libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
*	STUN: avoid FacebookVoip false positives (#2029)	Ivan Nardi	2023-07-03
\| \| \| \|	Attribute 0xC057 is defined in the Google public implementation of webrtc (which is used by Google products but also by other applications)
*	STUN: fix Skype/MsTeams detection and monitoring logic (#2028)	Ivan Nardi	2023-07-03
\|
*	Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code (#2025)	Ivan Nardi	2023-06-27
\| \| \| \| \| \|	Regardless of the name, the removed trace doesn't contain meaningful Hangout traffic. Remove last piece of sub-classifiction based only on ip addresses.
*	RTP: rework code (#2021)	Ivan Nardi	2023-06-23
\| \| \| \| \| \| \|	Try avoiding false positives: look for 3 RTP packets before classifing the flow as such. Add a generic function `is_rtp_or_rtcp()` to identify RTP/RTCP packets also in other dissectors (see 3608ab01b commit message for an example)
*	Add Apache Thrift protocol dissector. (#2007)	Toni	2023-06-22
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	STUN: fix detection over TCP	Nardi Ivan	2023-06-21
\| \| \| \|	TCP framing is optional
*	STUN: improve WhatsappCall detection	Nardi Ivan	2023-06-21
\|
*	QUIC: fix dissection of packets forcing VN	Nardi Ivan	2023-06-08
\|
*	QUIC: add support for QUIC version 2	Nardi Ivan	2023-06-08
\| \| \| \| \| \|	See: https://www.rfc-editor.org/rfc/rfc9369.txt Old v2-01 version has been removed, since it has never been really used.
*	ProtonVPN: add basic detection (#2006)	Ivan Nardi	2023-06-08
\|
*	Add support for Epic Games and GeForceNow/Nvidia (#1990)	Ivan Nardi	2023-05-27
\|
*	ndpiReader: fix export of DNS/BitTorrent attributes (#1985)	Ivan Nardi	2023-05-20
\| \| \|	There is no BitTorrent hash in the DNS flows
*	ndpiReader: fix export of HTTP attributes (#1982)	Ivan Nardi	2023-05-20
\|
*	Improve detection of crawlers/bots (#1968)	Ivan Nardi	2023-05-09
\| \| \|	Add support for Facebook crawler
*	HTTP: improve extraction of metadata and of flow risks (#1959)	Ivan Nardi	2023-05-05
\|
*	Add an heuristic to detect/ignore some anomalous TCP ACK packets (#1948)	Ivan Nardi	2023-04-25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In some networks, there are some anomalous TCP flows where the smallest ACK packets have some kind of zero padding. It looks like the IP and TCP headers in those frames wrongly consider the 0x00 Ethernet padding bytes as part of the TCP payload. While this kind of packets is perfectly valid per-se, in some conditions they might be treated by the TCP reassembler logic as (partial) overlaps, deceiving the classification engine. Add an heuristic to detect these packets and to ignore them, allowing correct detection/classification. This heuristic is configurable. Default value: * in the library, it is disabled * in `ndpiReader` and in the fuzzers, it is enabled (to ease testing) Credit to @vel21ripn for the initial patch. Close #1946
*	Add "Heroes of the Storm" video game signature detection. (#1949)	nikitamishagin	2023-04-22
\|
*	Added OICQ dissector. (#1950)	Toni	2023-04-21
\| \| \| \|	Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Added BACnet dissector. (#1940)	Toni	2023-04-11
\| \| \| \|	Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Added Source Engine dissector. (#1937)	Toni	2023-04-11
\| \| \| \|	Signed-off-by: lns <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Test files for riit games	Luca Deri	2023-04-11
\|
*	Test multiple `ndpiReader` configurations (#1931)	Ivan Nardi	2023-04-06
	Extend internal unit tests to handle multiple configurations. As some examples, add tests about: * disabling some protocols * disabling Ookla aggressiveness Every configurations data is stored in a dedicated directory under `tests\cfgs`