| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | HTTP: fix entropy calculation (#2666) | Ivan Nardi | 2025-01-12 |
| | | | | | We calculate HTTP entropy according to "Content-type:" header, see `ndpi_validate_http_content()` on HTTP code | ||
| * | Add Vivox support (#2668) | Vladimir Gavrilov | 2025-01-11 |
| | | |||
| * | Make CI faster (#2662) | Ivan Nardi | 2025-01-11 |
| | | | | | | | | | | | | | | | | | | Right now the CI takes ~30 minutes; the goal is to have it ending in < 15 min. The basic trick is to run the longer jobs (no_x86_64 and masan) only with the recently updated pcaps. The same jobs will run again on schedule (every night) testing all the traces. This way the CI will be "green" (hopefully!) earlier while pushing new commit/PR; full tests are simply delayed. Details: when `NDPI_TEST_ONLY_RECENTLY_UPDATED_PCAPS` is set, `tests/do.sh` checks only the latest 10 pcaps (i.e. the more recent pcap added/updated) for *every* configuration. Notes that no_x86_64 and masan jobs run twice: when pushing/merging and on schedule (every night) | ||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | QUIC: remove extraction of user-agent (#2650) | Ivan Nardi | 2025-01-07 |
| | | | | | | In very old (G)QUIC versions by Google, the user agent was available on plain text. That is not true anymore, since about end of 2021. See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7 | ||
| * | Classifications "by-port"/"by-ip" should never change (#2656) | Ivan Nardi | 2025-01-06 |
| | | | | Add a new variable to keep track of internal partial classification | ||
| * | Add the ability to enable/disable every specific flow risks (#2653) | Ivan Nardi | 2025-01-06 |
| | | |||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | QUIC: extract "max idle timeout" parameter (#2649) | Ivan Nardi | 2025-01-06 |
| | | | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager | ||
| * | TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647) | Ivan Nardi | 2025-01-06 |
| | | | | | We should set it also for "obsolete"/"insecure" ciphers, not only for the "weak" ones. | ||
| * | TLS: remove ESNI support (#2648) | Ivan Nardi | 2025-01-06 |
| | | | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension. | ||
| * | Path of Exile 2 support (#2654) | Vladimir Gavrilov | 2025-01-06 |
| | | |||
| * | Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵ | Luca Deri | 2025-01-03 |
| | | | | | messages when used to browse (old) network devices | ||
| * | IPv6: fix bad ipv6 format (#1890) (#2651) | paolomonti | 2024-12-20 |
| | | | | | | | ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890 | ||
| * | Update all IPs lists (#2643) | Ivan Nardi | 2024-12-13 |
| | | |||
| * | STUN/RTP: improve metadata extraction (#2641) | Ivan Nardi | 2024-12-11 |
| | | |||
| * | STUN: fix monitoring (#2639) | Ivan Nardi | 2024-12-06 |
| | | |||
| * | signal: improve detection of chats and calls (#2637) | Ivan Nardi | 2024-12-04 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | Sync unit tests results | Toni Uhlig | 2024-11-27 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add a configuration file to ndpiReader (#2629) | Ivan Nardi | 2024-11-27 |
| | | | | | | | Example: ./example/ndpiReader --conf=./example/calls.conf -i ./tests/pcap/signal_videocall.pcapng -v2 Close #2608 | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-26 |
| | | |||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | Update `flow->flow_multimedia_types` to a bitmask (#2625) | Ivan Nardi | 2024-11-25 |
| | | | | In the same flow, we can have multiple multimedia types | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-25 |
| | | |||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-21 |
| | | |||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Results update | Luca Deri | 2024-11-16 |
| | | |||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Unify ndpi debug logging to always use a u16 protocol id (#2613) | Toni | 2024-11-11 |
| | | | | | | * fixes SonarCloud complaint Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | HTTP: fix leak and out-of-bound error on credential extraction (#2611) | Ivan Nardi | 2024-11-01 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Added reference to the new DGA model | Luca Deri | 2024-10-26 |
| | | |||
| * | Moved new DGA code | Luca Deri | 2024-10-26 |
| | | |||
| * | Not necessary | Luca Deri | 2024-10-26 |
| | | |||
| * | added dga ml tests file to EXTRA_DIST | YellowMan | 2024-10-26 |
| | | |||
| * | ml tests for dga detection | YellowMan | 2024-10-26 |
| | | |||
| * | Improved fingerprints | Luca Deri | 2024-10-21 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | ndpiReader: explicitly remove non ipv4/6 packets (#2601) | Ivan Nardi | 2024-10-19 |
| | | |||
| * | ndpiReader: add some statistics about monitoring (#2602) | Ivan Nardi | 2024-10-19 |
| | | |||