vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 07:29:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

1122 commits

Author SHA1 Message Date
Luca
192fad4402 Added double exponential smoothing implementation 2021-03-11 09:39:52 +01:00
Luca Deri
6833ee2bbe Added single exponential smoothing API 
int ndpi_ses_init(struct ndpi_ses_struct *ses, double alpha, float significance);
int ndpi_ses_add_value(struct ndpi_ses_struct *ses, const u_int32_t _value, double *forecast, double *confidence_band);
 2021-03-11 00:04:33 +01:00
Luca Deri
f6ad16d8f8 Added experiemntal JA3+ implementation that can be used with -z i ndpiReader 2021-03-09 23:38:29 +01:00
Ivan Nardi
c50a8d4808
Add support for Snapchat voip calls (#1147) 
* Add support for Snapchat voip calls

Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.

* Fix tests with libgcrypt disabled
 2021-03-06 05:48:36 +01:00
Luca Deri
0f8a994841 Improved DGA detection 
Before
Accuracy 66%, Precision 86%, Recall 38%

After
Accuracy 71%, Precision 89%, Recall 49%
 2021-03-03 19:30:01 +01:00
Luca Deri
56bfb439f8 Improved DGA detection with trigrams. Disadvantage: slower startup time 
Reworked Tor dissector embedded in TLS (fixes #1141)
Removed false positive on HTTP User-Agent
 2021-03-03 00:41:07 +01:00
Luca Deri
4bff595733 Holt-Winters calculation improvement 2021-02-27 11:32:51 +01:00
Toni
16890a6632
Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) 
* An external file which contains known malicious SSL certificate SHA-1 hashes
   can be loaded via ndpi_load_malicious_sha1_file(...)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-02-26 17:00:05 +01:00
Luca Deri
f1b22b199f Added NDPI_MALICIOUS_JA3 flow risk 
Added ndpi_load_malicious_ja3_file() API call
 2021-02-22 23:19:23 +01:00
Luca Deri
fc3db8f169 Implemented TLS Certificate Sibject matching 
Improved AnyDesk detection
 2021-02-22 22:37:33 +01:00
Luca Deri
fc16c9368e Added risky domain flow-risk support 2021-02-21 21:45:46 +01:00
Ivan Nardi
421609475e
Fix small memory leak (#1133) 
Now function definition matches the prototype in ndpi_api.h.in
 2021-02-10 15:24:34 +01:00
Toni
1e12c90c66
Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132) 
* Fixed memory leaks caused by conditional free'ing for some TLS connections.

 * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Prevent reader_util.c from exit()'ing if maximum flow count reached.
This confuses the fuzzer.

 * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS.
   That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2021-02-10 15:24:11 +01:00
Luca Deri
e2f6569adb Fixed CPHA missing protocol initialization 
Improved IEC104 and IRC detection
 2021-02-10 15:22:20 +01:00
Luca Deri
1331e0aec9 Extended the API to calculate jitter 
- ndpi_jitter_init()
- ndpi_jitter_free()
- ndpi_jitter_add_value()
 2021-02-09 15:56:03 +01:00
Luca Deri
4abaf3e279 Removed debug statement 2021-02-09 10:05:29 +01:00
Luca Deri
732579b72b Added timeseries forecasting support implementing Holt-Winters with confidence interval 
New API calls added
- ndpi_hw_init()
- ndpi_hw_add_value()
- ndpi_hw_free()
 2021-02-08 19:10:25 +01:00
Luca Deri
8dd7716ae5 Implemented more efficient and memory savvy RSI 2021-02-05 12:38:41 +01:00
Luca Deri
60b58dbd67 RSI enhancements 2021-02-05 10:59:09 +01:00
Luca Deri
1eedf734be Implemented API for computing RSI (Relative Strenght Index) 
void  ndpi_init_rsi(struct ndpi_rsi_struct *s, u_int16_t num_learning_values);
void  ndpi_free_rsi(struct ndpi_rsi_struct *s);
float ndpi_rsi_add_value(struct ndpi_rsi_struct *s, const u_int32_t value);
 2021-02-04 23:52:33 +01:00
Ivan Nardi
a772e18977
Fix a warning (#1125) 
Introduced in 5f7b9d802

