vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-19 07:54:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3331 commits 9 branches 12 tags 266 MiB
Commit graph

73 commits

Author SHA1 Message Date
Vitaly Lavrov
ef9aea9ad4 Merge branch 'github.dev' into flow_info-3.2 2021-07-16 16:09:35 +03:00
Ivan Nardi
cccf794265
ndpiReader: add statistics about nDPI performance (#1240) 
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.

Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
 2021-07-13 12:28:39 +02:00
Vitaly Lavrov
640643d9db Merge branch 'github.dev' into flow_info-3.2 2021-05-28 14:54:01 +03:00
Luca
ae2470fad4 Initial work towards detection via TLS of browser types 2021-05-06 21:42:06 +02:00
Luca Deri
4a09707e48 Added flow risk to wireshark dissection 2021-04-26 10:17:29 +02:00
Vitaly Lavrov
433c627080 Merge branch 'github.dev' into flow_info-3.2 2021-04-08 15:00:33 +03:00
Ivan Nardi
a6029d250d
ndpiReader: print an error msg if we found an unsupported datalink type (#1157) 2021-03-23 11:47:29 +01:00
Vitaly Lavrov
db0be7f010 Merge branch 'github.dev' into flow_info-3.2 2021-03-03 15:23:58 +03:00
Luca Deri
e2f6569adb Fixed CPHA missing protocol initialization 
Improved IEC104 and IRC detection
 2021-02-10 15:22:20 +01:00
Ivan Nardi
a772e18977
Fix a warning (#1125) 
Introduced in 5f7b9d802

reader_util.c: In function ‘process_ndpi_collected_info’:
reader_util.c:1148:60: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 64 [-Wformat-truncation=]
 1148 |       sizeof(flow->ssh_tls.client_requested_server_name), "%s",
      |                                                            ^~
reader_util.c:1147:5: note: ‘snprintf’ output between 1 and 256 bytes into a destination of size 64
 1147 |     snprintf(flow->ssh_tls.client_requested_server_name,
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1148 |       sizeof(flow->ssh_tls.client_requested_server_name), "%s",
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1149 |       flow->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name);
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2021-02-03 11:56:37 +01:00
Luca Deri
d964c3e081 Code cleanup: third party uthash is at the right place 2021-01-20 19:11:36 +01:00
Vitaly Lavrov
b824db9cb6 Merge branch 'github.dev' into flow_info-3.2 2021-01-16 11:40:12 +03:00
Luca Deri
68b6ac7da8 (C) Update 2021-01-07 11:13:36 +01:00
Luca Deri
eb37f8f1fb Split HTTP request from response Content-Type. Request Content-Type should be present with POSTs and not with other methods such as GET 2021-01-06 18:28:24 +01:00
Vitaly Lavrov
55835187fb Merge branch 'github.dev' into flow_info-3.2 2020-12-16 20:46:17 +03:00
Toni
74a77e7b3d
Added --ignore-vlanid / -I to exclude VLAN ids for flow hash calculation. #1073 (#1085) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-12-11 21:01:51 +01:00
Vitaly Lavrov
33de93fe2a Merge branch 'github.dev' into flow_info-3.2 2020-10-27 11:14:01 +03:00
Luca Deri
948a906037 Added -D flag for detecting DoH in the wild 
Removed heuristic from CiscoVPN as it leads to false positives
 2020-10-26 21:40:59 +01:00
Vitaly Lavrov
b3fa670906 Merge branch 'github.dev' into flow_info-3.2 2020-08-21 19:44:06 +03:00
Adrian Zgorzałek
8f74d5733d OpenBSD: Introduce pkt_timeval to deal with (bpf_)_timeval 
Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI
APIs expect `struct timeval`. These two structs, besides having
a different name, share the exact same set of fields.
 2020-08-09 14:30:12 +01:00
Vitaly Lavrov
9f7844218c Merge branch 'github.dev' into flow_info-3.2 2020-07-13 13:12:16 +03:00
Toni Uhlig
20fed83e0f
Removed csv_fp as external symbol. Instead passing csv_fp through as argument. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-08 23:21:35 +02:00
Luca Deri
db707e0829
Merge pull request #932 from IvanNardi/log 
Log
 2020-07-07 14:43:32 +02:00
Nardi Ivan
c08693fda5 Incorporated some feedback 2020-07-01 20:16:16 +02:00
Vitaly Lavrov
edb6167e64 Merge branch 'github.dev' into flow_info-3.2 2020-06-30 20:18:54 +03:00
Nardi Ivan
b24f5c4c0a Fix memory leak about purged/expired flows 
Create an helper to avoid similar errors in the future
Fixes: 1a62f4c7
 2020-06-28 12:05:12 +02:00
Nardi Ivan
ece5d3e199 Fix (harmless) memory leaks when DPDK is enabled 2020-06-28 12:05:12 +02:00
Nardi Ivan
56d87186f7 Fix compilation with --enable-debug-messages flag 
NDPI_LOG* macros dereference ndpi_detection_module_struct object which is
private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use
them outside the library itself, i.e. in ndpiReader code
Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros
to a new very simple macro, private to ndpiReader program. If necessary,
such macro may be improved.

