Nardi Ivan
d66aa49787
DTLS: fix exclusion of DTLS protocol
...
Add an helper to exclude a generic protocol
2022-07-20 19:16:18 +02:00
Nardi Ivan
e1edb08f06
SKYPE: fix detection over UDP
...
Commit ba6a48c9
2022-07-20 16:13:55 +02:00
Nardi Ivan
5702c6fb08
SKYPE: remove detection over TCP
...
Skype detection over TCP has been completely disable since 659f75138
2022-07-20 16:13:55 +02:00
Ivan Nardi
c72660d7d3
reader_util: stop processing a flow ( #1666 )
...
We should stop processing a flow if all protocols have been excluded or
if we have already processed too many packets.
2022-07-20 14:48:09 +02:00
Ivan Nardi
b472a49271
BITTORRENT: fix confidence ( #1664 )
...
Remove two unused parameters.
2022-07-20 13:59:51 +02:00
Toni
7c19de4904
Do not interfere with CFLAGS/LDFLAGS env anymore. ( #1659 )
...
* CI fixes
* some build systems do not like that (e.g. OpenWrt)
* fixed some rrdtool related build warnings/errors
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-13 19:44:18 +02:00
Toni
ae2bedce3a
Improved Jabber/XMPP detection. ( #1661 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-13 17:55:33 +02:00
Ivan Nardi
b4cb14ec19
Keep track of how many dissectors calls we made for each flow ( #1657 )
2022-07-11 09:47:47 +02:00
Ivan Nardi
df599e5eff
HTTP: improve detection of WindowsUpdate ( #1658 )
...
WindowsUpdate is also transported over HTTP, using a numeric IP as
hostname (some kinds of CDN?)
2022-07-10 17:08:37 +02:00
Ivan Nardi
997dce0f04
SIP: improve detection ( #1654 )
2022-07-09 05:45:42 +02:00
Toni
9b95876973
Enhances gprof usage. ( #1651 )
...
* gprof results were incorrectly displayed
Signed-off-by: lns <matzeton@googlemail.com>
2022-07-08 12:05:55 +02:00
Ivan Nardi
f8076e3a58
SMB: add (partial) support for messages split into multiple TCP segments ( #1644 )
2022-07-07 19:24:31 +02:00
Ivan Nardi
ff4e010501
Avoid spurious calls to extra dissection ( #1648 )
...
If the extra callabck is not set, calling the extra dissection is only a
waste of resources...
2022-07-07 17:49:35 +02:00
Ivan Nardi
feaa1df1ed
Kerberos: add support for Krb-Error messages ( #1647 )
2022-07-07 16:45:49 +02:00
Nardi Ivan
2636c07571
MONGODB: avoid false positives
2022-07-07 15:36:05 +02:00
Nardi Ivan
a31e79fc3c
TLS: ignore invalid Content Type values
2022-07-07 15:36:05 +02:00
Toni
15042870f9
Added Threema Messenger. ( #1643 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-06 19:30:10 +02:00
Toni Uhlig
a1c3d05a74
Added another RiotGames signature.
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-06 14:37:26 +02:00
Toni
175f863665
Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. ( #1639 )
...
* Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Revert "SMTP with STARTTLS is now identified as SMTPS"
This reverts commit 52d987b603c019946f60
2022-07-06 12:40:25 +02:00
Ivan Nardi
7645909460
Fix handling of NDPI_UNIDIRECTIONAL_TRAFFIC risk ( #1636 )
2022-07-05 17:01:00 +02:00
Luca Deri
52d987b603
SMTP with STARTTLS is now identified as SMTPS
2022-07-05 17:00:21 +02:00
Toni
f4a1739f9c
Detect SMTPs w/ STARTTLS as TLS and dissect client/server hello. Fixes #1630 . ( #1637 )
...
* FTP needs to get updated as well as it has similiar STARTTLS semantics -> follow-up
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-05 16:35:23 +02:00
Toni
388dfb8e13
Run regression tests from different locations at the same time w/o side effects on the results. ( #1638 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-05 15:08:59 +02:00
Luca Deri
7fa8d882d8
Exported username in flow information
2022-07-04 22:52:54 +02:00
Toni Uhlig
b3ab66020f
Updated JA3/SSL fingerprints.
