| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Align serialized risk names to all others (first letter; uppercase letter)improve/risks-naming | Toni Uhlig | 2024-09-03 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||
| * | Tests output update | Luca Deri | 2024-08-25 |
| | | |||
| * | Add Automatic Tank Gauge protocol (#2527) | wssxsxxsx | 2024-08-23 |
| | | | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Add CNP/IP protocol support (#2521) | Vladimir Gavrilov | 2024-08-22 |
| | | | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems. | ||
| * | Sync unit tests results | Nardi Ivan | 2024-08-07 |
| | | |||
| * | Fixed probing attempt risk that was creating false positives | Luca Deri | 2024-08-07 |
| | | |||
| * | Update all IP lists (#2515) | Ivan Nardi | 2024-08-02 |
| | | | | | | The `suffix_id` is simply an incremental index (see `ndpi_load_domain_suffixes`), so its value might changes every time we update the public suffix list. | ||
| * | Improved ICMP malformed packet risk description | Luca Deri | 2024-07-25 |
| | | |||
| * | FPC: add DPI information (#2514) | Ivan Nardi | 2024-07-23 |
| | | | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC | ||
| * | Add OpenWire support (#2513) | Vladimir Gavrilov | 2024-07-22 |
| | | |||
| * | FPC: small improvements (#2512) | Ivan Nardi | 2024-07-22 |
| | | | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics. | ||
| * | FPC: add DNS correlation (#2497) | mmanoj | 2024-07-22 |
| | | | | | | | | | | Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Add Nano (XNO) protocol support (#2508) | Vladimir Gavrilov | 2024-07-18 |
| | | |||
| * | Added ClickHouse protocol | Luca | 2024-07-17 |
| | | |||
| * | Add HLS support (#2502) | Vladimir Gavrilov | 2024-07-16 |
| | | |||
| * | fuzzing: improve coverage (#2495) | Ivan Nardi | 2024-07-12 |
| | | | | | | | | | | | | | | | Fix detection of WebDAV and Gnutella (over HTTP) Fix detection of z3950 Add two fuzzers to test `ndpi_memmem()` and `ndpi_strnstr()` Remove some dead code: * RTP: the same exact check is performed at the very beginning of the function * MQTT: use a better helper to exclude the protocol * Colletd: `ndpi_hostname_sni_set()` never fails Update pl7m code (fix a Use-of-uninitialized-value error) | ||
| * | Improve detection of Cloudflare WARP traffic (#2491) | Ivan Nardi | 2024-07-04 |
| | | | | See: #2484 | ||
| * | Add infrastructure for explicit support of Fist Packet Classification (#2488) | Ivan Nardi | 2024-07-03 |
| | | | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322 | ||
| * | tunnelbear: improve detection over wireguard (#2485) | Ivan Nardi | 2024-07-01 |
| | | | | See #2484 | ||
| * | Improve detection of Twitter/X (#2482) | Ivan Nardi | 2024-07-01 |
| | | |||
| * | fuzz: improve fuzzing coverage (#2474) | Ivan Nardi | 2024-06-17 |
| | | | | | | | Remove some code never triggered AFP: the removed check is included in the following one MQTT: fix flags extraction | ||
| * | Sync unit tests results | Nardi Ivan | 2024-06-17 |
| | | |||
| * | Add Ripe Atlas probe protocol. (#2473) | Toni | 2024-06-17 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Zoom: harden RTP/RTCP detection | Nardi Ivan | 2024-06-17 |
| | | |||
| * | Zoom: remove "stun_zoom" LRU cache | Nardi Ivan | 2024-06-17 |
| | | | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows | ||
| * | Added protocol - JRMI - Java Remote Method Invocation (#2470) | Mark Jeffery | 2024-06-15 |
| | | |||
| * | Improved detection of Android connectiity checks | Luca | 2024-06-12 |
| | | |||
| * | Zoom: faster detection of P2P flows (#2467) | Ivan Nardi | 2024-06-07 |
| | | |||
| * | STUN: add support for Microsoft Multiplexed TURN channels (#2464) | Ivan Nardi | 2024-06-05 |
| | | |||
| * | Update unit tests results (#2466) | Ivan Nardi | 2024-06-05 |
| | | |||
| * | RTP: fix detection over TCP (#2462) | Ivan Nardi | 2024-05-29 |
| | | | | | | | RFC4571 is not the only way to wrap RTP messages in TCP streams. For example, when RTP is encapsulated over TURN flows (i.e. via DATA attribute) there is no additional framing. See also 6127e0490 | ||
| * | support rtp/rtcp over tcp (#2422) (#2457) | Maatuq | 2024-05-28 |
| | | | | | | Support rtp/rtcp over tcp as per rfc4571. Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com> | ||
| * | Add ZUG consensus protocol dissector. (#2458) | Toni | 2024-05-28 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | CiscoVPN: we detect it only over UDP (#2454) | Ivan Nardi | 2024-05-28 |
| | | | | The original code handled also TCP/TLS, but it was removed in 6fc29b3ae | ||
| * | Improved Kafka dissector. (#2456) | Toni | 2024-05-27 |
| | | | | | | | | | | * detect more Kafka request packet's * requires less flow memory * same detection behavior as before e.g. no asym detection implemented (can be done by dissecting responses, requires more effort) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Rename Messenger to FacebookMessenger (#2453) | Vladimir Gavrilov | 2024-05-23 |
| | | |||
| * | Sync unit tests results | Nardi Ivan | 2024-05-22 |
| | | |||
| * | More NDPI_PROBING_ATTEMPT changes | Luca | 2024-05-22 |
| | | |||
| * | Added NDPI_PROBING_ATTEMPT risk | Luca | 2024-05-22 |
| | | |||
| * | DTLS: fix JA4 fingerprint (#2446) | Ivan Nardi | 2024-05-21 |
| | | |||
| * | DTLS: add support for DTLS 1.3 (#2445) | Ivan Nardi | 2024-05-21 |
| | | |||
| * | Follow-up of 2093ac5bf (#2451) | Ivan Nardi | 2024-05-21 |
| | | |||
| * | Minor dissector optimizations | Luca Deri | 2024-05-20 |
| | | |||
| * | Add Call of Duty Mobile support (#2438) | Vladimir Gavrilov | 2024-05-15 |
| | | |||
| * | H323: improve detection and avoid false positives (#2432) | Ivan Nardi | 2024-05-11 |
| | | |||
| * | Add Ethernet Global Data support (#2437) | Vladimir Gavrilov | 2024-05-11 |
| | | |||
| * | Remove Vevo support (#2436) | Vladimir Gavrilov | 2024-05-11 |
| | | | | Co-authored-by: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | ||
| * | Viber: add detection of voip calls and avoid false positives (#2434) | Ivan Nardi | 2024-05-11 |
| | | |||