| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | ndpiReader: print categories summary (#2895) | Ivan Nardi | 2025-06-21 |
| | | |||
| * | Add GLBP dissector (#2879) | Vladimir Gavrilov | 2025-06-10 |
| | | | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities. | ||
| * | Add Hamachi protocol detection support (#2860) | Vladimir Gavrilov | 2025-06-02 |
| | | |||
| * | Simplify ZeroMQ detection (#2847) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | Add MELSEC protocol support (#2846) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | IPP: fix selection bitmask (#2845) | Ivan Nardi | 2025-05-22 |
| | | | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...) | ||
| * | Gnutella: simplify code, to support only gtk-gnutella client (#2830) | Ivan Nardi | 2025-05-20 |
| | | | | Close #2818 | ||
| * | Drop Warcraft 3 (pre Reforged) support (#2826) | Vladimir Gavrilov | 2025-05-19 |
| | | |||
| * | RTSP: simplify detection (#2822) | Ivan Nardi | 2025-05-18 |
| | | |||
| * | Remove Half-Life 2 support; improve Source Engine protocol detection | 0xA50C1A1 | 2025-05-16 |
| | | |||
| * | Remove Vhua support (#2816) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Remove World Of Kung Fu support (#2815) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Add Microsoft Delivery Optimization protocol (#2799) | Vladimir Gavrilov | 2025-04-28 |
| | | |||
| * | FPC: save all addresses from DNS to `fpc_dns` cache (#2792) | Ivan Nardi | 2025-04-10 |
| | | |||
| * | WoW: update detection | Ivan Nardi | 2025-03-30 |
| | | | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT` | ||
| * | Rework the old MapleStory code to identify traffic from generic Nexon games ↵ | Ivan Nardi | 2025-03-19 |
| | | | | | | | (#2773) Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic `NDPI_PROTOCOL_NEXON` | ||
| * | Merge pull request #2760 from IvanNardi/internal_giveup | Ivan Nardi | 2025-03-11 |
| |\ | | | | | Add a new internal function `internal_giveup()` | ||
| | * | Add a new internal function `internal_giveup()` | Ivan Nardi | 2025-03-05 |
| | | | | | | | | | | | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets) | ||
| * | | Add GearUP Booster protocol dissector (heuristic based). (#2765) | Toni | 2025-03-07 |
| |/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Flow risk infos are always exported "in order" (by flow risk id) | Ivan Nardi | 2025-03-04 |
| | | | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order. | ||
| * | Improved Google PlayStore detection | Luca Deri | 2025-02-24 |
| | | |||
| * | Add LagoFast protocol dissector. (#2743) | Toni | 2025-02-23 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fixed bug in domain name computation | Luca Deri | 2025-02-17 |
| | | |||
| * | DNS: faster exclusion (#2719) | Ivan Nardi | 2025-02-12 |
| | | |||
| * | ndpiReader: print more DNS information (#2717) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: disable subclassification by default (#2715) | Ivan Nardi | 2025-02-11 |
| | | | | | Prelimary change to start supporting multiple DNS transactions on the same flow | ||
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | HTTP: fix entropy calculation (#2666) | Ivan Nardi | 2025-01-12 |
| | | | | | We calculate HTTP entropy according to "Content-type:" header, see `ndpi_validate_http_content()` on HTTP code | ||
| * | Improved WebSocket-over-HTTP detection (#2664) | Toni | 2025-01-11 |
| | | | | | | | * detect `chisel` SSH-over-HTTP-WebSocket * use `strncasecmp()` for `LINE_*` matching macros Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | Imporoved SMBv1 heuristic to avoid triggering risks for SMBv1 broadcast ↵ | Luca Deri | 2025-01-03 |
| | | | | | messages when used to browse (old) network devices | ||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Tls out of order (#2561) | Ivan Nardi | 2024-09-18 |
| | | | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions | ||
| * | Added fix for handling Server Hello before CLient Hello | Luca | 2024-09-17 |
| | | |||
| * | Fixed handling of spurious TCP retransmissions | Luca | 2024-09-17 |
| | | |||
| * | oracle: fix dissector (#2548) | Ivan Nardi | 2024-09-07 |
| | | | | | We can do definitely better, but this change is a big improvements respect the current broken code | ||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Align serialized risk names to all others (first letter; uppercase letter) ↵ | Toni | 2024-09-03 |
| | | | | | | (#2541) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||
| * | Add Automatic Tank Gauge protocol (#2527) | wssxsxxsx | 2024-08-23 |
| | | | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||