aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/stun_wa_call.pcapng.out
Commit message (Collapse)AuthorAge
* Update `flow->flow_multimedia_types` to a bitmask (#2625)Ivan Nardi2024-11-25
| | | In the same flow, we can have multiple multimedia types
* When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵Luca Deri2024-11-22
| | | | port that was supposed to be used as default
* RTP, STUN: improve detection of multimedia flow type (#2620)Ivan Nardi2024-11-19
| | | | Let's see if we are able to tell audio from video calls only looking at RTP Payload Type field...
* STUN: fix monitoring of Whatsapp and Zoom flows (#2590)Ivan Nardi2024-10-15
|
* FPC: add DPI information (#2514)Ivan Nardi2024-07-23
| | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC
* FPC: small improvements (#2512)Ivan Nardi2024-07-22
| | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics.
* Add infrastructure for explicit support of Fist Packet Classification (#2488)Ivan Nardi2024-07-03
| | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322
* Zoom: remove "stun_zoom" LRU cacheNardi Ivan2024-06-17
| | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows
* Add extra entropy checks and more precise(?) analysis. (#2383)Toni2024-05-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Remove "zoom" cache (#2420)Ivan Nardi2024-05-06
| | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit.
* STUN: try to stop extra dissection earlier, if possible (#2390)Ivan Nardi2024-04-13
|
* Implemented STUN peer_address, relayed_address, response_origin, ↵Luca Deri2024-04-12
| | | | | | | other_address parsing Added code to ignore invalid STUN realm Extended JSON output with STUN information
* STUN: improve extraction of Mapped-Address metadata (#2370)Ivan Nardi2024-04-08
| | | | | | | | | | | | | Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
* Added support for STUN Mapped IP addressLuca Deri2024-04-03
|
* ndpiReader: add breed stats on output used for CI (#2236)Ivan Nardi2024-01-05
|
* ndpiReader: fix `guessed_flow_protocols` statistic (#2203)Ivan Nardi2023-12-12
| | | Increment the counter only if the flow has been guessed
* STUN: major code rework (#2116)Ivan Nardi2023-10-30
| | | | | | | | | | | | Try to have a faster classification, on first packet; use standard extra dissection data path for sub-classification, metadata extraction and monitoring. STUN caches: * use the proper confidence value * lookup into the caches only once per flow, after having found a proper STUN classification Add identification of Telegram VoIP calls.
* IPv6: add support for IPv6 risk exceptions (#2122)Ivan Nardi2023-10-29
|
* IPv6: add support for IPv6 risk tree (#2118)Ivan Nardi2023-10-27
| | | Fix the script to download crawler addressess
* ipv6: add support for ipv6 addresses lists (#2113)Ivan Nardi2023-10-26
|
* STUN: fix detection over TCPNardi Ivan2023-06-21
TCP framing is optional
Powered by cgit, Themed by Ted Yin.