libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	fuzz: extend fuzzing coverage	Ivan Nardi	2025-06-24
\| \| \| \|	Remove some unused code
*	If `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` risk is disabled, avoid some ↵	Ivan Nardi	2025-06-23
\| \| \| \|	work (#2899)
*	Faster configuration (#2887)	Ivan Nardi	2025-06-17
\|
*	Rename `ndpi_bitmask_dealloc` into `ndpi_bitmask_free`	Ivan Nardi	2025-06-09
\|
*	Remove `NDPI_PROTOCOL_BITMASK`; add a new generic bitmask data structure (#2871)	Ivan Nardi	2025-06-09
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The main difference is that the memory is allocated at runtime Typical usercase: ``` struct ndpi_bitmask b; ndpi_bitmask_alloc(&b, ndpi_get_num_internal_protocols()); ndpi_bitmask_set(&b, $BIT); ndpi_bitmask_is_set(&b, $BIT); [...] ndpi_bitmask_dealloc(&b); ``` See #2136
*	Improved HTTP risk report	Luca Deri	2025-06-08
\| \| \| \|	PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
*	First step into a dynamic number of protocols (#2857)	Ivan Nardi	2025-06-03
\| \| \| \| \| \| \| \| \| \| \| \| \|	We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
*	New API to enable/disable protocols; remove ↵	Ivan Nardi	2025-06-03
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	`ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
*	Added new APi calls	Luca Deri	2025-05-20
\| \| \| \| \| \| \|	- ndpi_is_master_only_protocol() - ndpi_normalize_protocol() These two APi calls are used to normalize mater/app nDPI protocols
*	added raw tcp fingerprint to json (#2812)	funesca	2025-05-15
\| \| \| \| \| \| \| \| \| \| \|	* added raw tcp fingerprint to json * removed unnecessary change * fixed key for json * added configuration option for raw tcp fingerprint * fixed typos
*	Follow-up of latest Signal call change (see: 4d41588a7)	Ivan Nardi	2025-04-05
\|
*	OS fingerprint code cleanup	Luca Deri	2025-03-31
\|
*	Added ndpi_str_to_utf8() API call to convert an ISO 8859 stirng to UTF-8	Luca	2025-03-27
\|
*	Improved configuration to enable/disable export of flow risk info (#2780)	Ivan Nardi	2025-03-25
\| \| \| \|	Follow-up of f56831336334dddcff00eaf2132e5e0f226f0e32: now the configuration is for flow-risk, not global
*	Added API calls to load TCP fingeprints	Luca Deri	2025-03-25
\| \| \| \| \| \| \|	int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct ndpi_str, char fingerprint, enum operating_system_hint os); int load_tcp_fingerprint_file_fd(struct ndpi_detection_module_struct ndpi_str, FILE fd); int ndpi_load_tcp_fingerprint_file(struct ndpi_detection_module_struct ndpi_str, const char path);
*	Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779)	Ivan Nardi	2025-03-25
\| \| \| \| \| \| \|	Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk. Disable fully-encryption detection by default, like all the obfuscation heuristics.
*	Remove `NDPI_TLS_SUSPICIOUS_ESNI_USAGE` flow risk (#2778)	Ivan Nardi	2025-03-25
\| \| \| \| \| \|	That flow risk was introduced in 79b89d286605635f15edfe3c21297aaa3b5f3acf but we can now use the generic `NDPI_TLS_SUSPICIOUS_EXTENSION` instead: ESNI is quite suspicious nowadays in itself (i.e. even without SNI). Note that ESNI support has been removed in cae9fb9989838f213eeb857b8fc4bbeac6940049
*	Update ndpi_utils.c	Ivan Kapranov	2025-03-11
\|
*	Add configuration parameter to enable/disable export of flow risk info (#2761)	Ivan Nardi	2025-03-05
\| \| \| \|	For the most common protocols, avoid creating the string message if we are not going to use it
*	Flow risk infos are always exported "in order" (by flow risk id)	Ivan Nardi	2025-03-04
\| \| \| \| \| \| \| \|	This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk list is already printed by `ndpiReader` in order.
*	Improved RTP dissection with EVS and other mobile voice codecs	Luca Deri	2025-02-20
\|
*	Exported RTP payload in packet metadata	Luca Deri	2025-02-19
\| \| \| \|	Added ndpi_rtp_payload_type2str() API call
*	added metadata fields for M-NOTIFY (#2733)	Ivan Kapranov	2025-02-17
\|
*	Implement SSDP Metadata export (#2729)	Ivan Kapranov	2025-02-16
\| \| \|	Close #2524
*	reworked ntp info extraction (#2723)	Ivan Kapranov	2025-02-15
\|
*	Added ndpi_find_protocol_qoe() API call	Luca Deri	2025-02-10
\| \| \| \|	Updated (C)
*	Renamed ips_match to ndpi_ips_match	Luca Deri	2025-01-17
\|
*	TLS: remove JA3C (#2679)	Ivan Nardi	2025-01-14
\| \| \| \| \| \| \| \|	Last step of removing JA3C fingerprint Remove some duplicate tests: testing with ja4c/ja3s disabled is already performed by `disable_metadata_and_flowrisks` configuration. Close:#2551
*	Fixes https://github.com/ntop/nDPI/issues/2673	Luca Deri	2025-01-13
\|
*	Add the ability to enable/disable every specific flow risks (#2653)	Ivan Nardi	2025-01-06
\|
*	IPv6: fix bad ipv6 format (#1890) (#2651)	paolomonti	2024-12-20
\| \| \| \| \| \|	ipv6 addresses already containing "::" token shall not be searched for ":0:" nor patched Close #1890
*	Telegram STUN improvement	Luca Deri	2024-12-13
\|
*	Added STUN custom support	Luca Deri	2024-12-02
\|
*	Enhanced STUN stats	Luca Deri	2024-11-28
\|
*	SIP: export metadata via json (#2630)	Ivan Nardi	2024-11-26
\| \| \|	Fix: 1bda2bf41
*	Update `flow->flow_multimedia_types` to a bitmask (#2625)	Ivan Nardi	2024-11-25
\| \| \|	In the same flow, we can have multiple multimedia types
*	Added ndpi_intoav6()	Luca Deri	2024-11-17
\| \| \| \|	Implemented Mikrotik JSON serialization
*	SIP: extract some basic metadata	Ivan Nardi	2024-11-12
\|
*	fuzz: improve coverage (#2612)	Ivan Nardi	2024-11-01
\| \| \|	Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()`
*	HTTP: fix leak and out-of-bound error on credential extraction (#2611)	Ivan Nardi	2024-11-01
\|
*	Added HTTP credentials extraction	Luca Deri	2024-10-31
\|
*	DNS reponse addresses are now serialized in JSON	Luca	2024-10-30
\|
*	Added ndpi_str_endswith()	Luca Deri	2024-10-28
\|
*	Reworked TCP fingeprint implementation	Luca Deri	2024-10-20
\|
*	Renamed os hints to avoid name clashes	Luca Deri	2024-10-19
\|
*	Improved TCP fingepring calculation	Luca Deri	2024-10-18
\| \| \| \|	Adde basidc OS detection based on TCP fingerprint
*	Added -L <domain suffix> for loading domain suffixes	Luca Deri	2024-10-15
\| \| \| \|	Exported domainanme in JSON file (-K JSON)
*	Implemented nDPI TCP fingerprint	Luca Deri	2024-10-15
\|
*	Slightly better ndpi_strrstr implementation (#2570)	Vladimir Gavrilov	2024-09-25
\|
*	Changed too restrictive check	Luca Deri	2024-09-25
\|