libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
...
*	Added risks for checking	Luca Deri	2020-09-21
\| \| \| \| \|	- invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
*	Exclude sanitizer on unit tests involving json-c due to a bug in the lib	Alfredo Cardigliano	2020-09-21
\|
*	Add distdir directive	Alfredo Cardigliano	2020-09-21
\|
*	Add unit tests to travis. Move ndpi serializer tests to unit tests.	Alfredo Cardigliano	2020-09-21
\|
*	QUIC: add support for MVFST EXPERIMENTAL version	Nardi Ivan	2020-09-20
\|
*	Updated results	Luca Deri	2020-09-18
\|
*	Reworked MDNS dissector that is not based on the DNS dissector	Luca Deri	2020-09-17
\|
*	Merge pull request #1012 from IvanNardi/ua	Luca Deri	2020-09-17
\|\ \| \| \| \|	QUIC: extract User Agent information
\| *	QUIC: extract User Agent information	Nardi Ivan	2020-09-08
\| \|
* \|	Merge pull request #1014 from lnslbrty/improved/teamspeak	Luca Deri	2020-09-09
\|\ \ \| \| \| \| \| \|	Improved Teamspeak(3) protocol detection.
\| * \|	Improved Teamspeak(3) protocol detection.	Toni Uhlig	2020-09-09
\| \|/ \| \| \| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* /	Added extension to detect nested subdomains as used in Browsertunnel attack tool	Luca Deri	2020-09-09
\|/ \| \| \|	https://github.com/veggiedefender/browsertunnel
*	Added pcap file which contains dnscrypt-v1 data and resolver update ↵	Toni Uhlig	2020-09-07
\| \| \| \| \| \| \| \|	requests/responses (v1/v2). * Renamed dnscrypt.pcap to simple-dnscrypt.pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Added dnscrypt-v2-doh resolver test pcaps.	Toni Uhlig	2020-09-07
\| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵	Toni Uhlig	2020-09-02
\| \| \| \| \| \|	HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Merge pull request #999 from IvanNardi/quic	Luca Deri	2020-08-30
\|\ \| \| \| \|	QUIC: add support for GQUIC T050 and T051
\| *	QUIC: add support for GQUIC T050 and T051	Nardi Ivan	2020-08-30
\| \| \| \| \| \| \| \| \| \| \| \|	QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol.
* \|	Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵	Luca Deri	2020-08-30
\|/ \| \| \|	not condidered safe/secure
*	Stddev calculation changes	Luca Deri	2020-08-30
\|
*	Fixed false positive in suspicous user agent	Luca Deri	2020-08-30
\| \| \| \|	Optimized stddev calculation
*	QUIC: minor fixes	Nardi Ivan	2020-08-24
\| \| \| \| \| \|	LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
*	Creared IoT-Scada category	Luca Deri	2020-08-23
\| \| \| \|	Minor dnp3 changes
*	Added som GQUIC and IETF QUIC test pcaps	Luca Deri	2020-08-22
\|
*	Add sub-classification for GQUIC >= Q050 and (IETF-)QUIC	Nardi Ivan	2020-08-21
\| \| \| \| \| \| \| \| \| \| \|	Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted.
*	Major rework of QUIC dissector	Nardi Ivan	2020-08-21
\| \| \| \| \|	Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC
*	Added new check for detecting suspicious (too long) names	Luca Deri	2020-08-21
\|
*	Added the ability do identigy as DGA those host/domain names with too many ↵	Luca Deri	2020-08-21
\| \| \| \| \| \| \|	consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
*	MySQL8 update	Luca Deri	2020-08-21
\|
*	Added (manipulated) MySQL 8 test pcap.	Toni Uhlig	2020-08-20
\| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Merge pull request #974 from IvanNardi/esni4	Luca Deri	2020-08-13
\|\ \| \| \| \|	Suspicious ESNI usage: add a comment and a pcap example
\| *	Suspicious ESNI usage: add a comment and a pcap example	Nardi Ivan	2020-08-06
\| \| \| \| \| \| \| \|	See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* \|	Fixes invalid detection on traffic on non standard ports	Luca Deri	2020-08-12
\|/
*	Added new traffic category for connectivity check detection	Luca Deri	2020-08-04
\|
*	Fixed partial TLS dissection	Luca Deri	2020-07-30
\|
*	Changed due to bin size extension	Luca Deri	2020-07-30
\|
*	TLS dissection improvements	Luca Deri	2020-07-28
\|
*	Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1)	Luca Deri	2020-07-27
\|
*	SSH code cleanup	Luca Deri	2020-07-25
\|
*	User agent detection improvements	Luca Deri	2020-07-21
\|
*	Fixed makefile error message	Luca Deri	2020-07-13
\| \| \| \|	Code hardedning fix
*	Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵	Toni Uhlig	2020-07-11
\| \| \| \| \| \| \| \| \|	the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Updated test results due to bin changes	Luca Deri	2020-07-09
\|
*	Merge pull request #951 from lnslbrty/fix/ossfuzzer	Luca Deri	2020-07-06
\|\ \| \| \| \|	ossfuzz.sh: do not use wildcards for fuzzer e.g. fuzz/fuzz*
\| *	ossfuzz.sh: do not use wildcards for fuzzer e.g. fuzz/fuzz*	Toni Uhlig	2020-07-05
\| \| \| \| \| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* \|	Merge pull request #950 from lnslbrty/improved/http-line-parsing	Luca Deri	2020-07-06
\|\ \ \| \| \| \| \| \|	Improved HTTP line parsing if request splitted into multiple packets.
\| * \|	Improved HTTP line parsing if request splitted into multiple packets.	Toni Uhlig	2020-07-05
\| \|/ \| \| \| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* \|	Merge pull request #940 from lnslbrty/fix/small-and-optimistic-improvments	Luca Deri	2020-07-06
\|\ \ \| \|/ \|/\|	Fixed CodeInspector issues.
\| *	Fixed CodeInspector issues.	Toni Uhlig	2020-07-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Added compiler search list for AC_PROG_CC, AM_PROG_CC_C_O, AC_PROG_CXX, AC_PROG_CC_STDC for Mac OS X only The list rendered the AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer]) useless as it did use clang for AX_CHECK_COMPILE_FLAG but gcc during the compile process. Seems broken somehow. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* \|	Merge pull request #943 from lnslbrty/fix/missing-lengthcheck-in-tls-esni	Luca Deri	2020-07-01
\|\ \ \| \| \| \| \| \|	Fixed heap overflow in tls esni extraction triggered by manipulated p…
\| * \|	Fixed heap overflow in tls esni extraction triggered by manipulated packets.	Toni Uhlig	2020-06-29
\| \|/ \| \| \| \| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>