| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Fixed probing attempt risk that was creating false positives | Luca Deri | 2024-08-07 |
| | | |||
| * | FPC: add DPI information (#2514) | Ivan Nardi | 2024-07-23 |
| | | | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC | ||
| * | Add OpenWire support (#2513) | Vladimir Gavrilov | 2024-07-22 |
| | | |||
| * | FPC: small improvements (#2512) | Ivan Nardi | 2024-07-22 |
| | | | | | Add printing of fpc_dns statistics and add a general cconfiguration option. Rework the code to be more generic and ready to handle other logics. | ||
| * | Add Nano (XNO) protocol support (#2508) | Vladimir Gavrilov | 2024-07-18 |
| | | |||
| * | Improve detection of Cloudflare WARP traffic (#2491) | Ivan Nardi | 2024-07-04 |
| | | | | See: #2484 | ||
| * | Add infrastructure for explicit support of Fist Packet Classification (#2488) | Ivan Nardi | 2024-07-03 |
| | | | | | | Let's start with some basic helpers and with FPC based on flow addresses. See: #2322 | ||
| * | Improve detection of Twitter/X (#2482) | Ivan Nardi | 2024-07-01 |
| | | |||
| * | Add Ripe Atlas probe protocol. (#2473) | Toni | 2024-06-17 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Zoom: remove "stun_zoom" LRU cache | Nardi Ivan | 2024-06-17 |
| | | | | | | Since 070a0908b we are able to detect P2P calls directly from the packet content, without any correlation among flows | ||
| * | Added protocol - JRMI - Java Remote Method Invocation (#2470) | Mark Jeffery | 2024-06-15 |
| | | |||
| * | support rtp/rtcp over tcp (#2422) (#2457) | Maatuq | 2024-05-28 |
| | | | | | | Support rtp/rtcp over tcp as per rfc4571. Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com> | ||
| * | Add ZUG consensus protocol dissector. (#2458) | Toni | 2024-05-28 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | CiscoVPN: we detect it only over UDP (#2454) | Ivan Nardi | 2024-05-28 |
| | | | | The original code handled also TCP/TLS, but it was removed in 6fc29b3ae | ||
| * | More NDPI_PROBING_ATTEMPT changes | Luca | 2024-05-22 |
| | | |||
| * | Follow-up of 2093ac5bf (#2451) | Ivan Nardi | 2024-05-21 |
| | | |||
| * | Minor dissector optimizations | Luca Deri | 2024-05-20 |
| | | |||
| * | Add Call of Duty Mobile support (#2438) | Vladimir Gavrilov | 2024-05-15 |
| | | |||
| * | H323: improve detection and avoid false positives (#2432) | Ivan Nardi | 2024-05-11 |
| | | |||
| * | Add Ethernet Global Data support (#2437) | Vladimir Gavrilov | 2024-05-11 |
| | | |||
| * | Add extra entropy checks and more precise(?) analysis. (#2383) | Toni | 2024-05-09 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Remove "zoom" cache (#2420) | Ivan Nardi | 2024-05-06 |
| | | | | | | | | | | This cache was added in b6b4967aa, when there was no real Zoom support. With 63f349319, a proper identification of multimedia stream has been added, making this cache quite useless: any improvements on Zoom classification should be properly done in Zoom dissector. Tested for some months with a few 10Gbits links of residential traffic: the cache pretty much never returned a valid hit. | ||
| * | Merge RTP and RTCP logic (#2416) | Ivan Nardi | 2024-05-06 |
| | | | | | | | | | | Avoid code duplication between these two protocols. We remove support for RTCP over TCP; it is quite rare to find this kind of traffic and, more important, we have never had support for RTP over TCP: we should try to add both detecion as follow-up. Fix a message log in the LINE code | ||
| * | eDonkey: improve/update classification (#2410) | Ivan Nardi | 2024-05-04 |
| | | | | | | | | | | | eDonkey is definitely not as used as >10 years ago, but it seems it is still active. While having a basic TCP support seems easy, identification over UDP doesn't work and it is hard to do it rightly (packets might be only 2 bytes long): remove it. Credits to V.G <v.gavrilov@securitycode.ru> | ||
