| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
port that was supposed to be used as default
|
| | |
|
| |
|
|
| |
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
|
| |
|
|
| |
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
|
| |
|
|
|
| |
Let's start with some basic helpers and with FPC based on flow addresses.
See: #2322
|
| |
|
|
|
| |
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
|
| |
|
|
|
|
|
|
|
| |
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.
Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
|
| |
|
|
|
| |
Restore all unit tests.
Add some configuration knobs.
Fix the endianess.
|
| |
|
|
|
|
|
| |
other_address parsing
Added code to ignore invalid STUN realm
Extended JSON output with STUN information
|
| |
|
|
|
| |
The main goal is to have the "real" application (if any; i.e.
Signal/Whatsapp/Telegram/...) always as "application" protocol and not
as "master" one
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Increment the counter only if the flow has been guessed
|
| | |
|
|
|
Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones.
We might end up processing the session a little longer, because we will
process the STUN/RTP/RTCP packets after the DTLS handshake.
|