From 53e1ee347563f9c585bada705a03d2985f8f0a94 Mon Sep 17 00:00:00 2001
From: Renan de Souza <renan.souza@setinet.com.br>
Date: Thu, 24 Oct 2019 14:43:10 -0300
Subject: Changed Breeds descriptions in ndpi_get_proto_breed_name: Dangerous
 to Potentially Dangerous, added Dangerous (SMBv1)

---
 src/lib/ndpi_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 8e3f704e4..8cd661243 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -5969,9 +5969,11 @@ char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_str,
     return("Unsafe");
     break;
   case NDPI_PROTOCOL_POTENTIALLY_DANGEROUS:
+    return("Potentially Dangerous");
+    break;
+  case NDPI_PROTOCOL_DANGEROUS:
     return("Dangerous");
     break;
-
   case NDPI_PROTOCOL_UNRATED:
   default:
     return("Unrated");
-- 
cgit v1.2.3


From 653c2092536466cf8d62bc73e73f12ecf97ed9fc Mon Sep 17 00:00:00 2001
From: Renan de Souza <renan.souza@setinet.com.br>
Date: Thu, 24 Oct 2019 14:50:54 -0300
Subject: Added 52.84.0.0/14 range as Amazon

---
 src/lib/ndpi_content_match.c.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 0eed29d26..ca8b757c5 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -488,6 +488,7 @@ static ndpi_network host_protocol_list[] = {
   { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON },
   { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON },
   { 0x34520000 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON },
+  { 0x34540000 /* 52.84.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON },
   { 0x34580000 /* 52.88.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON },
   { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON },
   { 0x345EE000 /* 52.94.224.0/19 */, 19, NDPI_PROTOCOL_AMAZON },
-- 
cgit v1.2.3


From d0623866565df25ebbb2a6af5094069932e8046c Mon Sep 17 00:00:00 2001
From: Renan de Souza <renan.souza@setinet.com.br>
Date: Tue, 29 Oct 2019 09:54:42 -0300
Subject: Added ^pastebin.com to host_match[]

---
 src/lib/ndpi_content_match.c.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 54ce263e6..233d310cf 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8777,6 +8777,7 @@ static ndpi_protocol_match host_match[] = {
   { "tupdate.com", NULL, "tupdate" TLD,                                "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
 
   { ".pastebin.com", NULL, "\\.pastebin" TLD,                          "Pastebin",         NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
+  { "pastebin.com", NULL, "^pastebin" TLD,                             "Pastebin",         NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
 
   { ".ppstream.com", NULL, "\\.ppstream" TLD,                          "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
   { ".pps.tv", NULL, "\\.pps\\.tv$",                                   "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-- 
cgit v1.2.3


From fbea243e563abe0799307afa939514af56e1bff0 Mon Sep 17 00:00:00 2001
From: Renan de Souza <renan.souza@setinet.com.br>
Date: Tue, 29 Oct 2019 11:48:23 -0300
Subject: Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ on
 host_match[]

---
 src/lib/ndpi_content_match.c.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 233d310cf..801dcac1f 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8798,6 +8798,9 @@ static ndpi_protocol_match host_match[] = {
   { "musical.ly", NULL, "musical\\.ly" TLD,                            "TikTok",           NDPI_PROTOCOL_TIKTOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
   { "muscdn.com", NULL, "muscndl\\.com" TLD,                           "TikTok",           NDPI_PROTOCOL_TIKTOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
 
+  { "brasilbandalarga.com.br", NULL, "brasilbandalarga\\.com" TLD,     "EAQ",              NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".eaqbr.com.br", NULL, "\\.eaqbr\\.com" TLD,                       "EAQ",              NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+
   { NULL, NULL, NULL, 0 }
 };
 
-- 
cgit v1.2.3


From 9f5e5b90e5f460a9038f5e7ec2d8672049f861c1 Mon Sep 17 00:00:00 2001
From: "Oleg A. Arkhangelsky" <sysoleg@yandex.ru>
Date: Tue, 29 Oct 2019 21:11:31 +0300
Subject: Don't leak memory in live capture mode

---
 example/ndpiReader.c  |  1 +
 example/reader_util.c | 10 ++++++++--
 example/reader_util.h |  1 +
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index a5481d342..5efa7bdc8 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1784,6 +1784,7 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth,
         undetected_flows_deleted = 1;
 
       ndpi_free_flow_info_half(flow);
+      ndpi_free_flow_data_analysis(flow);
       ndpi_thread_info[thread_id].workflow->stats.ndpi_flow_count--;
 
       /* adding to a queue (we can't delete it from the tree inline ) */
diff --git a/example/reader_util.c b/example/reader_util.c
index 6cb150d87..be150ecf8 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -457,6 +457,14 @@ void ndpi_flow_info_freer(void *node) {
 
   ndpi_free_flow_info_half(flow);
 
