libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	RTMP: improve detection (#2549)	Ivan Nardi	2024-09-10
\|
*	Implemented algorithms for K-Nearest Neighbor Search (KNN) (#2554)	Luca Deri	2024-09-10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Extended API with functions for vector similarity based on KD-trees https://en.wikipedia.org/wiki/K-d_tree ndpi_kd_tree* ndpi_kd_create(u_int num_dimensions); void ndpi_kd_free(ndpi_kd_tree tree); void ndpi_kd_clear(ndpi_kd_tree tree); bool ndpi_kd_insert(ndpi_kd_tree tree, const double data_vector, void user_data); ndpi_kd_tree_result ndpi_kd_nearest(ndpi_kd_tree tree, const double data_vector); u_int32_t ndpi_kd_num_results(ndpi_kd_tree_result res); bool ndpi_kd_result_end(ndpi_kd_tree_result res); double* ndpi_kd_result_get_item(ndpi_kd_tree_result res, double user_data); bool ndpi_kd_result_next(ndpi_kd_tree_result res); void ndpi_kd_result_free(ndpi_kd_tree_result res); double ndpi_kd_distance(double a1, double *b2, u_int num_dimensions);
*	Fix for name clash on some compilers	Luca Deri	2024-09-09
\|
*	Added ability to save JA4_r as decimal value	Luca Deri	2024-09-08
\|
*	oracle: fix dissector (#2548)	Ivan Nardi	2024-09-07
\| \| \| \|	We can do definitely better, but this change is a big improvements respect the current broken code
*	Fix compilation (#2546)	Ivan Nardi	2024-09-05
\|
*	Implemented JA4 raw (ja4_r) fingerprint	Luca Deri	2024-09-05
\| \| \| \| \|	Example: ./example/ndpiReader -i tests/pcap/safari.pcap --cfg=tls,metadata.ja4r_fingerprint,1
*	Add detection of Windscribe VPN	Nardi Ivan	2024-09-05
\|
*	Add detection of CactusVPN	Nardi Ivan	2024-09-05
\|
*	Add detection of SurfShark VPN	Nardi Ivan	2024-09-05
\|
*	OpenVPN, Wireguard: improve sub-classification	Nardi Ivan	2024-09-05
\| \| \| \| \| \| \| \|	Allow sub-classification of OpenVPN/Wireguard flows using their server IP. That is useful to detect the specific VPN application/app used. At the moment, the supported protocols are: Mullvad, NordVPN, ProtonVPN. This feature is configurable.
*	Add detection of NordVPN	Nardi Ivan	2024-09-05
\|
*	OpenVPN: improve detection	Nardi Ivan	2024-09-05
\|
*	Add Lustre protocol detection support (#2544)	Vladimir Gavrilov	2024-09-04
\|
*	Align serialized risk names to all others (first letter; uppercase letter) ↵	Toni	2024-09-03
\| \| \| \| \|	(#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	TLS: better state about handshake (#2534)	Ivan Nardi	2024-09-03
\| \| \| \|	Keep track if we received CH or/and SH messsages: usefull with unidirectional flows
*	bins: fix `ndpi_set_bin`, `ndpi_inc_bin` and `ndpi_get_bin_value` (#2536)	Ivan Nardi	2024-09-03
\| \| \| \|	When the required slot is too big, use the latest/bigger available bin, not in the first one.
*	fuzz: improve fuzzing coverage (#2535)	Ivan Nardi	2024-09-03
\| \| \| \|	Updtae pl7m code (fix a Use-of-uninitialized-value error and add GTP support)
*	Bittorrent: improve detection of UTPv1 and avoid false positives	Nardi Ivan	2024-09-03
\|
*	Bittorrent: fix extra dissection	Nardi Ivan	2024-09-03
\| \| \| \| \| \| \|	On extra-dissection data-path we only need to look for the hash (the flow is already classified as Bittorrent). As a nice side-effect, the confidence is now always with the right value.
*	HTTP, QUIC, TLS: allow to disable sub-classification (#2533)	Ivan Nardi	2024-09-03
\|
*	Improved Yahoo matching for Japanese traffic (#2539)	Liam Wilson	2024-09-02
\| \| \| \|	Japanese Yahoo domains are missed. Add yahoo.co.jp, yimg.jp, and the domain for ads seen when accessing yahoo.co.jp.
