aboutsummaryrefslogtreecommitdiff
path: root/src/include
Commit message (Collapse)AuthorAge
* Add realtime protocol output to `ndpiReader`.add/output-realtime-protocolsToni Uhlig2023-12-14
| | | | | | | | * support for using a new flow callback invoked before the flow memory is free'd * minor fixes * Win32 gmtime fix Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Monero protocol classification. (#2196)Toni2023-12-13
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fuzz: extend fuzzing coverage (#2208)Ivan Nardi2023-12-11
|
* STUN: rework extra dissection (#2202)Ivan Nardi2023-12-11
| | | | | | | Keep looking for RTP packets but remove the monitoring concept. We will re-introduce a more general concept of "flow in monitoring state" later. The function was disabled by default. Some configuration knobs will be provided when/if #2190 is merged.
* HTTP: faster processing of asymmetric flows (#2198)Ivan Nardi2023-12-11
|
* OpenVPN: rework detection (#2199)Ivan Nardi2023-12-06
| | | Close #1873
* Add Ether-S-Bus protocol dissector (#2200)Vladimir Gavrilov2023-12-05
|
* Add some fast CRC16 algorithms implementation (#2195)Vladimir Gavrilov2023-12-05
| | | | | | | | | * Add some fast CRC16 algorithms implementation * Update ndpi_crc.c * Move crc16 stuff to ndpi_analyze.c * IEEE C37.118: use new fast CRC-16/CCITT-FALSE implementation
* Add IEEE C37.118 protocol dissector (#2193)Vladimir Gavrilov2023-12-05
|
* TLS: remove JA3+ fingerprints. (#2192)Ivan Nardi2023-12-05
| | | See: #2191
* Add ISO 9506-1 MMS protocol dissector (#2189)Vladimir Gavrilov2023-12-01
| | | | * Add ISO 9506-1 MMS protocol dissector * Fix detection on big-endian architectures
* Add Beckhoff ADS protocol dissector (#2181)Vladimir Gavrilov2023-11-30
| | | | | | | * Add Beckhoff ADS protocol dissector * Remove redundant le32toh * Fix detection on big-endian architectures
* Keep separating public and private API (#2157)Ivan Nardi2023-11-29
| | | See: b08c787fe
* Add Schneider Electric’s UMAS detection support (#2180)Vladimir Gavrilov2023-11-28
| | | | | | | * Add Schneider Electric’s UMAS detection support * Swap proto IDs in ndpi_set_detected_protocol * Update unit test result
* Add Ether-S-I/O protocol dissector (#2174)Vladimir Gavrilov2023-11-27
|
* Add Omron FINS protocol dissector (#2172)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | * Add Omron FINS protocol dissector * Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP * Update unit test results * Update protocols.rst * Remove dummy flows from fins.pcap
* Rework S7Comm dissector; add S7Comm Plus support (#2165)Vladimir Gavrilov2023-11-27
| | | | | | | | | | | | | | * Rework S7Comm dissector; add S7Comm Plus support * Cleanup s7comm.c * Improve S7Comm Plus detection * s7comm/s7commplus: faster detection --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add OPC UA protocol dissector (#2169)Vladimir Gavrilov2023-11-27
|
* Add RTPS protocol dissector (#2168)Vladimir Gavrilov2023-11-27
|
* Add HART-IP protocol dissector (#2163)Vladimir Gavrilov2023-11-22
| | | | | | | | | | | | | | | * Add HART-IP protocol dissector * Update docs * Update protocols.rst * Reuse free proto id and re-run tests * docs: move HART-IP to top of list --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Add IEEE 1588-2008 (PTPv2) dissector (#2156)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | | | * Add IEEE 1588-2008 (PTPv2) dissector PTPv2 is a time synchronization protocol in computer networks, similar to NTP. * Add default protocol ports * Update default test result for PTPv2 * Update copyright --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Remove Google+ support (#2155)Vladimir Gavrilov2023-11-21
| | | | | | | | | | | | | * Remove Google+ support Google+ was discontiued in 2019, so I think that its protocol id can be freed for reuse. * Fix typo * Update tests --------- Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
* Added TeslaServices and improved TikTok host names. Fixes #2140. (#2144)Toni2023-11-10
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Have a clear distinction between public and private/internal API (#2137)Ivan Nardi2023-11-09
| | | | | | 1) Public API/headers in `src/include/` [as it has always been] 2) Private API/headers in `src/lib/` Try to keep the "ndpi_" prefix only for the public functions
* Fixed implicit u32 cast in `ndpi_data_min()` / `ndpi_data_max()`. (#2139)Toni2023-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Remove `struct ndpi_packet_struct` from the public API (#2129)Ivan Nardi2023-11-07
| | | | | | | | | | | | | | | | | Right now, the only instance of `struct ndpi_packet_struct` is embedded into `struct ndpi_detection_module_struct`. Since the latter is a private structure (because of `NDPI_LIB_COMPILATION` ) there is no way for the application to get a pointer to `ndpi_struct->packet`. Bottom line: the application can't use any API functions having `struct ndpi_packet_struct *` as parameter. Remove them all (since they are completly unused and unusable). There are no public helper functions to initialize/populate/deinit a `struct ndpi_packet_struct` object, so the application can't neither create its own instance of this object. Protect `struct ndpi_packet_struct` via the same define `NDPI_LIB_COMPILATION`.
