aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
* websocket: `ndpi_set_detected_protocol()` should be called only onceHEADdevIvan Nardi14 days
| | | | Fix: b07a910dc
* DNS: `ndpi_match_host_subprotocol()` should be called only onceIvan Nardi2025-07-01
|
* websocket: `ndpi_set_detected_protocol()` should be called only once (#2911)Ivan Nardi2025-07-01
|
* Jabber: proper subclassification of TruPhoneIvan Nardi2025-07-01
|
* STUN: don't check `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` flow risk (#2901)Ivan Nardi2025-06-23
|
* Merged protocols (now free to use) into existing categoriesLuca Deri2025-06-17
| | | | | - AdultContent -> Category Adult Content - LLM -> Category Artificial Intelligence
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
* Simplified codeLuca Deri2025-06-09
|
* Fixes invalid SSH client/server detection based on stage and not on packet ↵Luca Deri2025-06-08
| | | | direction
* Sync unit tests results and fix `NDPI_HTTP_SUSPICIOUS_HEADER` (#2874)Ivan Nardi2025-06-08
|
* Improved HTTP risk reportLuca Deri2025-06-08
| | | | PCRE2 is now enabled (if present) by default as necessary to report some HTTP risks
* Improved HTTP risk message reportLuca Deri2025-06-05
|
* Hamachi: improve handshake check (#2861)Vladimir Gavrilov2025-06-03
|
* First step into a dynamic number of protocols (#2857)Ivan Nardi2025-06-03
| | | | | | | | | | | | | We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and `NDPI_MAX_NUM_CUSTOM_PROTOCOLS`. You can use: ``` ndpi_get_num_protocols() ``` See #2136 Removed some unused functions from public API
* New API to enable/disable protocols; remove ↵Ivan Nardi2025-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `ndpi_set_protocol_detection_bitmask2()` (#2853) The main goal is not to have the bitmask depending on the total number of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e. custom-defined protocols are not counted. See #2136 Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old semantic. Since we need to change the API (and all the application code...) anyway, simplify the API: by default all the protocols are enabled. If you need otherwise, please use `ndpi_init_detection_module_ext()` instead of `ndpi_init_detection_module()` (you can find an example in the `ndpiReader` code). To update the application code you likely only need to remove these 3 lines from your code: ``` - NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); ``` Removed an unused field and struct definition.
* Add Hamachi protocol detection support (#2860)Vladimir Gavrilov2025-06-02
|
* BFCP: fix check on payload length and extract metadata (#2854)Ivan Nardi2025-05-26
| | | | | | We should be able to identified this protocol on the first packet, without keeping any state Close #2745
* Dofus: update detection to version 3.X (#2852)Ivan Nardi2025-05-25
| | | See #2827
* Fix some warnings reported by scan-build (#2851)Ivan Nardi2025-05-25
| | | Close #2807
* Add ndpi_memcasecmp, refactor mail protocol dissectors (#2849)Vladimir Gavrilov2025-05-24
|
* A new interface for dissectors registration (#2843)Ivan Nardi2025-05-24
| | | | | | | | | | | | | | | | | | | | | We use `registr_dissector()` instead of `ndpi_set_bitmask_protocol_detection()`. Every file in `src/lib/protocols/*.c` is a dissector. Every dissector can handle multiple protocols. The real goal is this small change: ``` struct call_function_struct { - NDPI_PROTOCOL_BITMASK detection_bitmask; ``` i.e. getting rid of another protocol bitmask: this is mandatory to try to fix #2136 (see also e845e8205b68752c997d05224d8b2fd45acde714) As a nice side effect, we remove a bitmask comparison in the hot function `check_ndpi_detection_func()` TODO: change logging configuration from per-protocol to per-dissector
* Simplify ZeroMQ detection (#2847)Vladimir Gavrilov2025-05-23
|
* Add MELSEC protocol support (#2846)Vladimir Gavrilov2025-05-23
|
* IPP: fix selection bitmask (#2845)Ivan Nardi2025-05-22
| | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...)
* Improve BFCP detection (#2844)Vladimir Gavrilov2025-05-22
| | | Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
* VRRP: add missing dissector registration (#2842)Ivan Nardi2025-05-21
|
* ospf, ipsec: use different ids for protocols at layer3 (#2838)Ivan Nardi2025-05-21
| | | | | | | | | | | | | | | | | | | | | | Don't use the same id for the same protocol identified via L3 info or via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port 2604) Before: ``` ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF' 79 79 IPSec UDP X Safe VPN 500,4500 500 85 85 OSPF X Acceptable Network - 2604 ``` After: ``` ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF' 79 79 IPSec UDP X Safe VPN 500,4500 500 85 85 IP_OSPF X Acceptable Network - - 116 116 AH X Safe VPN - - 117 117 ESP X Safe VPN - - 184 184 OSPF TCP X Safe Network - 2604 ```
* Drop GW1 support and add basic GW2 detection (#2836)Vladimir Gavrilov2025-05-21
|
* CrossFire: update code (#2834)Vladimir Gavrilov2025-05-21
|
* Minor simplification on protocol/dissector registration (#2833)Ivan Nardi2025-05-20
|
* Gnutella: avoid false positives (#2832)Ivan Nardi2025-05-20
|
* Gnutella: simplify code, to support only gtk-gnutella client (#2830)Ivan Nardi2025-05-20
| | | Close #2818
* Remove duplicate ALPS extension (#2821)FS2025-05-19
| | | | | * Removed dupe extension * Removed ECH from suspicious extensions
* Drop Warcraft 3 (pre Reforged) support (#2826)Vladimir Gavrilov2025-05-19
|
* TLS: register TLS dissector only once (#2825)Ivan Nardi2025-05-19
| | | | This is the first, tiny, step into a better separation between "protocols" and "dissectors"
* RTSP: simplify detection (#2822)Ivan Nardi2025-05-18
|
* Remove Half-Life 2 support; improve Source Engine protocol detection0xA50C1A12025-05-16
|
* Rename Lotus Notes to HCL Notes for product consistency0xA50C1A12025-05-15
|
* Remove Vhua support (#2816)Vladimir Gavrilov2025-05-15
|
* Remove World Of Kung Fu support (#2815)Vladimir Gavrilov2025-05-15
|
* Improve Ubiquiti device discovery request/response detection. (#2810)Toni2025-05-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* CentOS compilation fixLuca Deri2025-05-05
|
* Add Microsoft Delivery Optimization protocol (#2799)Vladimir Gavrilov2025-04-28
|
* STUN/RTP: extend extracted metadata (#2798)Ivan Nardi2025-04-17
|
* UBNTAC2,Ookla: improve detection (#2793)Ivan Nardi2025-04-10
|
* FPC: save all addresses from DNS to `fpc_dns` cache (#2792)Ivan Nardi2025-04-10
|
* Added check while dissecting non-TCP packets ndpi_search_tls_tcpLuca Deri2025-04-04
| | | | Renamed ndpi_search_tls_udp to ndpi_search_dtls
* Implemented detection of the latest Signal video/audio calls leveraging on ↵Luca Deri2025-04-02
| | | | Cloudflare CDN
* blizzard: improve detection of generic battle.net trafficIvan Nardi2025-03-30
|
* blizzard: add detection of Overwatch2Ivan Nardi2025-03-30
|
Powered by cgit, Themed by Ted Yin.