vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 16:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3155 commits 9 branches 12 tags 263 MiB
Commit graph

1922 commits

Author SHA1 Message Date
Ivan Nardi
d9278d55c3
Improve classification of Outlook/MicrosoftMail traffic (#1167) 
See #1148
 2021-04-18 21:37:26 +02:00
Luca Deri
9fcf98c067 GeoIP handlign fixes 2021-04-18 21:36:03 +02:00
Luca Deri
18c6c1c2d6 Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for remote assistance sessions 2021-04-12 18:11:14 +02:00
Luca Deri
bf318e0b86 Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION flow risk 2021-04-11 14:42:27 +02:00
Ivan Nardi
0bfe444362
GTP: fix parsing of GTP headers (#1161) 
Message length checks and basic headers are not uniform across GTP-U,
GTP-C and GTP-PRIME.

Note that, even if the length checks were wrong, the GTP sessions were almost
always correctly classified because of the "guessing" algorithm.

This patch has been tested with GTP-U, GTP-C-V1, GTP-C-V2 and GPT-PRIME-V2
traffic using ndpiReader with "-d" flag (to avoid "guessing" algorithm) and
without "-t" flag (to avoid GTP-U de-tunneling).

See #1148
 2021-04-05 19:23:03 +02:00
Luca Deri
28879c570e Reworked ndpi patricia includes to avoid compilation issues on some platforms 2021-03-31 19:43:55 +02:00
Ivan Nardi
1290c40968
Mining: lru cache is ipv4 only (for the time being) (#1159) 
Fix memory error with ipv6 traffic
 2021-03-31 14:13:07 +02:00
Luca Deri
48726301e1 Fixed mispelled word 2021-03-31 12:52:54 +02:00
Luca Deri
c1d6e3f145 Improved mining detection support 2021-03-30 17:50:19 +02:00
Luca Deri
637b2063ed Added missing tracker/Ads breed 2021-03-30 17:50:03 +02:00
Luca Deri
ffbce931b9 Ignore TLD .local .lan and .home in DGA domain check 2021-03-26 15:53:04 +01:00
Toni
b040407683
Refactored nDPI subprotocol handling and aimini protocol detection. (#1156) 
* Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Try to detect one subprotocol if a detected protocol can have one.

 * This adds a performance overhead due to much more protocol detection routine calls.
   See #1148 for more information.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactor subprotocol handling (1/2).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactor subprotocol handling (2/2).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactored aimini HTTP detection parts (somehow related to #1148).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Added aimini client/server test pcap.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto

 * Adjusted Python code to conform to the changes made during the refactoring process.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-03-23 11:46:12 +01:00
Luca Deri
0cae9bf4a4 Win compilation fix 2021-03-22 21:41:28 +01:00
Luca Deri
627299e4dd Better DGA detection (slightly decreased accuracy) 2021-03-20 17:56:24 +01:00
Luca Deri
6333bb1702 Removed duplicate extesions len 2021-03-19 22:35:08 +01:00
Luca Deri
d96f4ca736 Added ALPN and elliptic curve in JA3S+ 2021-03-19 22:33:04 +01:00
Luca Deri
fa238bbe42 Implemented JA3+ also for JA3S 2021-03-19 22:27:36 +01:00
Luca Deri
e2c3445a20 Reworked JA3 2021-03-19 22:20:52 +01:00
Luca Deri
61f7ec1696 JA3 debug improvements 2021-03-19 19:10:31 +01:00
Luca Deri
9eed0a60d3 Fixed support for custom DGA detection libraryr 2021-03-18 11:32:56 +01:00
Luca Deri
9419015711 Implemented square erro rollup to avoid overflow 2021-03-14 11:01:51 +01:00
Alfredo Cardigliano
efc5630378 Fix compilation warning 2021-03-12 09:25:00 +01:00
Luca
192fad4402 Added double exponential smoothing implementation 2021-03-11 09:39:52 +01:00
Luca Deri
6833ee2bbe Added single exponential smoothing API 
int ndpi_ses_init(struct ndpi_ses_struct *ses, double alpha, float significance);
int ndpi_ses_add_value(struct ndpi_ses_struct *ses, const u_int32_t _value, double *forecast, double *confidence_band);
 2021-03-11 00:04:33 +01:00
Luca Deri
5b7fe1360a Fixed JA3+ computation 2021-03-11 00:04:12 +01:00
Luca Deri
f6ad16d8f8 Added experiemntal JA3+ implementation that can be used with -z i ndpiReader 2021-03-09 23:38:29 +01:00
Ivan Nardi
8074bc8201
HTTP: fix memory access in ndpi_http_parse_subprotocol() (#1151) 2021-03-09 19:46:32 +01:00
Luca Deri
574fc4f09e Ookla detection improvement 2021-03-09 17:43:12 +01:00
Luca Deri
3032864ec9 Added Ookla detection over IPv6 2021-03-09 12:55:14 +01:00
Luca Deri
db716d0ab0 Ookla fixes 2021-03-09 11:42:23 +01:00
Luca Deri
477e4db650 Improved detection of Ookla speedtest and openspeedtest.com 2021-03-09 11:38:31 +01:00
Luca Deri
bb6423a79f Added the ability to define a custom DGA detection function by overwriting 
the value of the function pointer ndpi_dga_function curently set to NULL
(that means the nDPI internal DGA function will be used)
 2021-03-08 22:57:30 +01:00
Ivan Nardi
c3490e80a7
Fix some stack-use-after-return errors in automa code (#1150) 2021-03-08 21:14:01 +01:00
Ivan Nardi
c50a8d4808
Add support for Snapchat voip calls (#1147) 
* Add support for Snapchat voip calls

Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.

* Fix tests with libgcrypt disabled
 2021-03-06 05:48:36 +01:00
Alfredo Cardigliano
73e4348570 Add ndpi_serialize_binary_boolean for consistency. Fix comments. 2021-03-04 10:31:03 +01:00
Luca Deri
0f8a994841 Improved DGA detection 
Before
Accuracy 66%, Precision 86%, Recall 38%

After
Accuracy 71%, Precision 89%, Recall 49%
 2021-03-03 19:30:01 +01:00
Luca Deri
1a37595de0 Removed check for knowns protocols (major and app protocols) 2021-03-03 00:57:56 +01:00
Luca Deri
56bfb439f8 Improved DGA detection with trigrams. Disadvantage: slower startup time 
Reworked Tor dissector embedded in TLS (fixes #1141)
Removed false positive on HTTP User-Agent
 2021-03-03 00:41:07 +01:00
Ivan Nardi
4c00ff89df
DTLS: improve support (#1146) 
* DTLS: add some pcap tests

* DTLS: fix parsing of Client/Server Helllo message

* DTLS: add parsing of server certificates
 2021-03-02 21:15:40 +01:00
Ivan Nardi
c12a697f2d
TOR: update node list (#1144) 
https://panwdbl.appspot.com/lists/ettor.txt list is no more available

Close #1141
 2021-03-02 21:14:36 +01:00
Luca Deri
2d558afb54 Added HW checks 2021-03-01 19:59:14 +01:00
Luca Deri
2724a14bf7 Added further HW checks 2021-03-01 19:34:20 +01:00
Luca Deri
4bff595733 Holt-Winters calculation improvement 2021-02-27 11:32:51 +01:00
Toni
16890a6632
Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) 
* An external file which contains known malicious SSL certificate SHA-1 hashes
   can be loaded via ndpi_load_malicious_sha1_file(...)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-02-26 17:00:05 +01:00
Luca Deri
fba61adf5e Improved DNS dissector 2021-02-26 00:42:15 +01:00
pengtian
28330edb7a
[Fix] replace free to ndpi_free (#1140) 
same as https://github.com/ntop/nDPI/issues/1096
 2021-02-25 08:46:55 +01:00
Toni
70c35addcb
Added protocol breed to JSON serializer. (#1137) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-02-25 08:46:38 +01:00
Alfredo Cardigliano
d898fddea0 Fix ndpi_fill_prefix_v6 2021-02-24 14:43:12 +00:00
Luca Deri
545f270132 Windows code cleanup 2021-02-24 11:04:04 +01:00
Luca Deri
4bd175b07e Modified JA3 fingerprint message 2021-02-24 10:42:26 +01:00