From ad117bfaabd3bc75dc70d0ddbc4ba18c86c40dbd Mon Sep 17 00:00:00 2001
From: Luca Deri <lucaderi@users.noreply.github.com>
Date: Thu, 18 Apr 2024 23:21:40 +0200
Subject: Domain Classification Improvements  (#2396)

* Added
size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize);
size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize);

used to compress short strings such as domain names. This code is based on
https://github.com/Ed-von-Schleck/shoco

* Major code rewrite for ndpi_hash and ndpi_domain_classify

* Improvements to make sure custom categories are loaded and enabled

* Fixed string encoding

* Extended SalesForce/Cloudflare domains list
---
 tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/cfgs/enable_doh_heuristic')

diff --git a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out
index cadb0b147..35e437321 100644
--- a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out
+++ b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out
@@ -30,7 +30,7 @@ JA3 Host Stats:
 	1	 192.168.1.253            	 1      
 
 
-	1	TCP 192.168.1.253:35996 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 24][cat: Web/5][61 pkts/5381 bytes <-> 59 pkts/9211 bytes][Goodput ratio: 35/63][122.79 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.262 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1965/1934 15360/15360 4993/4853][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 88/156 315/1514 41/267][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][TLSv1.3][JA3C: 7c1e207beb00684bbbe144f1b0abe1d5][JA4: t13d1909h2_9dc949149365_97f8aa674fd9][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 24,32,24,0,1,7,3,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.253:35996 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 24][cat: Web/5][61 pkts/5381 bytes <-> 59 pkts/9211 bytes][Goodput ratio: 35/63][122.79 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.262 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1965/1934 15360/15360 4993/4853][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 88/156 315/1514 41/267][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][Risk Info: SNI should always be present / h2][TLSv1.3][JA3C: 7c1e207beb00684bbbe144f1b0abe1d5][JA4: t13d1909h2_9dc949149365_97f8aa674fd9][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 24,32,24,0,1,7,3,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 
 	Bin clusters
 	------------
-- 
cgit v1.2.3