| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | Reworked fingerprint code | Luca Deri | 2025-05-26 | |
| | | ||||
| * | Better separation between "protocols" and "dissectors" (#2855) | Ivan Nardi | 2025-05-26 | |
| | | | | Callback functions are about dissectors, not protocols | |||
| * | BFCP: fix check on payload length and extract metadata (#2854) | Ivan Nardi | 2025-05-26 | |
| | | | | | | | We should be able to identified this protocol on the first packet, without keeping any state Close #2745 | |||
| * | Added boundary check | Luca Deri | 2025-05-26 | |
| | | ||||
| * | Fingerprint fixes | Luca Deri | 2025-05-26 | |
| | | ||||
| * | Dofus: update detection to version 3.X (#2852) | Ivan Nardi | 2025-05-25 | |
| | | | | See #2827 | |||
| * | Fix some warnings reported by scan-build (#2851) | Ivan Nardi | 2025-05-25 | |
| | | | | Close #2807 | |||
| * | Add ndpi_memcasecmp, refactor mail protocol dissectors (#2849) | Vladimir Gavrilov | 2025-05-24 | |
| | | ||||
| * | A new interface for dissectors registration (#2843) | Ivan Nardi | 2025-05-24 | |
| | | | | | | | | | | | | | | | | | | | | | | We use `registr_dissector()` instead of `ndpi_set_bitmask_protocol_detection()`. Every file in `src/lib/protocols/*.c` is a dissector. Every dissector can handle multiple protocols. The real goal is this small change: ``` struct call_function_struct { - NDPI_PROTOCOL_BITMASK detection_bitmask; ``` i.e. getting rid of another protocol bitmask: this is mandatory to try to fix #2136 (see also e845e8205b68752c997d05224d8b2fd45acde714) As a nice side effect, we remove a bitmask comparison in the hot function `check_ndpi_detection_func()` TODO: change logging configuration from per-protocol to per-dissector | |||
| * | Added the support for multiple TCP fingerprint format | Luca Deri | 2025-05-24 | |
| | | | | | | | | | | - default (0) is the native nDPI format - MuonOF (1) has been added The format can be changed using metadata.tcp_fingerprint_format Added ability to identify mass scanners using TCP fingerprint | |||
| * | Simplify ZeroMQ detection (#2847) | Vladimir Gavrilov | 2025-05-23 | |
| | | ||||
| * | Add MELSEC protocol support (#2846) | Vladimir Gavrilov | 2025-05-23 | |
| | | ||||
| * | IPP: fix selection bitmask (#2845) | Ivan Nardi | 2025-05-22 | |
| | | | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...) | |||
| * | Improve BFCP detection (#2844) | Vladimir Gavrilov | 2025-05-22 | |
| | | | | Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com> | |||
| * | VRRP: add missing dissector registration (#2842) | Ivan Nardi | 2025-05-21 | |
| | | ||||
| * | Fix `isAppProtocol` for ULTRASURF | Ivan Nardi | 2025-05-21 | |
| | | ||||
| * | Add new Adjust domains (#2841) | Vladimir Gavrilov | 2025-05-21 | |
| | | ||||
| * | ospf, ipsec: use different ids for protocols at layer3 (#2838) | Ivan Nardi | 2025-05-21 | |
| | | | | | | | | | | | | | | | | | | | | | | | Don't use the same id for the same protocol identified via L3 info or via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port 2604) Before: ``` ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF' 79 79 IPSec UDP X Safe VPN 500,4500 500 85 85 OSPF X Acceptable Network - 2604 ``` After: ``` ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF' 79 79 IPSec UDP X Safe VPN 500,4500 500 85 85 IP_OSPF X Acceptable Network - - 116 116 AH X Safe VPN - - 117 117 ESP X Safe VPN - - 184 184 OSPF TCP X Safe Network - 2604 ``` | |||
| * | Fix `isAppProtocol` for GTP_U (#2837) | Ivan Nardi | 2025-05-21 | |
| | | | | See: c590dc495 | |||
| * | Drop GW1 support and add basic GW2 detection (#2836) | Vladimir Gavrilov | 2025-05-21 | |
| | | ||||
| * | Another minor simplification on protocol/dissector registration (#2835) | Ivan Nardi | 2025-05-21 | |
