| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
| |
* Rename NDPI_PROTOCOL_RPC to NDPI_PROTOCOL_MS_RPCH
* Add protocol description
* Improve MS-RPCH detection
|
| |
|
|
|
|
|
| |
* Add UFTP protocol dissector
* Update docs
* Merge pcap files
|
| |
|
|
|
| |
* Add HiSLIP protocol dissector
* Fix error
|
| |
|
|
|
|
|
|
|
| |
* Add PROFINET/IO protocol dissector
* Add LE (Little Endian) to the file name
* Rework dissector
* Remove redundant check
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
|
|
| |
Keep looking for RTP packets but remove the monitoring concept.
We will re-introduce a more general concept of "flow in monitoring
state" later.
The function was disabled by default.
Some configuration knobs will be provided when/if #2190 is merged.
|
| | |
|
| |
|
| |
Close #1873
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Add some fast CRC16 algorithms implementation
* Update ndpi_crc.c
* Move crc16 stuff to ndpi_analyze.c
* IEEE C37.118: use new fast CRC-16/CCITT-FALSE implementation
|
| | |
|
| |
|
| |
See: #2191
|
| |
|
|
| |
* Add ISO 9506-1 MMS protocol dissector
* Fix detection on big-endian architectures
|
| |
|
|
|
|
|
| |
* Add Beckhoff ADS protocol dissector
* Remove redundant le32toh
* Fix detection on big-endian architectures
|
| |
|
| |
See: b08c787fe
|
| |
|
|
|
|
|
| |
* Add Schneider Electric’s UMAS detection support
* Swap proto IDs in ndpi_set_detected_protocol
* Update unit test result
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add Omron FINS protocol dissector
* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP
* Update unit test results
* Update protocols.rst
* Remove dummy flows from fins.pcap
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Rework S7Comm dissector; add S7Comm Plus support
* Cleanup s7comm.c
* Improve S7Comm Plus detection
* s7comm/s7commplus: faster detection
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add HART-IP protocol dissector
* Update docs
* Update protocols.rst
* Reuse free proto id and re-run tests
* docs: move HART-IP to top of list
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add IEEE 1588-2008 (PTPv2) dissector
PTPv2 is a time synchronization protocol in computer networks, similar to NTP.
* Add default protocol ports
* Update default test result for PTPv2
* Update copyright
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove Google+ support
Google+ was discontiued in 2019, so I think that its protocol id can be freed for reuse.
* Fix typo
* Update tests
---------
Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
1) Public API/headers in `src/include/` [as it has always been]
2) Private API/headers in `src/lib/`
Try to keep the "ndpi_" prefix only for the public functions
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now, the only instance of `struct ndpi_packet_struct` is embedded
into `struct ndpi_detection_module_struct`. Since the latter is a
private structure (because of `NDPI_LIB_COMPILATION` ) there is no way for
the application to get a pointer to `ndpi_struct->packet`.
Bottom line: the application can't use any API functions having `struct
ndpi_packet_struct *` as parameter. Remove them all (since they are
completly unused and unusable).
There are no public helper functions to initialize/populate/deinit a
`struct ndpi_packet_struct` object, so the application can't neither
create its own instance of this object.
Protect `struct ndpi_packet_struct` via the same define
`NDPI_LIB_COMPILATION`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* minor fixes
fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq
* fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol
* fix compile errors
* fix
* Fix name missmatch for Sina and Sina Weibo
* fix
* add Sina Weibo to doc
* fix
* add Sina Weibo to doc
---------
Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.
STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification
Add identification of Telegram VoIP calls.
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Fix the script to download crawler addressess
|
| | |
|
| |
|
|
|
|
|
| |
as explained here for bitcoin https://www.ntop.org/guides/nDPI/protocols.html#ndpi-protocol-bitcoin
the same is applicable for ethereum.
ethereum detection was removed from mining protocol and is now handled separately.
Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* fixed tests/do.sh.in failure print
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
|
| |
* logging is instead redirected to `ndpi_debug_printf`
Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
| |
```
error: function declaration isn’t a prototype [-Werror=strict-prototypes]
```
|
| |
|
|
| |
Plaintext HTTP/2 is quite rare on the general "internet" but it is
used in some private networks (example: 5G core network)
|