aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/classification_only
Commit message (Collapse)AuthorAge
* Fix `ndpi_reconcile_protocols` with classification by port/ipIvan Nardi2025-07-01
|
* Bittorrent: update default ports (#2902)Ivan Nardi2025-06-23
|
* ndpiReader: print categories summary (#2895)Ivan Nardi2025-06-21
|
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
* Add Hamachi protocol detection support (#2860)Vladimir Gavrilov2025-06-02
|
* Simplify ZeroMQ detection (#2847)Vladimir Gavrilov2025-05-23
|
* Add MELSEC protocol support (#2846)Vladimir Gavrilov2025-05-23
|
* IPP: fix selection bitmask (#2845)Ivan Nardi2025-05-22
| | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...)
* Gnutella: simplify code, to support only gtk-gnutella client (#2830)Ivan Nardi2025-05-20
| | | Close #2818
* Drop Warcraft 3 (pre Reforged) support (#2826)Vladimir Gavrilov2025-05-19
|
* RTSP: simplify detection (#2822)Ivan Nardi2025-05-18
|
* Remove Half-Life 2 support; improve Source Engine protocol detection0xA50C1A12025-05-16
|
* Remove Vhua support (#2816)Vladimir Gavrilov2025-05-15
|
* Remove World Of Kung Fu support (#2815)Vladimir Gavrilov2025-05-15
|
* Add Microsoft Delivery Optimization protocol (#2799)Vladimir Gavrilov2025-04-28
|
* WoW: update detectionIvan Nardi2025-03-30
| | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
* Rework the old MapleStory code to identify traffic from generic Nexon games ↵Ivan Nardi2025-03-19
| | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON`
* Add GearUP Booster protocol dissector (heuristic based). (#2765)Toni2025-03-07
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* custom rules: try to have a coherent behaviourIvan Nardi2025-03-04
| | | | | | | | | | | | | Custom rules with *new* protocols are checked "first": if there is a match, the first packet of the flow provides a complete and final classification. The same logic should apply to custom rules with "existing" protocols: if there is match, nDPI shouldn't do anything else. Remove the `tcp:3000@ntop` custom rule. Fix the default port for ElasticSearch (in the protocol file)
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Updated test rsults after RTP payload extractionLuca Deri2025-02-19
|
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
* ndpiReader: print more DNS information (#2717)Ivan Nardi2025-02-11
|
* DNS: disable subclassification by default (#2715)Ivan Nardi2025-02-11
| | | | Prelimary change to start supporting multiple DNS transactions on the same flow
* bittorrent: add configuration for "hash" metadata (#2706)Ivan Nardi2025-01-31
| | | Fix confidence value for same TCP flows
* HTTP: add configuration for some metadata (#2704)Ivan Nardi2025-01-31
| | | Extend file configuration for just subclassification.
* Auto-generate Microsoft-related list of domains (#2688)Ivan Nardi2025-01-31
|
* Create a specific configuration for classification only (#2689)Ivan Nardi2025-01-31
In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.
Powered by cgit, Themed by Ted Yin.