aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
* DTLS: fix exclusion of DTLS protocolNardi Ivan2022-07-20
| | | | Add an helper to exclude a generic protocol
* SKYPE: fix detection over UDPNardi Ivan2022-07-20
| | | | | | | | | Commit ba6a48c9 is completely bogus: we can't set extra dissection without having set a proper classification. The idea behind that commit seems to be that we need to look for 2 (consecutives?) packets with the same crc/pattern: try to implement this logic in a saner way.
* SKYPE: remove detection over TCPNardi Ivan2022-07-20
| | | | | | Skype detection over TCP has been completely disable since 659f75138 (3 years ago!). Since that logic was too weak anyway, remove it.
* reader_util: stop processing a flow (#1666)Ivan Nardi2022-07-20
| | | | We should stop processing a flow if all protocols have been excluded or if we have already processed too many packets.
* BITTORRENT: fix confidence (#1664)Ivan Nardi2022-07-20
| | | Remove two unused parameters.
* Do not interfere with CFLAGS/LDFLAGS env anymore. (#1659)Toni2022-07-13
| | | | | | | * CI fixes * some build systems do not like that (e.g. OpenWrt) * fixed some rrdtool related build warnings/errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved Jabber/XMPP detection. (#1661)Toni2022-07-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Keep track of how many dissectors calls we made for each flow (#1657)Ivan Nardi2022-07-11
|
* HTTP: improve detection of WindowsUpdate (#1658)Ivan Nardi2022-07-10
| | | | WindowsUpdate is also transported over HTTP, using a numeric IP as hostname (some kinds of CDN?)
* SIP: improve detection (#1654)Ivan Nardi2022-07-09
|
* Enhances gprof usage. (#1651)Toni2022-07-08
| | | | | * gprof results were incorrectly displayed Signed-off-by: lns <matzeton@googlemail.com>
* SMB: add (partial) support for messages split into multiple TCP segments (#1644)Ivan Nardi2022-07-07
|
* Avoid spurious calls to extra dissection (#1648)Ivan Nardi2022-07-07
| | | | If the extra callabck is not set, calling the extra dissection is only a waste of resources...
* Kerberos: add support for Krb-Error messages (#1647)Ivan Nardi2022-07-07
|
* MONGODB: avoid false positivesNardi Ivan2022-07-07
|
* TLS: ignore invalid Content Type valuesNardi Ivan2022-07-07
|
* Added Threema Messenger. (#1643)Toni2022-07-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added another RiotGames signature.Toni Uhlig2022-07-06
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639)Toni2022-07-06
| | | | | | | | | | | | | | | | | * Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Revert "SMTP with STARTTLS is now identified as SMTPS" This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482. * Revert "Compilation fix" This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5. * Sync unit tests. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk (#1636)Ivan Nardi2022-07-05
|
* SMTP with STARTTLS is now identified as SMTPSLuca Deri2022-07-05
|
* Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes ↵Toni2022-07-05
| | | | | | | #1630. (#1637) * FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Run regression tests from different locations at the same time w/o side ↵Toni2022-07-05
| | | | | effects on the results. (#1638) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Exported username in flow informationLuca Deri2022-07-04
|
* Updated JA3/SSL fingerprints.Toni Uhlig2022-07-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added UltraSurf protocol dissector. (#1618)Toni2022-07-04
| | | | | * TLSv1.3 UltraSurf flows are not detected by now Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add two new confidence values: confidence by partial DPI (#1632)Ivan Nardi2022-07-04
| | | | Used for all classifications based on partial/incomplete DPI information, i.e. all classifications done in `ndpi_detection_giveup()`.
* Update host content list match (#1633)Ivan Nardi2022-07-04
| | | | Improve classifications of Outlook, Cachefly, Cloudflare, Tiktok and Cybersecurity.
* Sync Psiphon unit test. (#1634)Toni2022-07-04
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added Psiphon detection patterns. See #566 and #1099. (#1631)Toni2022-07-04
| | | | | * The traces are not up to date, but this is the best we got so far. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added i3D and RiotGames protocol dissectors. (#1609)Toni2022-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TargusDataspeed: avoid false positives (#1628)Ivan Nardi2022-07-03
| | | | | TargusDataspeed dissector doesn't perform any real DPI checks but it only looks at the TCP/UDP ports. Delete it, and use standard logic to classify these flows by port.
* Skinny: rework and improve classification (#1625)Ivan Nardi2022-07-03
|
* Skype_Teams, Mining, SnapchatCall: fix flow category (#1624)Ivan Nardi2022-07-03
|
* Fix category for mail sessions (#1621)Ivan Nardi2022-07-03
| | | Close #629
* TLS: add support for old DTLS versions and for detection of mid-sessions (#1619)Ivan Nardi2022-07-03
|
* Generate profiling results as PNG.Toni Uhlig2022-07-03
| | | | | | * use -ltcmalloc_and_profiler and try to get rid of LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libprofiler.so Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* gprof test/CI integrationlns2022-07-03
| | | | | Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved TFTP. Dissect Read/Write Request filenames. (#1617)Toni2022-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix byte-order issue during ndpiReader tcp/udp src/dst port serialization. ↵Toni2022-07-03
| | | | | | | | Fixes #1608. (#1614) * fixed possible memory leak caused by an invalid call to `node_proto_guess_walker()` during serialization * execute serialization code while running regression tests Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added Cloudflare WARP detection patterns. (#1615) (#1616)Toni2022-07-02
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed SMTP default port 587Luca Deri2022-07-02
|
* Added TunnelBear VPN detection patterns. (#1615)Toni2022-07-01
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* sync unit tests (#1612)Toni2022-06-30
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix after the protocol name updateLuca Deri2022-06-28
|
* Enhanced TLS risk info reported to usersLuca Deri2022-06-28
|
* Fix compilation and sync unit tests results (#1606)Ivan Nardi2022-06-20
|
* Added unidirectional traffic flow riskLuca Deri2022-06-20
|
* Improved SOAP via HTTP. (#1605)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved GenshinImpact protocol dissector. (#1604)Toni2022-06-18
| | | Signed-off-by: lns <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.