aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_content_match.c.inc
Commit message (Collapse)AuthorAge
* Unify "Skype" and "Teams" ids (#2687)Ivan Nardi2025-01-20
| | | | | | * Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` -> `NDPI_PROTOCOL_MSTEAMS_CALL` * Rename ip list from "Skype/Teams" to "Teams"
* Add missing Dropbox domain (#2685)Vladimir Gavrilov2025-01-19
|
* Added DigitalOcean protocolLuca Deri2025-01-17
|
* Add Vivox support (#2668)Vladimir Gavrilov2025-01-11
|
* Added minor Citrix improvementLuca Deri2024-12-13
|
* signal: improve detection of chats and calls (#2637)Ivan Nardi2024-12-04
|
* Add support Yandex Alice (#2633)Evgeny Shtanov2024-11-29
| | | | Co-authored-by: Evgeny Shtanov <evg.shtanov@gmail.comm> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* Update domains listIvan Nardi2024-11-25
|
* Add support for Paramount+ streaming serviceIvan Nardi2024-11-25
|
* Small updates on domains list (#2623)Ivan Nardi2024-11-18
| | | | See #2595 (no sure about the best way to handle the two domains about games...)
* Add support for some Chinese shopping platforms (Temu, Shein and Taobao) (#2615)Ivan Nardi2024-11-12
| | | Extend content match list
* Add Naver protocol support (#2610)Vladimir Gavrilov2024-11-01
|
* TikTok cleanupLuca2024-10-30
|
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* Added pki.goog domain nameLuca Deri2024-09-30
|
* Improved telegram detectionLuca Deri2024-09-26
|
* Added Sonos protocol detectionLuca Deri2024-09-24
|
* Add detection of Windscribe VPNNardi Ivan2024-09-05
|
* Add detection of CactusVPNNardi Ivan2024-09-05
|
* Add detection of SurfShark VPNNardi Ivan2024-09-05
|
* Add detection of NordVPNNardi Ivan2024-09-05
|
* Improved Yahoo matching for Japanese traffic (#2539)Liam Wilson2024-09-02
| | | | Japanese Yahoo domains are missed. Add yahoo.co.jp, yimg.jp, and the domain for ads seen when accessing yahoo.co.jp.
* Enhanced PrimeVideo detectionLuca Deri2024-07-30
|
* Added ClickHouse protocolLuca2024-07-17
|
* Improve detection of Cloudflare WARP traffic (#2491)Ivan Nardi2024-07-04
| | | See: #2484
* Improve detection of Twitter/X (#2482)Ivan Nardi2024-07-01
|
* Add detection of OpenAI ChatGPT bots (#2481)Ivan Nardi2024-07-01
|
* Rename Messenger to FacebookMessenger (#2453)Vladimir Gavrilov2024-05-23
|
* Add Call of Duty Mobile support (#2438)Vladimir Gavrilov2024-05-15
|
* IRC: simplify detection (#2423)Ivan Nardi2024-05-11
| | | | | | | | | | | | | | | | IRC has its best times well behind, but there are still some servers using it. We should try to simplify the detection logic, still based on OpenDPI logic. Let's start with some easy changes: * try to detect TLS connection via standard hostname/SNI matching, removing an old heuristic (we have never had any trace matching it); * add some basic server names; * once we detect that the flow is IRC, we don't have to perform anything else; * remove HTTP stuff; real HTTP flows never trigger that data path * use `ndpi_memmem()` when possible
* Remove Vevo support (#2436)Vladimir Gavrilov2024-05-11
| | | Co-authored-by: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
* Add support for Mastodon, Bluesky and (FB-)Threads (#2418)Ivan Nardi2024-05-06
|
* Add Adobe Connect support (#2407)0x41CEA552024-04-24
|
* Remove PPStream protocol and add iQIYI (#2403)0x41CEA552024-04-23
| | | | | | P2P video player PPStream was discontinued shortly after the purchase of PPS.tv by Baidu (iQIYI) on 2013 (see https://www.techinasia.com/report-baidu-acquires-video-rival-pps) So we remove the old `NDPI_PROTOCOL_PPSTREAM` logic and add `NDPI_PROTOCOL_IQIYI` id to handle all the iQIYI traffic, which is basically video streaming traffic. A video hosting service, called PPS.tv, is still offered by the same company: for the time being we classified both services with the same protocol id.
* Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398)0x41CEA552024-04-19
|
* Domain Classification Improvements (#2396)Luca Deri2024-04-18
| | | | | | | | | | | | | | | | | | | * Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list
* Add The Elder Scrolls Online support (#2376)Vladimir Gavrilov2024-04-10
| | | | | | | | | | | * Add The Elder Scrolls Online support * Use ndpi_memmem instead of memmem from libc * Add protocol description * Change selection bitmask to V4_V6 * Update protocols.rst
* Add Path of Exile protocol dissector (#2337)Vladimir Gavrilov2024-03-06
| | | | | * Add Path of Exile protocol dissector * Update protocols.rst
* ahocorasick: improve matching with subdomains (#2331)Ivan Nardi2024-03-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The basic idea is to have the following logic: * pattern "DOMAIN" matches the domain itself (i.e exact match) *and* any subdomains (i.e. "ANYTHING.DOMAIN") * pattern "DOMAIN." matches *also* any strings for which is a prefix [please, note that this kind of match is handy but it is quite dangerous...] * pattern "-DOMAIN" matches *also* any strings for which is a postfix Examples: * pattern "wikipedia.it": * "wikipiedia.it" -> OK * "foo.wikipedia.it -> OK * "foowikipedia.it -> NO MATCH * "wikipedia.it.com -> NO MATCH * pattern "wikipedia.": * "wikipedia.it" -> OK * "foo.wikipedia.it -> OK * "foowikipedia.it -> NO MATCH * "wikipedia.it.com -> OK * pattern "-wikipedia.it": * "wikipedia.it" -> NO MATCH * "foo.wikipedia.it -> NO MATCH * "0001-wikipedia.it -> OK * "foo.0001-wikipedia.it -> OK Bottom line: * exact match * prefix with "." (always, implicit) * prefix with "-" (only if esplicitly set) * postfix with "." (only if esplicitly set) That means that the patterns cannot start with '.' anymore. Close #2330
* Extended connectivity checksLuca Deri2024-03-05
|
* Add NetEase Games detection support (#2335)Vladimir Gavrilov2024-03-05
|
* Telegram: improve identificationNardi Ivan2024-02-26
| | | | | | | | | | | | | | | | | Follow up of 31c706c3dbbf0afc4c8e0a6d0bb6f20796296549 and 75485e177ccc4fafcc62dd46c6917d5b735cf7d2. Allow fast classification by ip, but give time to other dissectors to kick in (for example, the TLS code for the Telegram Web flows). Even if we don't classify it anymore at the very first packet (i.e. SYN) we fully classify Telegram traffic at the first packet with payload, as *any* other protocol. This way, we always have the proper category, the proper confidence for the UDP flows and we don't overwrite previous classifications (TLS or ICMP) Remove old and stale identification logic for TCP flows
* Add identification of Huawei generic and cloud traffic (#2325)Ivan Nardi2024-02-20
|
* Add detection of Gaijin Entertainment games (#2311)Vladimir Gavrilov2024-02-09
| | | | | | | | | * Add detection of Gaijin Entertainment games * Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN * Add default UDP port for Gaijin Entertainment games * Remove NDPI_PROTOCOL_CROSSOUT protocol id
* Add new AppsFlyer domain (#2307)Vladimir Gavrilov2024-02-08
|
* Add ElectronicArts detection support (#2274)Vladimir Gavrilov2024-01-21
| | | | | * Add ElectronicArts detection support * Merge electronicarts.pcapng into sites.pcapng
* Add Mumble detection support (#2269)Vladimir Gavrilov2024-01-19
|
* Rework Steam detection (part 1) (#2264)Vladimir Gavrilov2024-01-18
| | | | | | | | | | | | | | | | | | | | | * Clean up Steam dissector * Add Steam Datagram Relay dissector * Update docs * Update test results * Remove csgo.c from MSVC project * Small fixes * Add Steam TLS pcap sample * Merge Steam pcap samples into single one * Fix typo * Update test results
* Add more tracker/ad hosts (#2256)Vladimir Gavrilov2024-01-12
|
Powered by cgit, Themed by Ted Yin.