*	Fix CNP-IP false positives (#2531)	Vladimir Gavrilov	2024-08-30
\|
*	Print risk code in ndpi_dump_risks_score	Alfredo Cardigliano	2024-08-28
\|
*	Add missing risks in ndpi_risk2code and ndpi_risk2code	Alfredo Cardigliano	2024-08-28
\|
*	Added print_ndpi_address_port in nDPi API	Luca Deri	2024-08-27
\|
*	Added ndpi_risk2code and ndpi_code2risk	Luca Deri	2024-08-27
\|
*	ndpi_get_protocol_by_name now return UNKNoWN when one protocol (either ↵	Luca Deri	2024-08-26
\| \| \| \|	master or app) is not recognized
*	Comments	Luca Deri	2024-08-26
\|
*	Added in API	Luca Deri	2024-08-26
\| \| \| \| \| \| \| \| \| \| \| \|	bool ndpi_is_proto(ndpi_master_app_protocol proto, u_int16_t p); bool ndpi_is_proto_unknown(ndpi_master_app_protocol proto); bool ndpi_is_proto_equals(ndpi_master_app_protocol to_check, ndpi_master_app_protocol to_match, bool exact_match_only); u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct ndpi_mod, const char name); char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct ndpi_mod, u_int id); extern ndpi_master_app_protocol ndpi_get_protocol_by_name(struct ndpi_detection_module_struct ndpi_str, const char name); Removed (duplicate of ndpi_get_proto_by_name) int ndpi_get_protocol_id(struct ndpi_detection_module_struct ndpi_mod, char *proto);
*	Typo	Luca Deri	2024-08-26
\|
*	Add TRDP protocol support (#2528)	Vladimir Gavrilov	2024-08-25
\| \| \|	The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
*	Added comment	Luca Deri	2024-08-25
\|
*	Endian-independent implementation of IEEE 802.3 CRC32 (#2529)	Vladimir Gavrilov	2024-08-25
\|
*	Changed NDPI_MALICIOUS_JA3 to NDPI_MALICIOUS_FINGERPRINT	Luca Deri	2024-08-25
\|
*	Added ndpi_get_protocol_by_name*( API call	Luca Deri	2024-08-24
\|
*	Introduced ndpi_master_app_protocol typedef	Luca Deri	2024-08-24
\|
*	Add Automatic Tank Gauge protocol (#2527)	wssxsxxsx	2024-08-23
\| \| \| \| \| \| \|	See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
*	ahocorasick: fix mem leaked AC_NODE_T object (#2258) (#2522)	Maatuq	2024-08-23
\| \| \| \| \| \| \|	Skipping node at depth = AC_PATTRN_MAX_LENGTH inside `ac_automata_walk()` caused this leak, as one of the added patterns has len = AC_PATTRN_MAX_LENGTH (not including the null char), this change avoid this. Fix: #2258 Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
*	Add CNP/IP protocol support (#2521)	Vladimir Gavrilov	2024-08-22
\| \| \|	ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
*	Removed unnecessary includes (#2525)	Luca Deri	2024-08-21
\|
*	Fixes Viber false positive detection	Luca Deri	2024-08-19
\|
*	Fixed probing attempt risk that was creating false positives	Luca Deri	2024-08-07
\|
*	Update all IP lists (#2515)	Ivan Nardi	2024-08-02
\| \| \| \| \|	The `suffix_id` is simply an incremental index (see `ndpi_load_domain_suffixes`), so its value might changes every time we update the public suffix list.
*	Enhanced PrimeVideo detection	Luca Deri	2024-07-30
\|
*	Enhanced ookla tracing	Luca Deri	2024-07-29
\|
*	Improved ICMP malformed packet risk description	Luca Deri	2024-07-25
\|
*	FPC: add DPI information (#2514)	Ivan Nardi	2024-07-23
\| \| \| \|	If the flow is classified (via DPI) after the first packet, we should use this information as FPC
*	Add OpenWire support (#2513)	Vladimir Gavrilov	2024-07-22
\|
*	FPC: small improvements (#2512)	Ivan Nardi	2024-07-22
\| \| \| \|	Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.