* Fix proto_name and proto_id missmatch for Sina and SinaWeibo (#2131)Ivan Kapranov2023-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | * minor fixes fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq * fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol * fix compile errors * fix * Fix name missmatch for Sina and Sina Weibo * fix * add Sina Weibo to doc * fix * add Sina Weibo to doc --------- Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* Rename some functions with more useful/clear names (#2127)Ivan Nardi2023-10-29
|
* IPv6: add support for custom categories (#2126)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* add ethereum protocol dissector. (#2111)Maatuq2023-10-25
| | | | | | | as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin the same is applicable for ethereum. ethereum detection was removed from mining protocol and is now handled separately. Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
* Added generic Google Protobuf dissector. (#2109)Toni2023-10-24
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add CAN over Ethernet dissector.Toni Uhlig2023-10-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add Remote Management Control Protocol (RMCP).Toni Uhlig2023-10-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed OpenWRT arm related build issues. (#2104)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed two OpenWRT arm related build issues. (#2103)Toni2023-10-16
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Windows warning checksLuca Deri2023-10-16
|
* Added NDPI_MALWARE_HOST_CONTACTED flow riskLuca Deri2023-10-13
|
* QUIC: export QUIC version as metadataNardi Ivan2023-10-11
|
* Added HAProxy protocol. (#2088)Toni2023-10-02
| | | | | | * fixed tests/do.sh.in failure print Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Cleaned up mining datastructureLuca2023-09-27
|
* Added printf/fprintf replacement for some internal modules. (#1974)Toni2023-09-26
| | | | | | * logging is instead redirected to `ndpi_debug_printf` Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix some prototypes (#2085)Ivan Nardi2023-09-18
| | | | | ``` error: function declaration isn’t a prototype [-Werror=strict-prototypes] ```
* Add support for (un-encrypted) HTTP/2 (#2087)Ivan Nardi2023-09-18
| | | | Plaintext HTTP/2 is quite rare on the general "internet" but it is used in some private networks (example: 5G core network)
* Add `ndpi_domain_classify_finalize()` function (#2084)Ivan Nardi2023-09-12
| | | | | | | | | The "domain classify" data structure is immutable, since it uses "bitmap64". Allow to finalize it before starting to process packets (i.e. before calling `ndpi_domain_classify_contains()`) to avoid, in the data-path, all the memory allocations due to compression. Calling `ndpi_domain_classify_finalize()` is optional.
* tftp: check incrementation for DATA and ACK packetsThomas Winter2023-09-12
| | | | | | | | | | | | | The 2 bytes following the opcode for DATA and ACK packets are the block number and this should be incrementing every packet. We should check to see that this is occurring otherwise false matches can occur, eg L2TPv3 over UDP matches the DATA opcode but the next two bytes are always zero. Remove the DATA max block size assumption since this can be false if the blksize option is used to increase it. Fixes #2070
* fuzz: add fuzzers to test bitmap64 and domain_classify data structures (#2082)Ivan Nardi2023-09-10
|
Powered by cgit, Themed by Ted Yin.