vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 16:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3195 commits 9 branches 12 tags 263 MiB
Commit graph

58 commits

Author SHA1 Message Date
Toni
6ad0d6666c
Implemented function to retrieve flow information. #1253 (#1254) 
* fixed [h]euristic typo

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-07-23 10:37:20 +02:00
Ivan Nardi
cccf794265
ndpiReader: add statistics about nDPI performance (#1240) 
The goal is to have a (roughly) idea about how many packets nDPI needs
to properly classify a flow.

Log this information (and guessed flows number too) during unit tests,
to keep track of improvements/regressions across commits.
 2021-07-13 12:28:39 +02:00
Luca
ae2470fad4 Initial work towards detection via TLS of browser types 2021-05-06 21:42:06 +02:00
Luca Deri
4a09707e48 Added flow risk to wireshark dissection 2021-04-26 10:17:29 +02:00
Ivan Nardi
a6029d250d
ndpiReader: print an error msg if we found an unsupported datalink type (#1157) 2021-03-23 11:47:29 +01:00
Luca Deri
e2f6569adb Fixed CPHA missing protocol initialization 
Improved IEC104 and IRC detection
 2021-02-10 15:22:20 +01:00
Ivan Nardi
a772e18977
Fix a warning (#1125) 
Introduced in 5f7b9d802

reader_util.c: In function ‘process_ndpi_collected_info’:
reader_util.c:1148:60: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 64 [-Wformat-truncation=]
 1148 |       sizeof(flow->ssh_tls.client_requested_server_name), "%s",
      |                                                            ^~
reader_util.c:1147:5: note: ‘snprintf’ output between 1 and 256 bytes into a destination of size 64
 1147 |     snprintf(flow->ssh_tls.client_requested_server_name,
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1148 |       sizeof(flow->ssh_tls.client_requested_server_name), "%s",
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1149 |       flow->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name);
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2021-02-03 11:56:37 +01:00
Luca Deri
d964c3e081 Code cleanup: third party uthash is at the right place 2021-01-20 19:11:36 +01:00
Luca Deri
68b6ac7da8 (C) Update 2021-01-07 11:13:36 +01:00
Luca Deri
eb37f8f1fb Split HTTP request from response Content-Type. Request Content-Type should be present with POSTs and not with other methods such as GET 2021-01-06 18:28:24 +01:00
Toni
74a77e7b3d
Added --ignore-vlanid / -I to exclude VLAN ids for flow hash calculation. #1073 (#1085) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-12-11 21:01:51 +01:00
Luca Deri
948a906037 Added -D flag for detecting DoH in the wild 
Removed heuristic from CiscoVPN as it leads to false positives
 2020-10-26 21:40:59 +01:00
Adrian Zgorzałek
8f74d5733d OpenBSD: Introduce pkt_timeval to deal with (bpf_)_timeval 
Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI
APIs expect `struct timeval`. These two structs, besides having
a different name, share the exact same set of fields.
 2020-08-09 14:30:12 +01:00
Toni Uhlig
20fed83e0f
Removed csv_fp as external symbol. Instead passing csv_fp through as argument. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-08 23:21:35 +02:00
Luca Deri
db707e0829
Merge pull request #932 from IvanNardi/log 
Log
 2020-07-07 14:43:32 +02:00
Nardi Ivan
c08693fda5 Incorporated some feedback 2020-07-01 20:16:16 +02:00
Nardi Ivan
b24f5c4c0a Fix memory leak about purged/expired flows 
Create an helper to avoid similar errors in the future
Fixes: 1a62f4c7
 2020-06-28 12:05:12 +02:00
Nardi Ivan
ece5d3e199 Fix (harmless) memory leaks when DPDK is enabled 2020-06-28 12:05:12 +02:00
Nardi Ivan
56d87186f7 Fix compilation with --enable-debug-messages flag 
NDPI_LOG* macros dereference ndpi_detection_module_struct object which is
private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use
them outside the library itself, i.e. in ndpiReader code
Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros
to a new very simple macro, private to ndpiReader program. If necessary,
such macro may be improved.

According to a comment in ndpi_define.h, each dissector must define its own
NDPI_CURRENT_PROTO macro before including ndpi_api.h file
 2020-06-26 12:04:02 +02:00
Luca Deri
1a62f4c799 Added ndpi_bin_XXX API 
Added packet lenght distribution bins
 2020-06-22 01:02:54 +02:00
Luca Deri
801c9481cb Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants) 2020-06-06 11:29:03 +02:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Nardi Ivan
e84563f971 ndpiReader: fix memory leak in idle sessions purging 2020-04-08 15:15:34 +02:00
Luca Deri
fdf8dd724f Minor fix 2020-02-17 22:15:36 +01:00
Luca Deri
3be263aafc Added TLS ALPN support 2020-02-07 21:54:04 +01:00
Luca Deri
5571ce114d Added flow extra info field 
Updated tests/results
 2020-01-10 22:21:16 +01:00
Luca Deri
d1fb41a161 Minor cleanup 2020-01-05 18:42:36 +01:00
emanuele-f
798bb6e2e1 Fix leaks and sha1 certificate detection 2020-01-02 14:39:51 +01:00
Luca
8b01056b21 Renamed TLS requested server name 2020-01-02 07:37:03 +01:00
Luca
daae1cc9b1 Reworked TLS dissection 2020-01-01 12:59:19 +01:00
Luca Deri
558983c99c
Merge pull request #813 from SimoneRicci97/dev 
Fixed intrusion detection
 2019-12-09 00:01:09 +01:00
Simone Ricci
a65c959940 Fixed intrusion detection 2019-11-26 21:20:22 +01:00
Luca Deri
fc82cdfa4a Implemented telnet password export 2019-11-21 19:36:01 +01:00
Luca Deri
a58c838c4c Added flow duration and goodput in output (-v and -c) 2019-11-21 13:31:56 +01:00
Luca
fb56b042c0 Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2019-11-05 12:15:27 +00:00
Luca
6298ecc271 Added tunnelling decapsulation 2019-11-05 08:21:31 +00:00
Luca Deri
9e42b525ec
Merge pull request #806 from oleg-umnik/fix_1 
Don't leak memory in live capture mode
 2019-11-03 17:13:49 +01:00
Luca
4802987178 Initial work towards HTTP content-type export 2019-10-31 00:14:20 +01:00
Luca
0e54f87b18 Added telnet dissector 
Improved data report
 2019-10-29 19:12:42 +01:00
Oleg A. Arkhangelsky
9f5e5b90e5 Don't leak memory in live capture mode 2019-10-29 21:11:31 +03:00
Luca Deri
4fd7e5734a Manual merge of pull #769 2019-10-02 23:01:29 +02:00
Luca Deri
e45237a93f Removed http:// from HTTP url 
Reported URL in ndpiReader
 2019-10-01 12:25:39 +02:00
Luca
0ed679e795 Improves IAT calculation 2019-09-24 16:37:42 +02:00
Luca Deri
00e639d513 TLS certificate hash is not reported 2019-09-14 15:00:52 +02:00
Luca Deri
086c511a11 Parsed TLS certificate validity 2019-09-10 00:34:48 +02:00
Luca
886d575157 Added -C to generate CSV analysis files 
Improved IAT and byte distribution
 2019-09-03 18:38:54 +02:00
Luca
9a6f6d9fe4 Implemented IAT (Inter Arrival Time) stats 2019-08-29 13:40:44 +02:00
Luca
e4e40e3c70 Added entropy, average, stddev, variance, bytes ratio calculation 2019-08-28 14:02:39 +02:00