aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default
Commit message (Collapse)AuthorAge
...
* Remove Vhua support (#2816)Vladimir Gavrilov2025-05-15
|
* Remove World Of Kung Fu support (#2815)Vladimir Gavrilov2025-05-15
|
* Add kick.com support (#2813)Vladimir Gavrilov2025-05-14
|
* Improve Ubiquiti device discovery request/response detection. (#2810)Toni2025-05-12
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add vkvideo domain (#2809)Vladimir Gavrilov2025-05-12
|
* Add Rockstar Games detection (#2805)Vladimir Gavrilov2025-04-28
|
* STUN: set default port for TCP, too (#2804)Ivan Nardi2025-04-28
|
* Add Microsoft Delivery Optimization protocol (#2799)Vladimir Gavrilov2025-04-28
|
* Add a new specific ID for generic Ubiquity traffic (#2796)Ivan Nardi2025-04-16
|
* Update all IP/domain lists (#2795)Ivan Nardi2025-04-16
| | | | | | | | | | | | | | | | | | ProtonVPN script have been not working in the last week. ``` Error "Invalid access token" ``` ProtonVPN is doing a major upgrade in its infrastructure: ``` In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Apr 09, 2025 - 11:30 CEST Scheduled - In the following period from the 9th of April up to the 30th of April, various Proton VPN dedicated servers will be in temporary maintenance mode, for a short duration period, in order to allow us to perform a major infrastructure upgrade, paving the way for overall increased performance and efficiency of our Proton VPN infrastructure. We apologize for the occasional inconvenience. Apr 9, 2025 11:30 - Apr 30, 2025 23:30 CEST ``` Let's wait if it works again in the future...
* UBNTAC2,Ookla: improve detection (#2793)Ivan Nardi2025-04-10
|
* FPC: save all addresses from DNS to `fpc_dns` cache (#2792)Ivan Nardi2025-04-10
|
* Follow-up of latest Signal call change (see: 4d41588a7)Ivan Nardi2025-04-05
|
* Extend list of domains for SNI matching (#2791)Ivan Nardi2025-04-05
|
* blizzard: improve detection of generic battle.net trafficIvan Nardi2025-03-30
|
* blizzard: add detection of Overwatch2Ivan Nardi2025-03-30
|
* WoW: update detectionIvan Nardi2025-03-30
| | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
* Rework the old Starcraft code to identify traffic from generic Blizzard ↵Ivan Nardi2025-03-25
| | | | | games (#2776) Remove `NDPI_PROTOCOL_STARCRAFT` and add a generic `NDPI_PROTOCOL_BLIZZARD`.
* Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779)Ivan Nardi2025-03-25
| | | | | | | Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk. Disable fully-encryption detection by default, like all the obfuscation heuristics.
* Remove `NDPI_TLS_SUSPICIOUS_ESNI_USAGE` flow risk (#2778)Ivan Nardi2025-03-25
| | | | | | That flow risk was introduced in 79b89d286605635f15edfe3c21297aaa3b5f3acf but we can now use the generic `NDPI_TLS_SUSPICIOUS_EXTENSION` instead: ESNI is quite suspicious nowadays in itself (i.e. even without SNI). Note that ESNI support has been removed in cae9fb9989838f213eeb857b8fc4bbeac6940049
* armagetron: update code (#2777)Ivan Nardi2025-03-25
|
* Added initial LLM traffic recognitionLuca Deri2025-03-24
|
* Rework the old MapleStory code to identify traffic from generic Nexon games ↵Ivan Nardi2025-03-19
| | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON`
* FastCGI: use specific metadata, not the HTTP ones (#2774)Ivan Nardi2025-03-19
| | | | We are going to use HTTP metadata only for real HTTP traffic; FastCGI should be the only protocol using them improperly
* Avoid duplicated Microsoft domains (#2770)Ivan Nardi2025-03-18
| | | | | Update the list Close #2767
* TLS: avoid sub-classification for RDP flows (#2769)Ivan Nardi2025-03-14
| | | | | | | | | | | | | | | | These flows are already classified as TLS.RDP. This change also fix a memory leak ``` Direct leak of 62 byte(s) in 1 object(s) allocated from: #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46 #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13 #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46 #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10 #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5 ``` Found by oss-fuzz. See: https://oss-fuzz.com/testcase-detail/5244512192757760
* Sync unit tests resultsIvan Nardi2025-03-11
|
* Merge pull request #2760 from IvanNardi/internal_giveupIvan Nardi2025-03-11
|\ | | | | Add a new internal function `internal_giveup()`
| * Add a new internal function `internal_giveup()`Ivan Nardi2025-03-05
| | | | | | | | | | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets)
* | Add GearUP Booster protocol dissector (heuristic based). (#2765)Toni2025-03-07
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Add GearUP Booster application protocol. (#2764)Toni2025-03-06
|/ | | | | protocol dissector will follow Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fix function checking if a packet is multicastIvan Nardi2025-03-04
|
* custom rules: try to have a coherent behaviourIvan Nardi2025-03-04
| | | | | | | | | | | | | Custom rules with *new* protocols are checked "first": if there is a match, the first packet of the flow provides a complete and final classification. The same logic should apply to custom rules with "existing" protocols: if there is match, nDPI shouldn't do anything else. Remove the `tcp:3000@ntop` custom rule. Fix the default port for ElasticSearch (in the protocol file)
* Flow risk infos are always exported "in order" (by flow risk id)Ivan Nardi2025-03-04
| | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order.
* ICMP: move all the logic to the proper dissector fileIvan Nardi2025-02-28
| | | | | | | There are no reasons to keep entropy calculation and sanity checks code on the "guessing" algorithm. BTW, this change also fix the entropy calculation for non TCP/UDP/ICMP flows
* Added valid TLS extensions that used to trigger invalid risksLuca Deri2025-02-27
|
* Improved Tor detectionLuca Deri2025-02-24
|
* Sync unit tests resultsIvan Nardi2025-02-24
|
* Improved Tor exit node download and added IPv6 supportLuca Deri2025-02-24
|
* Improved Google PlayStore detectionLuca Deri2025-02-24
|
* UBNTAC2: rework detection (#2744)Ivan Nardi2025-02-23
|
* Add LagoFast protocol dissector. (#2743)Toni2025-02-23
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* RTP: payload type info should be set only for real RTP flows (#2742)Ivan Nardi2025-02-22
|
* Update the capture length of the ssdp example (#2741)Ivan Nardi2025-02-21
| | | | | | | | Some old libpcap versions don't handle pcap files with capture length bigger than 262144 bytes ``` ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144 ```
* Create a new protocol id to handle Mozilla/Firefox generic traffic (#2740)Ivan Nardi2025-02-21
| | | Close #2738
* Updated test resultLuca2025-02-21
|
* Improved RTP dissection with EVS and other mobile voice codecsLuca Deri2025-02-20
|
* Updated test rsults after RTP payload extractionLuca Deri2025-02-19
|
* Fixed bug in domain name computationLuca Deri2025-02-17
|
* DNS: rework "extra-dissection" code (#2735)Ivan Nardi2025-02-17
|
Powered by cgit, Themed by Ted Yin.