| * | Updated JA4 test results | Luca Deri | 2024-05-02 |
| | | |||
| * | Add BFCP protocol support (#2401) | 0x41CEA55 | 2024-04-23 |
| | | |||
| * | Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398) | 0x41CEA55 | 2024-04-19 |
| | | |||
| * | Add KNXnet/IP protocol support (#2397) | 0x41CEA55 | 2024-04-19 |
| | | | | | | * Add KNXnet/IP protocol support * Improve KNXnet/IP over TCP detection | ||
| * | Add Label Distribution Protocol support (#2385) | Vladimir Gavrilov | 2024-04-12 |
| | | | | | | | | * Add Label Distribution Protocol support * Fix typo * Update unit test results | ||
| * | Add The Elder Scrolls Online support (#2376) | Vladimir Gavrilov | 2024-04-10 |
| | | | | | | | | | | | | * Add The Elder Scrolls Online support * Use ndpi_memmem instead of memmem from libc * Add protocol description * Change selection bitmask to V4_V6 * Update protocols.rst | ||
| * | Calculate packet entropy for unknown protocols. (#2369) | Toni | 2024-04-06 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add LoL: Wild Rift detection (#2356) | Vladimir Gavrilov | 2024-03-26 |
| | | |||
| * | STUN: remove workaround to identify RTP traffic | Nardi Ivan | 2024-03-20 |
| | | | | | | We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at least; no need to explicity call the RTP dissector | ||
| * | Add FLUTE protocol dissector (#2351) | Vladimir Gavrilov | 2024-03-19 |
| | | | | | | * Add FLUTE protocol dissector * Add flute.c to MSVC project | ||
| * | Add PFCP protocol dissector (#2342) | Vladimir Gavrilov | 2024-03-13 |
| | | |||
| * | Add Path of Exile protocol dissector (#2337) | Vladimir Gavrilov | 2024-03-06 |
| | | | | | | * Add Path of Exile protocol dissector * Update protocols.rst | ||
| * | Add Naraka Bladepoint detection support (#2334) | Vladimir Gavrilov | 2024-03-04 |
| | | |||
| * | Add BFD protocol dissector (#2332) | Vladimir Gavrilov | 2024-02-29 |
| | | |||
| * | Add DLEP protocol dissector (#2326) | Vladimir Gavrilov | 2024-02-20 |
| | | |||
| * | Add ANSI C12.22 protocol dissector (#2317) | Vladimir Gavrilov | 2024-02-15 |
| | | | | | | * Add ANSI C12.22 protocol dissector * Add UDP sample | ||
| * | Skype: remove old detection logic (#1954) | Ivan Nardi | 2024-02-12 |
| | | | | | | | | Skype has been using standard protocols (STUN/ICE or TLS) for a long, long time, now. Long gone are the days of Skype as a distribuited protocol. See: #2166 | ||
| * | Add detection of Gaijin Entertainment games (#2311) | Vladimir Gavrilov | 2024-02-09 |
| | | | | | | | | | | * Add detection of Gaijin Entertainment games * Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN * Add default UDP port for Gaijin Entertainment games * Remove NDPI_PROTOCOL_CROSSOUT protocol id | ||
| * | Add TencentGames protocol dissector (#2306) | Vladimir Gavrilov | 2024-02-08 |
| | | |||
| * | Add Gearman protocol dissector (#2297) | Vladimir Gavrilov | 2024-02-01 |
| | | |||
| * | Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial ↵ | Luca Deri | 2024-01-29 |
| | | | | | protocol | ||
| * | Fix RESP detection (#2289) | Vladimir Gavrilov | 2024-01-27 |
| | | | | | | * Rename redis_net.c to resp.c * Fix RESP detection | ||
| * | Add Raft protocol dissector. (#2286) | Toni | 2024-01-25 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add Radmin protocol dissector (#2283) | Vladimir Gavrilov | 2024-01-25 |
| | | | | | | * Add Radmin protocol dissector * Update test results | ||
| * | Add STOMP protocol dissector (#2280) | Vladimir Gavrilov | 2024-01-23 |
| | | |||
| * | Add Yojimbo (netcode) protocol dissector (#2277) | Toni | 2024-01-21 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||