| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | DNS: evaluate all flow risks even if sub-classification is disabled (#2714) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | Added max element number in ndpi_protocol_qoe_category_t | Luca Deri | 2025-02-10 |
| | | |||
| * | Added ndpi_find_protocol_qoe() API call | Luca Deri | 2025-02-10 |
| | | | | | Updated (C) | ||
| * | Introduced QoE (Quality of Experience) protocol classification | Luca Deri | 2025-02-06 |
| | | |||
| * | Preliminary work to rework `struct ndpi_flow_struct` (#2705) | Ivan Nardi | 2025-02-04 |
| | | | | | | | | | No significant changes: * Move around some fields to avoid holes in the structures. * Some fields are about protocols based only on TCP. * Remove some unused (or set but never read) fields. See #2631 | ||
| * | Added ndpi_network_ptree6_match() API call | Luca Deri | 2025-01-31 |
| | | |||
| * | bittorrent: add configuration for "hash" metadata (#2706) | Ivan Nardi | 2025-01-31 |
| | | | | Fix confidence value for same TCP flows | ||
| * | HTTP: add configuration for some metadata (#2704) | Ivan Nardi | 2025-01-31 |
| | | | | Extend file configuration for just subclassification. | ||
| * | Create a specific configuration for classification only (#2689) | Ivan Nardi | 2025-01-31 |
| | | | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata. | ||
| * | Exported DNS transactionId | Luca Deri | 2025-01-30 |
| | | |||
| * | Added ndpi_data_jitter() API call | Luca Deri | 2025-01-29 |
| | | |||
| * | Extracted http host and referer metadata (http protocol) | Luca Deri | 2025-01-24 |
| | | |||
| * | Added health category | Luca Deri | 2025-01-24 |
| | | |||
| * | Minor extension for custom nDPI | Ivan Nardi | 2025-01-23 |
| | | |||
| * | Unify "Skype" and "Teams" ids (#2687) | Ivan Nardi | 2025-01-20 |
| | | | | | | | * Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` -> `NDPI_PROTOCOL_MSTEAMS_CALL` * Rename ip list from "Skype/Teams" to "Teams" | ||
| * | Renamed ips_match to ndpi_ips_match | Luca Deri | 2025-01-17 |
| | | |||
| * | Added DigitalOcean protocol | Luca Deri | 2025-01-17 |
| | | |||
| * | STUN: improve detection of Telegram calls (#2671) | Ivan Nardi | 2025-01-14 |
| | | |||
| * | TLS: remove JA3C (#2679) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551 | ||
| * | Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678) | Ivan Nardi | 2025-01-14 |
| | | | | | | | | | | It might be usefull to be able to match traffic against a list of suspicious JA4C fingerprints Use the same code/logic/infrastructure used for JA3C (note that we are going to remove JA3C...) See: #2551 | ||
| * | Add Vivox support (#2668) | Vladimir Gavrilov | 2025-01-11 |
| | | |||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | QUIC: remove extraction of user-agent (#2650) | Ivan Nardi | 2025-01-07 |
| | | | | | | In very old (G)QUIC versions by Google, the user agent was available on plain text. That is not true anymore, since about end of 2021. See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7 | ||
| * | Classifications "by-port"/"by-ip" should never change (#2656) | Ivan Nardi | 2025-01-06 |
| | | | | Add a new variable to keep track of internal partial classification | ||
| * | Add the ability to enable/disable every specific flow risks (#2653) | Ivan Nardi | 2025-01-06 |
| | | |||
| * | QUIC: extract "max idle timeout" parameter (#2649) | Ivan Nardi | 2025-01-06 |
| | | | | | | Even if it is only the proposed value by the client (and not the negotiated one), it might be use as hint for timeout by the (external) flows manager | ||
| * | TLS: remove ESNI support (#2648) | Ivan Nardi | 2025-01-06 |
| | | | | | | ESNI has been superseded by ECH for years, now. See: https://blog.cloudflare.com/encrypted-client-hello/ Set the existing flow risk if we still found this extension. | ||
| * | STUN/RTP: improve metadata extraction (#2641) | Ivan Nardi | 2024-12-11 |
| | | |||
| * | Changed serializer buffer size to 256 bytes | Luca Deri | 2024-12-05 |
| | | |||
| * | STUN counter changes | Luca Deri | 2024-11-29 |
| | | |||
| * | Add support Yandex Alice (#2633) | Evgeny Shtanov | 2024-11-29 |
| | | | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | ||
| * | STUN: improve Whatsapp monitoring (#2635) | Ivan Nardi | 2024-11-29 |
| | | |||
| * | Enhanced STUN stats | Luca Deri | 2024-11-28 |
| | | |||
| * | Removed old USE_LEGACY_AHO_CORASICK code | Luca Deri | 2024-11-26 |
| | | |||
| * | Add support for Paramount+ streaming service | Ivan Nardi | 2024-11-25 |
| | | |||
| * | Update `flow->flow_multimedia_types` to a bitmask (#2625) | Ivan Nardi | 2024-11-25 |
| | | | | In the same flow, we can have multiple multimedia types | ||
| * | RTP, STUN: improve detection of multimedia flow type (#2620) | Ivan Nardi | 2024-11-19 |
| | | | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field... | ||
| * | Added ndpi_intoav6() | Luca Deri | 2024-11-17 |
| | | | | | Implemented Mikrotik JSON serialization | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Cosmetic change | Luca | 2024-11-14 |
| | | |||
| * | Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615) | Ivan Nardi | 2024-11-12 |
| | | | | Extend content match list | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Unify ndpi debug logging to always use a u16 protocol id (#2613) | Toni | 2024-11-11 |
| | | | | | | * fixes SonarCloud complaint Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add Naver protocol support (#2610) | Vladimir Gavrilov | 2024-11-01 |
| | | |||
| * | Increased "struct ndpi_flow_struct" size | Luca Deri | 2024-10-31 |
| | | |||
| * | Added HTTP credentials extraction | Luca Deri | 2024-10-31 |
| | | |||
| * | Fix blocks with inner-json mode | Alfredo Cardigliano | 2024-10-31 |
| | | |||
| * | Add new json serialization type ndpi_serialization_format_inner_json | Alfredo Cardigliano | 2024-10-31 |
| | | |||
| * | TLS: export heuristic fingerprint as metadata (#2609) | Ivan Nardi | 2024-10-28 |
| | | |||