| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Changed serializer buffer size to 256 bytes | Luca Deri | 2024-12-05 |
| | | |||
| * | STUN counter changes | Luca Deri | 2024-11-29 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | STUN: improve Whatsapp monitoring (#2635) | Ivan Nardi | 2024-11-29 |
| | | |||
| * | Enhanced STUN stats | Luca Deri | 2024-11-28 |
| | | |||
| * | Removed old USE_LEGACY_AHO_CORASICK code | Luca Deri | 2024-11-26 |
| | | |||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | Update `flow->flow_multimedia_types` to a bitmask (#2625) | Ivan Nardi | 2024-11-25 |
| | | | | In the same flow, we can have multiple multimedia types | ||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Added ndpi_intoav6() | Luca Deri | 2024-11-17 |
| | | | | | Implemented Mikrotik JSON serialization | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Cosmetic change | Luca | 2024-11-14 |
| | | |||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Unify ndpi debug logging to always use a u16 protocol id (#2613) | Toni | 2024-11-11 |
| | | | | | | * fixes SonarCloud complaint Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | Increased "struct ndpi_flow_struct" size | Luca Deri | 2024-10-31 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Fix blocks with inner-json mode | Alfredo Cardigliano | 2024-10-31 |
| | | |||
| * | Add new json serialization type ndpi_serialization_format_inner_json | Alfredo Cardigliano | 2024-10-31 |
| | | |||
| * | TLS: export heuristic fingerprint as metadata (#2609) | Ivan Nardi | 2024-10-28 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Added ndpi_str_endswith() | Luca Deri | 2024-10-28 |
| | | |||
| * | Renamed os hints to avoid name clashes | Luca Deri | 2024-10-19 |
| | | |||
| * | Increased struct size (#2599) | Luca Deri | 2024-10-19 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Add configuration of TCP fingerprint computation (#2598) | Ivan Nardi | 2024-10-18 |
| | | | | Extend configuration of raw format of JA4C fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | Implemented nDPI TCP fingerprint | Luca Deri | 2024-10-15 |
| | | |||
| * | Add monitoring capability (#2588) | Ivan Nardi | 2024-10-14 |
| | | | | | | | | | | | | | | Allow nDPI to process the entire flows and not only the first N packets. Usefull when the application is interested in some metadata spanning the entire life of the session. As initial step, only STUN flows can be put in monitoring. See `doc/monitoring.md` for further details. This feature is disabled by default. Close #2583 | ||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Added u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */); | Luca Deri | 2024-10-13 |
| | | |||
| * | Added -N option for dumping/restoring the DNS cache (when enabled) | Luca Deri | 2024-10-10 |
| | | | | | Example ndpiReader -i en0 --cfg=dpi.address_cache_size,32768 -N /tmp/a | ||
| * | Added new API calls for serializing/restoring the DNS cache | Luca Deri | 2024-10-10 |
| | | | | | | - bool ndpi_address_cache_dump(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); - u_int32_t ndpi_address_cache_restore(struct ndpi_address_cache *cache, char *path, u_int32_t epoch_now); | ||
| * | Added missing #define | Luca Deri | 2024-10-08 |
| | | |||
| * | Implemented (disabled by default) DNS host cache. You can set the cache size ↵ | Luca Deri | 2024-10-07 |
| | | | | | | | | | | | as follows: ndpiReader --cfg=dpi.address_cache_size,1000 -i <pcap>.pcap In the above example the cache has up to 1000 entries. In jcase ndpiReader exports data in JSON, the cache hostname (if found) is exported in the field server_hostname | ||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||
| * | Let the library returning the packet direction calculated internally (#2572) | Ivan Nardi | 2024-09-27 |
| | | | | wireshark, lua: add basic analysis of possible obfuscated flows | ||
| * | Add enable/disable guessing using client IP/port (#2569) | Liam Wilson | 2024-09-27 |
| | | | | | | | | | Add configurable options for whether to include client port or client IP in the flow's protocol guesses. This defaults to include both client port/IP if the protocol is not guessed with the server IP/port. This is intended for when flow direction detection is enabled, so we know that sport = client port, dport = server port. | ||
| * | Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) | Ivan Nardi | 2024-09-24 |
| | | | | | | | | | | | | | Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default. | ||
| * | buffer lenghtt is now returned by ndpi_quick_encrypt() and ndpi_quick_deecrypt() | Luca Deri | 2024-09-24 |
| | | |||
| * | Added new API calls | Luca Deri | 2024-09-24 |
| | | | | | | u_int ndpi_hex2bin(u_char *out, u_int out_len, u_char* in, u_int in_len); u_int ndpi_bin2hex(u_char *out, u_int out_len, u_char* in, u_int in_len); | ||
| * | Added Sonos protocol detection | Luca Deri | 2024-09-24 |
| | | |||
| * | Added ndpi_quick_encrypt() ndpi_quick_decrypt() APi calls (#2568) | Luca Deri | 2024-09-24 |
| | | | | | | * Added ndpi_quick_encrypt() ndpi_quick_decrypt(0 APi calls based on AES * Added aes.c | ||
| * | Allow IP guess before port in ndpi_detection_giveup (#2562) | Liam Wilson | 2024-09-20 |
| | | | | | Add dpi.guess_ip_before_port which when enabled uses classification by-ip before classification by-port. | ||
| * | Implemented ndpi_strrstr() | Luca Deri | 2024-09-19 |
| | | | | | Fixed bug in ndpi_get_host_domain | ||
| * | Fixed handling of spurious TCP retransmissions | Luca | 2024-09-17 |
| | | |||
| * | Updated ndpi_serialize_flow_fingerprint API signature | Luca | 2024-09-17 |
| | | |||