aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out
Commit message (Collapse)AuthorAge
* ndpiReader: print categories summary (#2895)Ivan Nardi2025-06-21
|
* Add a new internal function `internal_giveup()`Ivan Nardi2025-03-05
| | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets)
* ndpiReader: update JA statistics (#2646)Ivan Nardi2025-01-06
| | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
* Tls out of order (#2561)Ivan Nardi2024-09-18
| | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions
* Added fix for handling Server Hello before CLient HelloLuca2024-09-17
|
* FPC: add DPI information (#2514)Ivan Nardi2024-07-23
| | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* Remove "zoom" cache (#2420)Ivan Nardi2024-05-06
| | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit.
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* STUN: fix flow risks when DTLS packets are found (#2266)Ivan Nardi2024-01-19
| | | | | When switching to (D)TLS dissector from the STUN one, we need to clear any flow risks set from the latter (because we don't have anymore `NDPI_PROTOCOL_STUN` in the classification results)
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* STUN: improve demultiplexing of DTLS packets (#2153)Ivan Nardi2023-11-27
| | | | | | Keep demultiplexing STUN/RTP/RTCP packets after DTLS ones. We might end up processing the session a little longer, because we will process the STUN/RTP/RTCP packets after the DTLS handshake.
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
Powered by cgit, Themed by Ted Yin.