vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 16:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3155 commits 9 branches 12 tags 263 MiB
Commit graph

1922 commits

Author SHA1 Message Date
Alfredo Cardigliano
566d5db402 Add more utility functions to work with patricia trees 2021-02-23 11:53:15 +01:00
Alfredo Cardigliano
888ddfcd17 Update ndpi_patricia_walk_inorder API 2021-02-23 10:23:52 +01:00
Alfredo Cardigliano
f8e83f7e35 Add support for MAC to Patricia tree. Expose full API to applications. Add utility functions. 2021-02-23 10:01:56 +01:00
Luca Deri
f1b22b199f Added NDPI_MALICIOUS_JA3 flow risk 
Added ndpi_load_malicious_ja3_file() API call
 2021-02-22 23:19:23 +01:00
Luca Deri
fc3db8f169 Implemented TLS Certificate Sibject matching 
Improved AnyDesk detection
 2021-02-22 22:37:33 +01:00
Luca Deri
5ad056e99b Removed unused NDPI_RISKY_COUNTRY 2021-02-21 21:45:46 +01:00
Luca Deri
fc16c9368e Added risky domain flow-risk support 2021-02-21 21:45:46 +01:00
Luca Deri
09559611cc Fixes #1136 2021-02-19 15:15:02 +01:00
Luca Deri
dee24f7acf Removed old unused code 2021-02-19 15:12:03 +01:00
Alfredo Cardigliano
e9350d8fc7 Fix leak 2021-02-19 09:27:24 +01:00
Luca Deri
92e8d95f38 Added ndpi_get_geoip() APi call 2021-02-18 23:15:27 +01:00
Luca Deri
393a844c9a GeoIP support 2021-02-18 22:40:57 +01:00
Luca Deri
bce54079d8 Initial geoip support 2021-02-18 22:35:25 +01:00
Luca Deri
a2c5adc374 Improved nDPI string matching algorithm 2021-02-18 21:47:09 +01:00
Luca Deri
fb4cdecb68 Fixes due to the fragment mananegr code 2021-02-18 13:31:02 +01:00
Luca Deri
4609e2084b Added new risks (future use) 
-  NDPI_RISKY_ASN
-  NDPI_RISKY_DOMAIN
-  NDPI_RISKY_COUNTRY
 2021-02-16 18:23:19 +01:00
Alfredo Cardigliano
177f1785da Fix warning 2021-02-12 09:11:14 +01:00
Luca Deri
813df77d07 Performance optimization to avoid un-necessary calls and thus increase the overall performance 2021-02-11 17:54:55 +01:00
Luca Deri
d99d636696 Some optimizations during flow guess 2021-02-10 19:51:26 +01:00
Luca Deri
fffff3760b Code refactory 2021-02-10 19:28:35 +01:00
Luca Deri
ea0309d21b Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now 2021-02-10 19:09:11 +01:00
Luca Deri
76ac551ed3 Improved FTP_CONTROL detection 2021-02-10 17:55:07 +01:00
Luca Deri
79102ef4f2 Added check for avoiding long dissections 2021-02-10 17:36:09 +01:00
Ivan Nardi
421609475e
Fix small memory leak (#1133) 
Now function definition matches the prototype in ndpi_api.h.in
 2021-02-10 15:24:34 +01:00
Toni
1e12c90c66
Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132) 
* Fixed memory leaks caused by conditional free'ing for some TLS connections.

 * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.

 * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
   That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-02-10 15:24:11 +01:00
Luca Deri
c408df1b0e STUN improvements 2021-02-10 15:22:20 +01:00
Luca Deri
e2f6569adb Fixed CPHA missing protocol initialization 
Improved IEC104 and IRC detection
 2021-02-10 15:22:20 +01:00
Luca Deri
0de3d4c37a Dissection inprovements 2021-02-09 21:48:46 +01:00
Luca Deri
512f73f381 Added checks for giving up faster on IRC and SMTP 2021-02-09 21:27:09 +01:00
Luca Deri
1331e0aec9 Extended the API to calculate jitter 
- ndpi_jitter_init()
- ndpi_jitter_free()
- ndpi_jitter_add_value()
 2021-02-09 15:56:03 +01:00
Luca Deri
b960809d3e Minor code improvements 2021-02-09 12:55:11 +01:00
Luca Deri
4abaf3e279 Removed debug statement 2021-02-09 10:05:29 +01:00
Luca Deri
732579b72b Added timeseries forecasting support implementing Holt-Winters with confidence interval 
New API calls added
- ndpi_hw_init()
- ndpi_hw_add_value()
- ndpi_hw_free()
 2021-02-08 19:10:25 +01:00
Luca Deri
d9da752aa8 Updated skype addresses 2021-02-07 19:05:56 +01:00
Luca Deri
3ecda45bc4 IP address matching update 2021-02-07 17:42:31 +01:00
Luca Deri
45e9c3c438 Partial fix for #1129 2021-02-05 22:22:33 +01:00
Alfredo Cardigliano
95a6a2072b Code cleanup and safety checks in the fragment manager (#1129) 2021-02-05 17:16:11 +01:00
Luca Deri
8dd7716ae5 Implemented more efficient and memory savvy RSI 2021-02-05 12:38:41 +01:00
Luca Deri
60b58dbd67 RSI enhancements 2021-02-05 10:59:09 +01:00
Luca Deri
1eedf734be Implemented API for computing RSI (Relative Strenght Index) 
void  ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values);
void  ndpi_free_rsi(struct ndpi_rsi_struct *s);
float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value);
 2021-02-04 23:52:33 +01:00
Luca Deri
54636a3213 Improved (partial) TLS dissection 2021-02-04 22:06:18 +01:00
Ivan Nardi
2a65321884
Fix some memory leakes in reassembler code (#1127) 2021-02-04 19:29:27 +01:00
Luca Deri
c68c8c79c9 Added missing check 2021-02-04 18:17:45 +01:00
Luca Deri
6c366d73e2 Fixed leak with DTLS 2021-02-03 23:36:11 +01:00
Ivan Nardi
8c0ea694f8
HTTP: fix user-agent parsing (#1124) 
User-agent information is used to try to detect the user OS; since the
UA is extracted for QUIC traffic too, the "detected_os" field must be
generic and not associated to HTTP flows only.

Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with
random data.

Strangely enough, the "detected_os" field is never used: it is never
logged, or printed, or exported...
 2021-02-03 11:54:11 +01:00
Ivan Nardi
8cee718e8b
HTTP: fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1123) 2021-02-03 11:53:41 +01:00
Luca Deri
6e87daab69 Cosmetic fixes 2021-02-03 11:52:32 +01:00
Luca Deri
1f3ade5923 Increased number of extra packets that is necessary since the frgament mananger introduction 2021-02-03 11:51:55 +01:00
Luca Deri
01f4a57118 Fixes an issue with https://github.com/ntop/nDPI/pull/1122 that misprocsssed packets belonging to flows whose initial part (e.g. the 3WH) was not observed by nDPI (e.g. capture started in the middle of the flow) 2021-02-03 11:47:21 +01:00
Roberto AGOSTINO
b70ad0e2f1
fragments management added (#1122) 
Management of tcp segments managements.

Co-authored-by: ragostino <ragostino73@gmail.com>
Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
 2021-02-03 10:28:51 +01:00