aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
Commit message (Collapse)AuthorAge
* Add Mudfish protocol dissector (#2932)Toni14 days
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add the concept of protocols stack: more than 2 protocols per flow (#2913)Ivan Nardi2025-08-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idea is to remove the limitation of only two protocols ("master" and "app") in the flow classifcation. This is quite handy expecially for STUN flows and, in general, for any flows where there is some kind of transitionf from a cleartext protocol to TLS: HTTP_PROXY -> TLS/Youtube; SMTP -> SMTPS (via STARTTLS msg). In the vast majority of the cases, the protocol stack is simply Master/Application. Examples of real stacks (from the unit tests) different from the standard "master/app": * "STUN.WhatsAppCall.SRTP": a WA call * "STUN.DTLS.GoogleCall": a Meet call * "Telegram.STUN.DTLS.TelegramVoip": a Telegram call * "SMTP.SMTPS.Google": a SMTP connection to Google server started in cleartext and updated to TLS * "HTTP.Google.ntop": a HTTP connection to a Google domain (match via "Host" header) and to a ntop server (match via "Server" header) The logic to create the stack is still a bit coarse: we have a decade of code try to push everything in only ywo protocols... Therefore, the content of the stack is still **highly experimental** and might change in the next future; do you have any suggestions? It is quite likely that the legacy fields "master_protocol" and "app_protocol" will be there for a long time. Add some helper to use the stack: ``` ndpi_stack_get_upper_proto(); ndpi_stack_get_lower_proto(); bool ndpi_stack_contains(struct ndpi_proto_stack *s, u_int16_t proto_id); bool ndpi_stack_is_tls_like(struct ndpi_proto_stack *s); bool ndpi_stack_is_http_like(struct ndpi_proto_stack *s); ``` Be sure new stack logic is compatible with legacy code: ``` assert(ndpi_stack_get_upper_proto(&flow->detected_protocol.protocol_stack) == ndpi_get_upper_proto(flow->detected_protocol)); assert(ndpi_stack_get_lower_proto(&flow->detected_protocol.protocol_stack) == ndpi_get_lower_proto(flow->detected_protocol)); ```
* ndpiReader: add breed to flow information (#2924)Ivan Nardi2025-07-30
|
* Added EasyWeather protocol dissector (#2912)Toni2025-07-03
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Jabber: proper subclassification of TruPhoneIvan Nardi2025-07-01
|
* ndpiReader: print categories summary (#2895)Ivan Nardi2025-06-21
|
* Add GLBP dissector (#2879)Vladimir Gavrilov2025-06-10
| | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
* Add Hamachi protocol detection support (#2860)Vladimir Gavrilov2025-06-02
|
* Simplify ZeroMQ detection (#2847)Vladimir Gavrilov2025-05-23
|
* Add MELSEC protocol support (#2846)Vladimir Gavrilov2025-05-23
|
* IPP: fix selection bitmask (#2845)Ivan Nardi2025-05-22
| | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...)
* Gnutella: simplify code, to support only gtk-gnutella client (#2830)Ivan Nardi2025-05-20
| | | Close #2818
* Drop Warcraft 3 (pre Reforged) support (#2826)Vladimir Gavrilov2025-05-19
|
* RTSP: simplify detection (#2822)Ivan Nardi2025-05-18
|
* Remove Half-Life 2 support; improve Source Engine protocol detection0xA50C1A12025-05-16
|
* Remove Vhua support (#2816)Vladimir Gavrilov2025-05-15
|
* Remove World Of Kung Fu support (#2815)Vladimir Gavrilov2025-05-15
|
* Add Microsoft Delivery Optimization protocol (#2799)Vladimir Gavrilov2025-04-28
|
* WoW: update detectionIvan Nardi2025-03-30
| | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
* Add GearUP Booster protocol dissector (heuristic based). (#2765)Toni2025-03-07
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* DNS: faster exclusion (#2719)Ivan Nardi2025-02-12
|
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default
* Added DICOM supportLuca2024-11-15
| | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
* Implemented Mikrotik discovery protocol dissection and metadata extraction ↵Luca Deri2024-11-14
| | | | (#2618)
* Add Paltalk protocol support (#2606)Vladimir Gavrilov2024-10-28
|
* Fixes TCP fingerprint calculation when multiple EOL are specified in TCP optionsLuca Deri2024-10-27
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingerprintLuca Deri2024-10-20
|
* Improved TCP fingepring calculationLuca Deri2024-10-18
| | | | Adde basidc OS detection based on TCP fingerprint
* Increased struct ndpi_flow_struct size (#2596)Luca Deri2024-10-18
| | | Build fix
* Added sonos dissectorLuca Deri2024-10-13
|
* Add DingTalk protocol support (#2581)Vladimir Gavrilov2024-10-07
|
* oracle: fix dissector (#2548)Ivan Nardi2024-09-07
| | | | We can do definitely better, but this change is a big improvements respect the current broken code
* Add Lustre protocol detection support (#2544)Vladimir Gavrilov2024-09-04
|
* Fix CNP-IP false positives (#2531)Vladimir Gavrilov2024-08-30
|
* Add TRDP protocol support (#2528)Vladimir Gavrilov2024-08-25
| | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
* Add Automatic Tank Gauge protocol (#2527)wssxsxxsx2024-08-23
| | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
* Add CNP/IP protocol support (#2521)Vladimir Gavrilov2024-08-22
| | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
* Fixed probing attempt risk that was creating false positivesLuca Deri2024-08-07
|
* Add OpenWire support (#2513)Vladimir Gavrilov2024-07-22
|
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* Add Nano (XNO) protocol support (#2508)Vladimir Gavrilov2024-07-18
|
* Improve detection of Cloudflare WARP traffic (#2491)Ivan Nardi2024-07-04
| | | See: #2484
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Add Ripe Atlas probe protocol. (#2473)Toni2024-06-17
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* Added protocol - JRMI - Java Remote Method Invocation (#2470)Mark Jeffery2024-06-15
|
* support rtp/rtcp over tcp (#2422) (#2457)Maatuq2024-05-28
| | | | | Support rtp/rtcp over tcp as per rfc4571. Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
* Add ZUG consensus protocol dissector. (#2458)Toni2024-05-28
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.