| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Fix `ndpi_reconcile_protocols` with classification by port/ip | Ivan Nardi | 2025-07-01 |
| | | |||
| * | STUN: don't check `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` flow risk (#2901) | Ivan Nardi | 2025-06-23 |
| | | |||
| * | ndpiReader: print categories summary (#2895) | Ivan Nardi | 2025-06-21 |
| | | |||
| * | Add GLBP dissector (#2879) | Vladimir Gavrilov | 2025-06-10 |
| | | | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities. | ||
| * | Add Hamachi protocol detection support (#2860) | Vladimir Gavrilov | 2025-06-02 |
| | | |||
| * | Simplify ZeroMQ detection (#2847) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | Add MELSEC protocol support (#2846) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | IPP: fix selection bitmask (#2845) | Ivan Nardi | 2025-05-22 |
| | | | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...) | ||
| * | Gnutella: simplify code, to support only gtk-gnutella client (#2830) | Ivan Nardi | 2025-05-20 |
| | | | | Close #2818 | ||
| * | Drop Warcraft 3 (pre Reforged) support (#2826) | Vladimir Gavrilov | 2025-05-19 |
| | | |||
| * | RTSP: simplify detection (#2822) | Ivan Nardi | 2025-05-18 |
| | | |||
| * | Remove Half-Life 2 support; improve Source Engine protocol detection | 0xA50C1A1 | 2025-05-16 |
| | | |||
| * | Remove Vhua support (#2816) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Remove World Of Kung Fu support (#2815) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Add Microsoft Delivery Optimization protocol (#2799) | Vladimir Gavrilov | 2025-04-28 |
| | | |||
| * | WoW: update detection | Ivan Nardi | 2025-03-30 |
| | | | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT` | ||
| * | Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779) | Ivan Nardi | 2025-03-25 |
| | | | | | | | | Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk. Disable fully-encryption detection by default, like all the obfuscation heuristics. | ||
| * | Rework the old MapleStory code to identify traffic from generic Nexon games ↵ | Ivan Nardi | 2025-03-19 |
| | | | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON` | ||
| * | Avoid duplicated Microsoft domains (#2770) | Ivan Nardi | 2025-03-18 |
| | | | | | | Update the list Close #2767 | ||
| * | Merge pull request #2760 from IvanNardi/internal_giveup | Ivan Nardi | 2025-03-11 |
| |\ | | | | | Add a new internal function `internal_giveup()` | ||
| | * | Add a new internal function `internal_giveup()` | Ivan Nardi | 2025-03-05 |
| | | | | | | | | | | | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets) | ||
| * | | Add GearUP Booster protocol dissector (heuristic based). (#2765) | Toni | 2025-03-07 |
| |/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add LagoFast protocol dissector. (#2743) | Toni | 2025-02-23 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | DNS: faster exclusion (#2719) | Ivan Nardi | 2025-02-12 |
| | | |||
| * | ndpiReader: print more DNS information (#2717) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: disable subclassification by default (#2715) | Ivan Nardi | 2025-02-11 |
| | | | | | Prelimary change to start supporting multiple DNS transactions on the same flow | ||
| * | Auto-generate Microsoft-related list of domains (#2688) | Ivan Nardi | 2025-01-31 |
| | | |||
| * | Unify "Skype" and "Teams" ids (#2687) | Ivan Nardi | 2025-01-20 |
| | | | | | | | * Rename `NDPI_PROTOCOL_SKYPE_TEAMS_CALL` -> `NDPI_PROTOCOL_MSTEAMS_CALL` * Rename ip list from "Skype/Teams" to "Teams" | ||
| * | Added DigitalOcean protocol | Luca Deri | 2025-01-17 |
| | | |||
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | STUN: if the same metadata is found multiple times, keep the first value (#2591) | Ivan Nardi | 2024-10-15 |
| | | |||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||
| * | Tls out of order (#2561) | Ivan Nardi | 2024-09-18 |
| | | | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions | ||
| * | Added fix for handling Server Hello before CLient Hello | Luca | 2024-09-17 |
| | | |||
| * | oracle: fix dissector (#2548) | Ivan Nardi | 2024-09-07 |
| | | | | | We can do definitely better, but this change is a big improvements respect the current broken code | ||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Align serialized risk names to all others (first letter; uppercase letter) ↵ | Toni | 2024-09-03 |
| | | | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||