+  ndpi_free_flow_data_analysis(flow);
+
+  ndpi_free(flow);
+}
+
+/* ***************************************************** */
+
+void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow) {
   if(flow->iat_c_to_s) ndpi_free_data_analysis(flow->iat_c_to_s);
   if(flow->iat_s_to_c) ndpi_free_data_analysis(flow->iat_s_to_c);
 
@@ -464,8 +472,6 @@ void ndpi_flow_info_freer(void *node) {
   if(flow->pktlen_s_to_c) ndpi_free_data_analysis(flow->pktlen_s_to_c);
 
   if(flow->iat_flow) ndpi_free_data_analysis(flow->iat_flow);
-
-  ndpi_free(flow);
 }
 
 /* ***************************************************** */
diff --git a/example/reader_util.h b/example/reader_util.h
index 3374f993f..9165ee1e6 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -299,6 +299,7 @@ int ndpi_workflow_node_cmp(const void *a, const void *b);
 void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow);
 u_int32_t ethernet_crc32(const void* data, size_t n_bytes);
 void ndpi_flow_info_freer(void *node);
+void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow);
 const char* print_cipher_id(u_int32_t cipher);
 float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes);
 
-- 
cgit v1.2.3


From cfcbfe1e8fe3f98476ca464f36e7efd106637dc3 Mon Sep 17 00:00:00 2001
From: "Oleg A. Arkhangelsky" <sysoleg@yandex.ru>
Date: Tue, 29 Oct 2019 21:20:56 +0300
Subject: Align CSV header with actual row data

---
 example/ndpiReader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index a5481d342..f44781d39 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -602,7 +602,7 @@ void printCSVHeader() {
   /* Flow info */
   fprintf(csv_fp, "client_info,server_info,");
   fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,");
-  fprintf(csv_fp, "tls_server_info,ja3s,tls_server_unsafe,");
+  fprintf(csv_fp, "ja3s,tls_server_unsafe,");
   fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh");
   fprintf(csv_fp, "\n");
 }
-- 
cgit v1.2.3


From dfd962a8bc09286e426d728d65ae37bf2f122257 Mon Sep 17 00:00:00 2001
From: "Oleg A. Arkhangelsky" <sysoleg@yandex.ru>
Date: Tue, 29 Oct 2019 21:23:42 +0300
Subject: Change type

Use double type instead of float when printing time for CSV file.
Float type is too small for 64 bit int time so cast corrupts value.
---
 example/ndpiReader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index a5481d342..b8d914d08 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1011,7 +1011,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
   
   if(csv_fp != NULL) {
     float data_ratio = ndpi_data_ratio(flow->src2dst_bytes, flow->dst2src_bytes);
-    float f = (float)flow->first_seen, l = (float)flow->last_seen;
+    double f = (double)flow->first_seen, l = (double)flow->last_seen;
     
     /* PLEASE KEEP IN SYNC WITH printCSVHeader() */
 
-- 
cgit v1.2.3


From 9400a3b9ef1f784cd25b2f6b5f3ba1a9e83cca83 Mon Sep 17 00:00:00 2001
From: Renan de Souza <renan.souza@setinet.com.br>
Date: Tue, 29 Oct 2019 15:28:08 -0300
Subject: Added ranges 20.180.0.0/14, 20.184.0.0/13 to Skype

---
 src/lib/ndpi_content_match.c.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 10058f8c0..8f8472738 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -979,6 +979,8 @@ static ndpi_network host_protocol_list[] = {
   { 0x4237DF00 /* 65.55.223.0 */, 26, NDPI_PROTOCOL_SKYPE },
   { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE },
   { 0x34724A05 /* 52.114.74.5 */, 32, NDPI_PROTOCOL_SKYPE },
+  { 0x14B40000 /* 20.180.0.0 */, 14, NDPI_PROTOCOL_SKYPE },
+  { 0x14B80000 /* 20.184.0.0 */, 13, NDPI_PROTOCOL_SKYPE },
 
   /*
     Blizzard Entertainment, Inc
-- 
cgit v1.2.3


From 124545e1ed70e5c3e8a0e6d582f1f52c003b84a4 Mon Sep 17 00:00:00 2001
From: Renan de Souza <renan.souza@setinet.com.br>
Date: Tue, 29 Oct 2019 16:26:17 -0300
Subject: Added twitch.tv website

---
 src/lib/ndpi_content_match.c.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 8f8472738..628664a65 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8853,6 +8853,7 @@ static ndpi_protocol_match host_match[] = {
   { "ttvnw.net", NULL, "ttvnw" TLD,                                    "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN },
   { "static-cdn.jtvnw.net", NULL, "static-cdn\\.jtvnw" TLD,            "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN },
   { "www-cdn.jtvnw.net", NULL, "www-cdn\\.jtvnw" TLD,                  "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN },
+  { "twitch.tv", NULL, "twitch\\.tv$",                  "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN },
 
   { ".qq.com", NULL, "\\.qq" TLD,                                      "QQ",               NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
   { ".gtimg.com", NULL, "\\.gtimg" TLD,                                "QQ",               NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-- 
cgit v1.2.3