| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
| |
Implements same optimization pattern as #2867
No behavior changes, just faster lookup
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Split the internal logic:
* update `ndpi_str->proto_defaults[]` array
* update the `default_ports_tree_node_t` trees
This is a preliminary work to have dynamic allocated
`ndpi_str->proto_defaults[]`, because in the tree we have a pointer to
the array entries
|
| |
|
| |
Add an explicit field to indicate if the protocol is custom or internal
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We want to get rid of the defines `NDPI_MAX_SUPPORTED_PROTOCOLS` and
`NDPI_MAX_NUM_CUSTOM_PROTOCOLS`.
You can use:
```
ndpi_get_num_protocols()
```
See #2136
Removed some unused functions from public API
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`ndpi_set_protocol_detection_bitmask2()` (#2853)
The main goal is not to have the bitmask depending on the total number
of protocols anymore: `NDPI_INTERNAL_PROTOCOL_BITMASK` depends only on
internal protocols, i.e. on `NDPI_MAX_INTERNAL_PROTOCOLS`, i.e.
custom-defined protocols are not counted.
See #2136
Keep the old data structure `NDPI_PROTOCOL_BITMASK` with the old
semantic.
Since we need to change the API (and all the application code...)
anyway, simplify the API: by default all the protocols are enabled.
If you need otherwise, please use `ndpi_init_detection_module_ext()`
instead of `ndpi_init_detection_module()` (you can find an example in
the `ndpiReader` code).
To update the application code you likely only need to remove these 3
lines from your code:
```
- NDPI_PROTOCOL_BITMASK all;
- NDPI_BITMASK_SET_ALL(all);
- ndpi_set_protocol_detection_bitmask2(ndpi_str, &all);
```
Removed an unused field and struct definition.
|
| | |
|
| | |
|
| |
|
|
| |
Improved lists file parsing
|
| | |
|
| |
|
|
| |
Added --protocols-list-dir <dir> to ndpiReader for loading IP_based protocol
|
| |
|
|
|
| |
Add some new tests about these configuration parameters.
Close #2858
|
| | |
|
| |
|
| |
Ad a trivial example, update SIP configuration to use range
|
| | |
|
| | |
|
| |
|
| |
Callback functions are about dissectors, not protocols
|
| |
|
|
|
|
| |
We should be able to identified this protocol on the first packet,
without keeping any state
Close #2745
|
| | |
|
| | |
|
| |
|
| |
See #2827
|
| |
|
| |
Close #2807
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use `registr_dissector()` instead of
`ndpi_set_bitmask_protocol_detection()`.
Every file in `src/lib/protocols/*.c` is a dissector.
Every dissector can handle multiple protocols.
The real goal is this small change:
```
struct call_function_struct {
- NDPI_PROTOCOL_BITMASK detection_bitmask;
```
i.e. getting rid of another protocol bitmask: this is mandatory to try
to fix #2136 (see also e845e8205b68752c997d05224d8b2fd45acde714)
As a nice side effect, we remove a bitmask comparison in the hot function
`check_ndpi_detection_func()`
TODO: change logging configuration from per-protocol to per-dissector
|
| |
|
|
|
|
|
|
|
| |
- default (0) is the native nDPI format
- MuonOF (1) has been added
The format can be changed using metadata.tcp_fingerprint_format
Added ability to identify mass scanners using TCP fingerprint
|
| | |
|
| | |
|
| |
|
|
| |
IPP is identified *only* as HTTP subprotocol, so it can't be over UDP
(HTTP is only over TCP...)
|
| | |
|
| |
|
| |
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use the same id for the same protocol identified via L3 info or
via standard TCP/UDP detection (example: ospf ip_proto 0x59 or TCP port
2604)
Before:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(dev)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
79 79 IPSec UDP X Safe VPN 500,4500 500
85 85 OSPF X Acceptable Network - 2604
```
After:
```
ivan@ivan-Precision-3591:~/svnrepos/nDPI(ospf-ipsec)$ ./example/ndpiReader -H | grep -wE 'OSPF|IPSec|AH|ESP|IP_OSPF'
79 79 IPSec UDP X Safe VPN 500,4500 500
85 85 IP_OSPF X Acceptable Network - -
116 116 AH X Safe VPN - -
117 117 ESP X Safe VPN - -
184 184 OSPF TCP X Safe Network - 2604
```
|
| |
|
| |
See: c590dc495
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- ndpi_is_master_only_protocol()
- ndpi_normalize_protocol()
These two APi calls are used to normalize mater/app nDPI protocols
|
| | |
|
| |
|
|
|
|
|
| |
Proton doesn't provide anymore the list of egress and ingress addresses.
Remove the (stale) lists and the relative configuration parameters.
See: https://www.reddit.com/r/ProtonVPN/comments/1k3lrl5/great_the_httpsapiprotonvpnchvpnlogicals_api_has/
See also 470a479eb
|
| | |
|
| |
|
| |
Close #2818
|
| | |
|
| |
|
| |
Close #2806
|
| |
|
|
|
| |
* Removed dupe extension
* Removed ECH from suspicious extensions
|