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-04 16:05:22 +02:00
Toni
4ff8aa48b2
Added UltraSurf protocol dissector. ( #1618 )
...
* TLSv1.3 UltraSurf flows are not detected by now
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-04 16:04:53 +02:00
Ivan Nardi
5aa3d9126f
Add two new confidence values: confidence by partial DPI ( #1632 )
...
Used for all classifications based on partial/incomplete DPI
information, i.e. all classifications done in `ndpi_detection_giveup()`.
2022-07-04 13:56:51 +02:00
Ivan Nardi
4445989588
Update host content list match ( #1633 )
...
Improve classifications of Outlook, Cachefly, Cloudflare, Tiktok and
Cybersecurity.
2022-07-04 13:21:11 +02:00
Toni
a1de0285eb
Sync Psiphon unit test. ( #1634 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-04 13:20:44 +02:00
Toni
75f7da5c26
Added Psiphon detection patterns. See #566 and #1099 . ( #1631 )
...
* The traces are not up to date, but this is the best we got so far.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-04 10:34:54 +02:00
Toni
a74fc089c4
Added i3D and RiotGames protocol dissectors. ( #1609 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-03 20:43:30 +02:00
Ivan Nardi
faaff58620
TargusDataspeed: avoid false positives ( #1628 )
...
TargusDataspeed dissector doesn't perform any real DPI checks but it only
looks at the TCP/UDP ports.
Delete it, and use standard logic to classify these flows by port.
2022-07-03 20:28:58 +02:00
Ivan Nardi
422d002542
Skinny: rework and improve classification ( #1625 )
2022-07-03 19:25:00 +02:00
Ivan Nardi
eed47acfc8
Skype_Teams, Mining, SnapchatCall: fix flow category ( #1624 )
2022-07-03 18:51:16 +02:00
Ivan Nardi
fdb1649a49
Fix category for mail sessions ( #1621 )
...
Close #629
2022-07-03 17:47:58 +02:00
Ivan Nardi
5fe6087686
TLS: add support for old DTLS versions and for detection of mid-sessions ( #1619 )
2022-07-03 17:44:17 +02:00
Toni Uhlig
69ccb39741
Generate profiling results as PNG.
...
* use -ltcmalloc_and_profiler and try to get rid of LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libprofiler.so
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-03 17:38:43 +02:00
lns
f2d1edbedf
gprof test/CI integration
...
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-03 17:38:43 +02:00
Toni
1a01e8dc68
Improved TFTP. Dissect Read/Write Request filenames. ( #1617 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-03 14:37:05 +02:00
Toni
59b00b00a7
Fix byte-order issue during ndpiReader tcp/udp src/dst port serialization. Fixes #1608 . ( #1614 )
...
* fixed possible memory leak caused by an invalid call to `node_proto_guess_walker()` during serialization
* execute serialization code while running regression tests
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-03 11:16:52 +02:00
Toni
7c5c811eb0
Added Cloudflare WARP detection patterns. ( #1615 ) ( #1616 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-02 14:57:56 +02:00
Luca Deri
008a1790e4
Fixed SMTP default port 587
2022-07-02 11:49:22 +02:00
Toni
bb72aa4767
Added TunnelBear VPN detection patterns. ( #1615 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-07-01 13:19:17 +02:00
Toni
c96f4512fa
sync unit tests ( #1612 )
...
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-06-30 09:37:30 +02:00
Luca Deri
5f1caeb54e
Fix after the protocol name update
2022-06-28 17:26:11 +02:00
Luca Deri
227ab5c105
Enhanced TLS risk info reported to users
2022-06-28 00:01:00 +02:00
Ivan Nardi
b2b61011ae
Fix compilation and sync unit tests results ( #1606 )
2022-06-20 14:27:13 +02:00
Luca Deri
ab09b8ce2e
Added unidirectional traffic flow risk
2022-06-20 00:22:13 +02:00
Toni
c287eb835b
Improved SOAP via HTTP. ( #1605 )
...
Signed-off-by: lns <matzeton@googlemail.com>
2022-06-18 17:19:16 +02:00
Toni
6cd8f8cc6d
Improved GenshinImpact protocol dissector. ( #1604 )
...
Signed-off-by: lns <matzeton@googlemail.com>
2022-06-18 15:11:59 +02:00