reader_util.c: In function ‘process_ndpi_collected_info’:
reader_util.c:1148:60: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 64 [-Wformat-truncation=]
 1148 |       sizeof(flow->ssh_tls.client_requested_server_name), "%s",
      |                                                            ^~
reader_util.c:1147:5: note: ‘snprintf’ output between 1 and 256 bytes into a destination of size 64
 1147 |     snprintf(flow->ssh_tls.client_requested_server_name,
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1148 |       sizeof(flow->ssh_tls.client_requested_server_name), "%s",
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1149 |       flow->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name);
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2021-02-03 11:56:37 +01:00
Luca Deri
4b181be58e Improved debug message 2021-02-03 11:49:14 +01:00
Luca Deri
288ccd6215 Fixes due to datatype rename 2021-01-22 09:17:34 +01:00
Luca Deri
a31bd5ac3c Cleaned up tls/quic datatypes 2021-01-21 19:17:33 +01:00
Luca Deri
15295ef4c5 Reworked TLS fingerprint calcolation 
Modified TLS memory free
 2021-01-21 19:06:05 +01:00
morefigs
53415c8855
Added missing comma (#1116) 
I presume there is a comma missing in this comma separated list.
 2021-01-21 08:58:42 +01:00
Luca Deri
3e5e9569ff Added simple hash implementation to the nDPI API 2021-01-20 21:30:19 +01:00
Luca Deri
d964c3e081 Code cleanup: third party uthash is at the right place 2021-01-20 19:11:36 +01:00
Luca Deri
68b6ac7da8 (C) Update 2021-01-07 11:13:36 +01:00
Luca Deri
eb37f8f1fb Split HTTP request from response Content-Type. Request Content-Type should be present with POSTs and not with other methods such as GET 2021-01-06 18:28:24 +01:00
Ivan Nardi
3aa16b63e8
Fix some warnings when compiling with "-W -Wall" flags (#1103) 2021-01-04 15:49:39 +01:00
Luca Deri
b7376cc690 Restored QUIC stats 2020-12-30 12:12:33 +01:00
Luca Deri
9c1827a77b Fixed output when tLS (nad not QUIC) is used 2020-12-28 09:19:39 +01:00
Luca Deri
a89642ad04 Fixes bug introduced by https://github.com/ntop/nDPI/pull/1085 2020-12-12 12:32:44 +01:00
Zied Aouini
5bd5461f96
Fix minimum packet length condition (#1087) 2020-12-12 11:12:59 +01:00
Toni
74a77e7b3d
Added --ignore-vlanid / -I to exclude VLAN ids for flow hash calculation. #1073 (#1085) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-12-11 21:01:51 +01:00
Luca Deri
eb689b2069 nDPI rules (work in progress) implementation 2020-11-30 22:01:49 +01:00
Toni
af02ffb60f
Support raw IPv4 / IPv6 pcap packet processing. (#1053) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-11-09 16:18:05 +01:00
Luca Deri
017e395ed1 Cosmetic changes 2020-11-03 16:46:30 +01:00
Luca Deri
48d640583a Moved global in reader_util.c 2020-10-27 08:40:00 +01:00
Luca Deri
948a906037 Added -D flag for detecting DoH in the wild 
Removed heuristic from CiscoVPN as it leads to false positives
 2020-10-26 21:40:59 +01:00
Luca Deri
9873972acb Various improvemement when using ndpi_pref_enable_tls_block_dissection: 
application data TLS blocks are now ignored when exchanged before
- the end of certificate negotiation (up to TLS 1.2)
- change cipher
 2020-10-24 19:22:56 +02:00
Luca Deri
9b85669a64 Added -x for checking patterns 2020-10-22 23:28:18 +02:00
Ivan Nardi
6027a7c799
Fix parsing of DLT_PPP datalink type (#1042) 2020-10-21 22:27:42 +02:00
Zied Aouini
43c1f6a3fd
CAPWAP tunnel decoding fix (#1038) 
* Fix CAPWAP processing.

* Update result.
 2020-10-21 15:07:20 +02:00
Toni
c2d8955c18
Fixed missing PCAP include directories in Makefiles. (#1034) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-10-19 11:25:22 +02:00
aouinizied
d5d2a7e3f3 Fix CAPWAP handling. 2020-10-13 19:13:07 +02:00
Luca
05d93790e4 Added ndpi_quick_16_byte_hash 
Warning fix
 2020-10-05 08:26:24 +02:00
Luca Deri
32e4922c5a Warning fix 2020-10-03 17:14:40 +02:00
Toni
656323c334
Added missing files to `make dist' target which are not required to build nDPI but still somehow essential. (#1024) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-09-29 17:58:33 +02:00