| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Add GearUP Booster protocol dissector (heuristic based).add/gearup_booster-protocol-dissector | Toni Uhlig | 2025-03-07 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fix function checking if a packet is multicast | Ivan Nardi | 2025-03-04 |
| | | |||
| * | Flow risk infos are always exported "in order" (by flow risk id) | Ivan Nardi | 2025-03-04 |
| | | | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order. | ||
| * | Sync unit tests results | Ivan Nardi | 2025-02-24 |
| | | |||
| * | Improved Tor exit node download and added IPv6 support | Luca Deri | 2025-02-24 |
| | | |||
| * | Add LagoFast protocol dissector. (#2743) | Toni | 2025-02-23 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | RTP: payload type info should be set only for real RTP flows (#2742) | Ivan Nardi | 2025-02-22 |
| | | |||
| * | Improved RTP dissection with EVS and other mobile voice codecs | Luca Deri | 2025-02-20 |
| | | |||
| * | Updated test rsults after RTP payload extraction | Luca Deri | 2025-02-19 |
| | | |||
| * | DNS: rework "extra-dissection" code (#2735) | Ivan Nardi | 2025-02-17 |
| | | |||
| * | DNS: fix parsing of hostname for empty response messages (#2731) | Ivan Nardi | 2025-02-16 |
| | | |||
| * | DNS: rework adding entries to the FPC-DNS cache (#2730) | Ivan Nardi | 2025-02-16 |
| | | | | | | Try to populate the FPC-DNS cache using directly the info from the current packet, and not from the metadata saved in `struct ndpi_flow_struct`. This will be important when adding monitoring support | ||
| * | DNS: fix dissection (#2726) | Ivan Nardi | 2025-02-15 |
| | | |||
| * | DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724) | Ivan Nardi | 2025-02-15 |
| | | | | We already set the same flow risk for invalid request messages | ||
| * | DNS: faster exclusion (#2719) | Ivan Nardi | 2025-02-12 |
| | | |||
| * | DNS: try to simplify the code (#2718) | Ivan Nardi | 2025-02-12 |
| | | | | Set the classification in only one place in the code. | ||
| * | ndpiReader: print more DNS information (#2717) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | dns: fix writing to `flow->protos.dns` | Ivan Nardi | 2025-02-11 |
| | | | | | | We can't write to `flow->protos.dns` until we are sure it is a valid DNS flow | ||
| * | DNS: fix dissection when there is only the response message | Ivan Nardi | 2025-02-11 |
| | | |||
| * | Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵ | Luca Deri | 2025-01-03 |
| | | | | | messages when used to browse (old) network devices | ||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | SIP: extract some basic metadata | Ivan Nardi | 2024-11-12 |
| | | |||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | ndpiReader: explicitly remove non ipv4/6 packets (#2601) | Ivan Nardi | 2024-10-19 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||
| * | Fixed handling of spurious TCP retransmissions | Luca | 2024-09-17 |
| | | |||
| * | dns: add a check before setting `NDPI_MALFORMED_PACKET` risk (#2558) | Ivan Nardi | 2024-09-16 |
| | | | | | | | "Invalid DNS Header"-risk should be set only if the flow has been already classified as DNS. Otherwise, almost any non-DNS flows on port 53 will end up having the `NDPI_MALFORMED_PACKET` risk set, which is a little bit confusing for non DNS traffic | ||
| * | oracle: fix dissector (#2548) | Ivan Nardi | 2024-09-07 |
| | | | | | We can do definitely better, but this change is a big improvements respect the current broken code | ||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||
| * | Add Automatic Tank Gauge protocol (#2527) | wssxsxxsx | 2024-08-23 |
| | | | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Add CNP/IP protocol support (#2521) | Vladimir Gavrilov | 2024-08-22 |
| | | | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems. | ||
| * | Fixed probing attempt risk that was creating false positives | Luca Deri | 2024-08-07 |
| | | |||
| * | FPC: add DPI information (#2514) | Ivan Nardi | 2024-07-23 |
| | | | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC | ||
| * | Add OpenWire support (#2513) | Vladimir Gavrilov | 2024-07-22 |
| | | |||
| * | FPC: small improvements (#2512) | Ivan Nardi | 2024-07-22 |
| | | | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics. | ||
| * | Add Nano (XNO) protocol support (#2508) | Vladimir Gavrilov | 2024-07-18 |
| | | |||
| * | Improve detection of Cloudflare WARP traffic (#2491) | Ivan Nardi | 2024-07-04 |
| | | | | See: #2484 | ||
| * | Add infrastructure for explicit support of Fist Packet Classification (#2488) | Ivan Nardi | 2024-07-03 |
| | | | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322 | ||
| * | Add Ripe Atlas probe protocol. (#2473) | Toni | 2024-06-17 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Zoom: remove "stun_zoom" LRU cache | Nardi Ivan | 2024-06-17 |
| | | | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows | ||
| * | Added protocol - JRMI - Java Remote Method Invocation (#2470) | Mark Jeffery | 2024-06-15 |
| | | |||