| | | ||||
| * | CrossFire: update code (#2834) | Vladimir Gavrilov | 2025-05-21 | |
| | | ||||
| * | Added new APi calls | Luca Deri | 2025-05-20 | |
| | | | | | | | | - ndpi_is_master_only_protocol() - ndpi_normalize_protocol() These two APi calls are used to normalize mater/app nDPI protocols | |||
| * | Minor simplification on protocol/dissector registration (#2833) | Ivan Nardi | 2025-05-20 | |
| | | ||||
| * | Remove ProtonVPN address lists (#2831) | Ivan Nardi | 2025-05-20 | |
| | | | | | | | | Proton doesn't provide anymore the list of egress and ingress addresses. Remove the (stale) lists and the relative configuration parameters. See: https://www.reddit.com/r/ProtonVPN/comments/1k3lrl5/great_the_httpsapiprotonvpnchvpnlogicals_api_has/ See also 470a479eb | |||
| * | Gnutella: avoid false positives (#2832) | Ivan Nardi | 2025-05-20 | |
| | | ||||
| * | Gnutella: simplify code, to support only gtk-gnutella client (#2830) | Ivan Nardi | 2025-05-20 | |
| | | | | Close #2818 | |||
| * | Remove a field never read (only written) | Ivan Nardi | 2025-05-20 | |
| | | ||||
| * | uthash: use ndpi wrappers for memory allocation (#2829) | Ivan Nardi | 2025-05-20 | |
| | | | | Close #2806 | |||
| * | Remove duplicate ALPS extension (#2821) | FS | 2025-05-19 | |
| | | | | | | * Removed dupe extension * Removed ECH from suspicious extensions | |||
| * | Flow: keep track of "dissectors" (#2828) | Ivan Nardi | 2025-05-19 | |
| | | | | | | | In the flow, we should keep track of state of "dissectors", not "protocols". This way, flow structure doesn't depend anymore on the max number of protocols. This is also the first step into fixing #2136 | |||
| * | Drop Warcraft 3 (pre Reforged) support (#2826) | Vladimir Gavrilov | 2025-05-19 | |
| | | ||||
| * | TLS: register TLS dissector only once (#2825) | Ivan Nardi | 2025-05-19 | |
| | | | | | This is the first, tiny, step into a better separation between "protocols" and "dissectors" | |||
| * | Fix classification when non tcp/udp protocols are disabled (#2824) | Ivan Nardi | 2025-05-19 | |
| | | ||||
| * | RTSP: simplify detection (#2822) | Ivan Nardi | 2025-05-18 | |
| | | ||||
| * | Remove Half-Life 2 support; improve Source Engine protocol detection | 0xA50C1A1 | 2025-05-16 | |
| | | ||||
| * | Rename NDPI_PROTOCOL_UBUNTUONE protocol ID to NDPI_PROTOCOL_CANONICAL | 0xA50C1A1 | 2025-05-15 | |
| | | ||||
| * | Rename Lotus Notes to HCL Notes for product consistency | 0xA50C1A1 | 2025-05-15 | |
| | | ||||
| * | Remove Vhua support (#2816) | Vladimir Gavrilov | 2025-05-15 | |
| | | ||||
| * | Remove World Of Kung Fu support (#2815) | Vladimir Gavrilov | 2025-05-15 | |
| | | ||||
| * | added raw tcp fingerprint to json (#2812) | funesca | 2025-05-15 | |
| | | | | | | | | | | | | * added raw tcp fingerprint to json * removed unnecessary change * fixed key for json * added configuration option for raw tcp fingerprint * fixed typos | |||
| * | Add kick.com support (#2813) | Vladimir Gavrilov | 2025-05-14 | |
| | | ||||
| * | Improve Ubiquiti device discovery request/response detection. (#2810) | Toni | 2025-05-12 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Micro-optimizations of 'ndpi_strncasestr' and 'LINE_*' macros (#2808) | Vladimir Gavrilov | 2025-05-12 | |
| | | ||||
| * | Add vkvideo domain (#2809) | Vladimir Gavrilov | 2025-05-12 | |
| | | ||||
| * | Refreshed networks | Luca Deri | 2025-05-06 | |
| | | ||||
| * | CentOS compilation fix | Luca Deri | 2025-05-05 | |
| | | ||||
| * | Improved protocol guess | Luca Deri | 2025-04-28 | |
| | | ||||
| * | Add Rockstar Games detection (#2805) | Vladimir Gavrilov | 2025-04-28 | |
| | | ||||
| * | STUN: set default port for TCP, too (#2804) | Ivan Nardi | 2025-04-28 | |
| | | ||||