXnet/IP protocol support (#2397)0x41CEA552024-04-19
| | | | | * Add KNXnet/IP protocol support * Improve KNXnet/IP over TCP detection
* Domain Classification Improvements (#2396)Luca Deri2024-04-18
| | | | | | | | | | | | | | | | | | | * Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list
* STUN: try to stop extra dissection earlier, if possible (#2390)Ivan Nardi2024-04-13
|
* STUN: add support for ipv6 in some metadata (#2389)Ivan Nardi2024-04-13
|
* STUN: fix boundary checks on attribute list parsing (#2387)Ivan Nardi2024-04-12
| | | | | Restore all unit tests. Add some configuration knobs. Fix the endianess.
* Added commentLuca Deri2024-04-12
|
* Implemented STUN peer_address, relayed_address, response_origin, ↵Luca Deri2024-04-12
| | | | | | | other_address parsing Added code to ignore invalid STUN realm Extended JSON output with STUN information
* Add Label Distribution Protocol support (#2385)Vladimir Gavrilov2024-04-12
| | | | | | | * Add Label Distribution Protocol support * Fix typo * Update unit test results
* Fix `ndpi_reconcile_msteams_udp` (#2377)Ivan Nardi2024-04-12
| | | | | | | Microsoft UDP traffic over port ~3478 is voip traffic, using some kind of proprietary STUN-like protocol: so use the most specific protocol id. More important, we definitely want `Stun/Skype_TeamsCall` and not `Stun/Skype_Teams`
* Updated unit test resultsToni Uhlig2024-04-12
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated unit test resultsToni Uhlig2024-04-12
| | | | | | * fixed invalid read Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN:Luca Deri2024-04-12
| | | | | - Fixed issue with XOR-MAPPED-ADDRESS decoding - Implemented MAPPED_ADDRESS (IPv4 only)
* Update unit tests resultsNardi Ivan2024-04-11
|
* Add The Elder Scrolls Online support (#2376)Vladimir Gavrilov2024-04-10
| | | | | | | | | | | * Add The Elder Scrolls Online support * Use ndpi_memmem instead of memmem from libc * Add protocol description * Change selection bitmask to V4_V6 * Update protocols.rst
* Add Shellscript risk detection. (#2375)Toni2024-04-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix a warning and restore a unit test result (#2379)Ivan Nardi2024-04-10
|
* Tuned DNS risk valuesLuca Deri2024-04-09
| | | | Modified NDPI_BINARY_TRANSFER_ATTEMPT in NDPI_BINARY_DATA_TRANSFER
* Disabled "known proto on non standard port" for FTP_DATALuca Deri2024-04-09
|
* Fixed false positives on binary application transfer riskLuca Deri2024-04-08
|
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* Add ELF risk detection (detect transmitted linux executables). (#2373)Toni2024-04-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Calculate packet entropy for unknown protocols. (#2369)Toni2024-04-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Get rid of Apache Kafka false positives (#2372)Vladimir Gavrilov2024-04-06
|
* Add PE32/PE32+ risk detection (detect transmitted windows executables). (#2312)Toni2024-04-05
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* STUN: rework sub-classification (#2361)Ivan Nardi2024-04-04
| | | | | The main goal is to have the "real" application (if any; i.e. Signal/Whatsapp/Telegram/...) always as "application" protocol and not as "master" one
* Added support for STUN Mapped IP addressLuca Deri2024-04-03
|
* Update unit tests resultsNardi Ivan2024-04-03
|
* Added binary data transfer risk alertLuca2024-04-03
|
* Disable `-Wno-unused-parameter -Wno-unused-function`. (#2358)Toni2024-04-03
| | | | | * unused parameters and functions pollute the code and decrease readability Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve LoL: Wild Rift detection (#2359)Vladimir Gavrilov2024-03-28
|
* Add LoL: Wild Rift detection (#2356)Vladimir Gavrilov2024-03-26
|
* Add more TencentGames signatures (#2354)Vladimir Gavrilov2024-03-21
|
* Improve TencentGames detection (#2353)Vladimir Gavrilov2024-03-20
| | | | | * Improve TencentGames detection * Add more signatures
* STUN: remove workaround to identify RTP trafficNardi Ivan2024-03-20
| | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector
* STUN: dissection of TURN Channel DataNardi Ivan2024-03-20
|
* Add FLUTE protocol dissector (#2351)Vladimir Gavrilov2024-03-19
| | | | | * Add FLUTE protocol dissector * Add flute.c to MSVC project
* LRU cache: move to 64 bits long keys (#2346)Ivan Nardi2024-03-15
| | | | | | Tradeoff between key comparison efficiency (i.e. no `memcmp`) and key length. At least in the ipv4 cases, we have no more different entries with the same key.
* STUN: fix parsing of DATA attribute (#2345)Ivan Nardi2024-03-14
|
* Add PFCP protocol dissector (#2342)Vladimir Gavrilov2024-03-13
|
* STUN: add a parameter to configure how long the extra dissection lasts (#2336)Ivan Nardi2024-03-07
| | | Tradeoff: performance (i.e. number of packets) vs sub-classification
* Add a specific protocol id for audio/video calls made using Google apps (#2341)Ivan Nardi2024-03-07
| | | Same logic already used for Signal/Whatsapp/Line/Facebook/...
* Add Path of Exile protocol dissector (#2337)Vladimir Gavrilov2024-03-06
| | | | | * Add Path of Exile protocol dissector * Update protocols.rst
* ahocorasick: improve matching with subdomains (#2331)Ivan Nardi2024-03-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The basic idea is to have the following logic: * pattern "DOMAIN" matches the domain itself (i.e exact match) *and* any subdomains (i.e. "ANYTHING.DOMAIN") * pattern "DOMAIN." matches *also* any strings for which is a prefix [please, note that this kind of match is handy but it is quite dangerous...] * pattern "-DOMAIN" matches *also* any strings for which is a postfix Examples: * pattern "wikipedia.it": * "wikipiedia.it" -> OK * "foo.wikipedia.it -> OK * "foowikipedia.it -> NO MATCH * "wikipedia.it.com -> NO MATCH * pattern "wikipedia.": * "wikipedia.it" -> OK * "foo.wikipedia.it -> OK * "foowikipedia.it -> NO MATCH * "wikipedia.it.com -> OK * pattern "-wikipedia.it": * "wikipedia.it" -> NO MATCH * "foo.wikipedia.it -> NO MATCH * "0001-wikipedia.it -> OK * "foo.0001-wikipedia.it -> OK Bottom line: * exact match * prefix with "." (always, implicit) * prefix with "-" (only if esplicitly set) * postfix with "." (only if esplicitly set) That means that the patterns cannot start with '.' anymore. Close #2330
* Improved alert on suspicious DNS trafficLuca Deri2024-03-05
|
* Add NetEase Games detection support (#2335)Vladimir Gavrilov2024-03-05
|
* Add Naraka Bladepoint detection support (#2334)Vladimir Gavrilov2024-03-04
|
* Add BFD protocol dissector (#2332)Vladimir Gavrilov2024-02-29
|
* TLS: avoid setting some flow risks for webrtc trafficNardi Ivan2024-02-26
| | | | | Is quite rare to have a SNI or an ALPN on Client Hello of STUN/DTLS/SRTP traffic
Powered by cgit, Themed by Ted Yin.