| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
* fix API issue with a changed function signature
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53
* make finally use of the thread distribution seed
* Handle GRE/PPP subprotocol the right way
* Add `-t` command line / config option
* Removed duplicated and obsolete IP{4,6}_SIZE_SMALLER_THAN_HEADER which is the same as IP{4,6}_PACKET_TOO_SHORT
* Updated error event schema
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* incorporated upstream changes
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* set minimum nDPI version to 4.12.0 (incompatible API changes)
* fixed `ndpi_debug_printf()` function signature
* JSON schema (flow): added risk `56`: "Obfuscated Traffic"
* JSON schema (flow): added "domainame"
* fixed OpenWrt build
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* redirect `run_tests.sh` stderr to filename which prepends config name
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* support for adding *.ndpiconf for nDPI config tests
* all other configs should have the suffix *.conf
* fixed nDPI malloc/free wrapper set (was already too late set)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
flow events. Fixes #39.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* fixed `git format` hash length
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* fixed "unused function" warning in `roaring.h`
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* incorporated API changes from 41eef9246c6a3055e3876e3dd7aeaadecb4b76c0
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* incorporated API changes from nDPI
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
* a "detection-update" event was thrown even if nothing changed
* in some cases "not-detected" events were spammed if detection not completed
* tell `libnDPI` how many packets per flow we want to dissect
* `nDPId-test` validates total active flows in the right way
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* fix ndpi data anylsis struct min/max issue
* py-flow-info cosmetics in printing some information
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
after the first packet. Nonsense.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* Fixed risk hash value calculation, which was only done lower 32 bits.
* Reduced default reader threads count to two if cross compiling.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* fixes loading of gambling lists which increased nDPId's memory usage *a lot*
* nDPId: handle EINTR correctly
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* added build fix for Gitlab CI
* added friendly C11 check
* set required libnDPI versionto 4.7
(ArchLinux ndpi-git sets version to 4.7, which is not released yet)
* reduced sklearn-random-forest memory consumption by adjusting min. sample leaf
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* added custom nDPI logging callback
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* upstream changed regression test interface, needed to adapt
* improved libnDPI helper build script
* updated JSON schema
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
abused.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
* c-analysed: fixed quoting bug
* nDPId: fixed invalid iat storing/serialisation
* nDPId: free data analysis after event was sent
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* nDPIsrvd.h: iterate over JSON arrays
* nDPId: calculate l3 payload packet entropies for analysis
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Still not perfect, but the code before was not even able to deal with JSON arrays.
Use common "speaking" function names for all functions in nDPIsrvd.h
* Provide a more or less generic and easy extendable JSON walk function.
* Modified C examples to align with the changed C API.
* c-collectd: Reduced lot's of code duplication by providing mapping tables.
* nDPId: IAT array requires one slot less (first packet has always an IAT of 0).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* store packet directions
* merged direction based IATs
* merged direction based PKTLENs
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
|
|
for tests/CI) and --print-analyse-results.
* run_tests.sh: Use flow-info.py for additional DIFF tests.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|