| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | STUN: improve detection of Telegram calls (#2671) | Ivan Nardi | 2025-01-14 |
| | | |||
| * | TLS: remove JA3C (#2679) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551 | ||
| * | Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | | It might be usefull to be able to match traffic against a list of suspicious JA4C fingerprints Use the same code/logic/infrastructure used for JA3C (note that we are going to remove JA3C...) See: #2551 | ||
| * | Add Vivox support (#2668) | Vladimir Gavrilov | 2025-01-11 |
| | | |||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | QUIC: remove extraction of user-agent (#2650) | Ivan Nardi | 2025-01-07 |
| | | | | | | In very old (G)QUIC versions by Google, the user agent was available on plain text. That is not true anymore, since about end of 2021. See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7 | ||
| * | Classifications "by-port"/"by-ip" should never change (#2656) | Ivan Nardi | 2025-01-06 |
| | | | | Add a new variable to keep track of internal partial classification | ||
| * | Add the ability to enable/disable every specific flow risks (#2653) | Ivan Nardi | 2025-01-06 |
| | | |||
| * | QUIC: extract "max idle timeout" parameter (#2649) | Ivan Nardi | 2025-01-06 |
| | | | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager | ||
| * | TLS: remove ESNI support (#2648) | Ivan Nardi | 2025-01-06 |
| | | | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension. | ||
| * | STUN/RTP: improve metadata extraction (#2641) | Ivan Nardi | 2024-12-11 |
| | | |||
| * | Changed serializer buffer size to 256 bytes | Luca Deri | 2024-12-05 |
| | | |||
| * | STUN counter changes | Luca Deri | 2024-11-29 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | STUN: improve Whatsapp monitoring (#2635) | Ivan Nardi | 2024-11-29 |
| | | |||
| * | Enhanced STUN stats | Luca Deri | 2024-11-28 |
| | | |||
| * | Removed old USE_LEGACY_AHO_CORASICK code | Luca Deri | 2024-11-26 |
| | | |||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | Update `flow->flow_multimedia_types` to a bitmask (#2625) | Ivan Nardi | 2024-11-25 |
| | | | | In the same flow, we can have multiple multimedia types | ||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Added ndpi_intoav6() | Luca Deri | 2024-11-17 |
| | | | | | Implemented Mikrotik JSON serialization | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Cosmetic change | Luca | 2024-11-14 |
| | | |||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Unify ndpi debug logging to always use a u16 protocol id (#2613) | Toni | 2024-11-11 |
| | | | | | | * fixes SonarCloud complaint Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | Increased "struct ndpi_flow_struct" size | Luca Deri | 2024-10-31 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Fix blocks with inner-json mode | Alfredo Cardigliano | 2024-10-31 |
| | | |||
| * | Add new json serialization type ndpi_serialization_format_inner_json | Alfredo Cardigliano | 2024-10-31 |
| | | |||
| * | TLS: export heuristic fingerprint as metadata (#2609) | Ivan Nardi | 2024-10-28 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Added ndpi_str_endswith() | Luca Deri | 2024-10-28 |
| | | |||
| * | Renamed os hints to avoid name clashes | Luca Deri | 2024-10-19 |
| | | |||
| * | Increased struct size (#2599) | Luca Deri | 2024-10-19 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Add configuration of TCP fingerprint computation (#2598) | Ivan Nardi | 2024-10-18 |
| | | | | Extend configuration of raw format of JA4C fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | Implemented nDPI TCP fingerprint | Luca Deri | 2024-10-15 |
| | | |||
| * | Add monitoring capability (#2588) | Ivan Nardi | 2024-10-14 |
| | | | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583 | ||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Added u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */); | Luca Deri | 2024-10-13 |
| | | |||
| * | Added -N option for dumping/restoring the DNS cache (when enabled) | Luca Deri | 2024-10-10 |
| | | | | | Example ndpiReader -i en0 --cfg=dpi.address_cache_size,32768 -N /tmp/a | ||
| * | Added new API calls for serializing/restoring the DNS cache | Luca Deri | 2024-10-10 |
| | | | | | | - bool ndpi_address_cache_dump(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); - u_int32_t ndpi_address_cache_restore(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); | ||
| * | Added missing #define | Luca Deri | 2024-10-08 |
| | | |||
| * | Implemented (disabled by default) DNS host cache. You can set the cache size ↵ | Luca Deri | 2024-10-07 |
| | | | | | | | | | | | as follows: ndpiReader --cfg=dpi.address_cache_size,1000 -i <pcap>.pcap In the above example the cache has up to 1000 entries. In jcase ndpiReader exports data in JSON, the cache hostname (if found) is exported in the field server_hostname | ||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||