According to a comment in ndpi_define.h, each dissector must define its own
NDPI_CURRENT_PROTO macro before including ndpi_api.h file
 2020-06-26 12:04:02 +02:00
Vitaly Lavrov
17eaa3a67b Merge branch 'github.dev' into flow_info-3.2 
22.06.2020
 2020-06-22 13:36:12 +03:00
Vitaly Lavrov
9c4e378c7a Merge commit 'af2a44ae5f' into flow_info-3.2 2020-06-22 12:33:28 +03:00
Luca Deri
1a62f4c799 Added ndpi_bin_XXX API 
Added packet lenght distribution bins
 2020-06-22 01:02:54 +02:00
Luca Deri
801c9481cb Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants) 2020-06-06 11:29:03 +02:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Vitaly Lavrov
100c54bd37 Merge commit 'e5e69d0f7a' into flow_info-3.2 2020-05-15 19:47:12 +03:00
Vitaly Lavrov
30eaf851f4 Merge commit '4a09b4efa0' into flow_info-3.2 2020-05-15 19:32:47 +03:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Vitaly Lavrov
a412edf95d Merge branch 'github.dev' into flow_info-3.2 
Conflicts:
	example/ndpiReader.c
	example/reader_util.c
	src/lib/ndpi_content_match.c.inc
	src/lib/ndpi_main.c
	src/lib/protocols/rx.c
	src/lib/protocols/ssh.c
	src/lib/third_party/src/ahocorasick.c
 2020-04-27 21:58:02 +03:00
Nardi Ivan
e84563f971 ndpiReader: fix memory leak in idle sessions purging 2020-04-08 15:15:34 +02:00
Vitaly Lavrov
b7a7c579b9 Changing for testing netfilter module. 
The data output format has been slightly changed so that it can be
compared with the results of ndpi-netfilter.
 2020-03-31 15:09:51 +03:00
Luca Deri
fdf8dd724f Minor fix 2020-02-17 22:15:36 +01:00
Luca Deri
3be263aafc Added TLS ALPN support 2020-02-07 21:54:04 +01:00
Luca Deri
5571ce114d Added flow extra info field 
Updated tests/results
 2020-01-10 22:21:16 +01:00
Luca Deri
d1fb41a161 Minor cleanup 2020-01-05 18:42:36 +01:00
emanuele-f
798bb6e2e1 Fix leaks and sha1 certificate detection 2020-01-02 14:39:51 +01:00
Luca
8b01056b21 Renamed TLS requested server name 2020-01-02 07:37:03 +01:00
Luca
daae1cc9b1 Reworked TLS dissection 2020-01-01 12:59:19 +01:00
Luca Deri
558983c99c
Merge pull request #813 from SimoneRicci97/dev 
Fixed intrusion detection
 2019-12-09 00:01:09 +01:00
Simone Ricci
a65c959940 Fixed intrusion detection 2019-11-26 21:20:22 +01:00
Luca Deri
fc82cdfa4a Implemented telnet password export 2019-11-21 19:36:01 +01:00