| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | STUN: don't check `NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT` flow risk (#2901) | Ivan Nardi | 2025-06-23 |
| | | |||
| * | ndpiReader: print categories summary (#2895) | Ivan Nardi | 2025-06-21 |
| | | |||
| * | Add GLBP dissector (#2879) | Vladimir Gavrilov | 2025-06-10 |
| | | | | GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities. | ||
| * | Add Hamachi protocol detection support (#2860) | Vladimir Gavrilov | 2025-06-02 |
| | | |||
| * | Simplify ZeroMQ detection (#2847) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | Add MELSEC protocol support (#2846) | Vladimir Gavrilov | 2025-05-23 |
| | | |||
| * | IPP: fix selection bitmask (#2845) | Ivan Nardi | 2025-05-22 |
| | | | | | IPP is identified *only* as HTTP subprotocol, so it can't be over UDP (HTTP is only over TCP...) | ||
| * | Drop Warcraft 3 (pre Reforged) support (#2826) | Vladimir Gavrilov | 2025-05-19 |
| | | |||
| * | RTSP: simplify detection (#2822) | Ivan Nardi | 2025-05-18 |
| | | |||
| * | Remove Half-Life 2 support; improve Source Engine protocol detection | 0xA50C1A1 | 2025-05-16 |
| | | |||
| * | Remove Vhua support (#2816) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Remove World Of Kung Fu support (#2815) | Vladimir Gavrilov | 2025-05-15 |
| | | |||
| * | Add Microsoft Delivery Optimization protocol (#2799) | Vladimir Gavrilov | 2025-04-28 |
| | | |||
| * | WoW: update detection | Ivan Nardi | 2025-03-30 |
| | | | | | | Remove the specific dissector and use the Blizzard's generic one. For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT` | ||
| * | Merge pull request #2760 from IvanNardi/internal_giveup | Ivan Nardi | 2025-03-11 |
| |\ | | | | | Add a new internal function `internal_giveup()` | ||
| | * | Add a new internal function `internal_giveup()` | Ivan Nardi | 2025-03-05 |
| | | | | | | | | | | | | | | | | | This function is always called once for every flow, as last code processing the flow itself. As a first usage example, check here if the flow is unidirectional (instead of checking it at every packets) | ||
| * | | Add GearUP Booster protocol dissector (heuristic based). (#2765) | Toni | 2025-03-07 |
| |/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Flow risk infos are always exported "in order" (by flow risk id) | Ivan Nardi | 2025-03-04 |
| | | | | | | | | | This way, the `ndpiReader` output doesn't change if we change the internal logic about the order we set/check the various flow risks. Note that the flow risk *list* is already printed by `ndpiReader` in order. | ||
| * | Add LagoFast protocol dissector. (#2743) | Toni | 2025-02-23 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Fixed bug in domain name computation | Luca Deri | 2025-02-17 |
| | | |||
| * | DNS: faster exclusion (#2719) | Ivan Nardi | 2025-02-12 |
| | | |||
| * | ndpiReader: print more DNS information (#2717) | Ivan Nardi | 2025-02-11 |
| | | |||
| * | DNS: disable subclassification by default (#2715) | Ivan Nardi | 2025-02-11 |
| | | | | | Prelimary change to start supporting multiple DNS transactions on the same flow | ||
| * | Added DigitalOcean protocol | Luca Deri | 2025-01-17 |
| | | |||
| * | Remove JA3C output from ndpiReader (#2667) | Ivan Nardi | 2025-01-12 |
| | | | | | | | | | | | | | | Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 | ||
| * | ndpiReader: update JA statistics (#2646) | Ivan Nardi | 2025-01-06 |
| | | | | | Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context | ||
| * | When triggering risk "Known Proto on Non Std Port", nDPi now reports the ↵ | Luca Deri | 2024-11-22 |
| | | | | | port that was supposed to be used as default | ||
| * | Sync unit tests results | Ivan Nardi | 2024-11-21 |
| | | |||
| * | Added DICOM support | Luca | 2024-11-15 |
| | | | | | Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git | ||
| * | Implemented Mikrotik discovery protocol dissection and metadata extraction ↵ | Luca Deri | 2024-11-14 |
| | | | | | (#2618) | ||
| * | Add Paltalk protocol support (#2606) | Vladimir Gavrilov | 2024-10-28 |
| | | |||
| * | Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options | Luca Deri | 2024-10-27 |
| | | |||
| * | Improved TCP fingerprint | Luca Deri | 2024-10-20 |
| | | |||
| * | Improved TCP fingepring calculation | Luca Deri | 2024-10-18 |
| | | | | | Adde basidc OS detection based on TCP fingerprint | ||
| * | Increased struct ndpi_flow_struct size (#2596) | Luca Deri | 2024-10-18 |
| | | | | Build fix | ||
| * | Added sonos dissector | Luca Deri | 2024-10-13 |
| | | |||
| * | Add DingTalk protocol support (#2581) | Vladimir Gavrilov | 2024-10-07 |
| | | |||
| * | Exports DNS A/AAAA responses (up to 4 addresses) | Luca | 2024-10-02 |
| | | | | | Changed the default to IPv4 (used to be IPv6) in case of DNS error response | ||
| * | Tls out of order (#2561) | Ivan Nardi | 2024-09-18 |
| | | | | | | | | | | | | | * Revert "Added fix for handling Server Hello before CLient Hello" This reverts commit eb15b22e7757cb70894fdcde440e62bc40f22df1. * TLS: add some tests with unidirectional traffic * TLS: another attempt to process CH received after the SH Obviously, we will process unidirectional traffic longer, because we are now waiting for messages in both directions | ||
| * | Added fix for handling Server Hello before CLient Hello | Luca | 2024-09-17 |
| | | |||
| * | oracle: fix dissector (#2548) | Ivan Nardi | 2024-09-07 |
| | | | | | We can do definitely better, but this change is a big improvements respect the current broken code | ||
| * | Add Lustre protocol detection support (#2544) | Vladimir Gavrilov | 2024-09-04 |
| | | |||
| * | Fix CNP-IP false positives (#2531) | Vladimir Gavrilov | 2024-08-30 |
| | | |||
| * | Add TRDP protocol support (#2528) | Vladimir Gavrilov | 2024-08-25 |
| | | | | The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP). | ||
| * | Add Automatic Tank Gauge protocol (#2527) | wssxsxxsx | 2024-08-23 |
| | | | | | | | | See also #2523 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com> | ||
| * | Add CNP/IP protocol support (#2521) | Vladimir Gavrilov | 2024-08-22 |
| | | | | ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems. | ||
| * | Fixed probing attempt risk that was creating false positives | Luca Deri | 2024-08-07 |
| | | |||
| * | Update all IP lists (#2515) | Ivan Nardi | 2024-08-02 |
| | | | | | | The `suffix_id` is simply an incremental index (see `ndpi_load_domain_suffixes`), so its value might changes every time we update the public suffix list. | ||
| * | FPC: add DPI information (#2514) | Ivan Nardi | 2024-07-23 |
| | | | | | If the flow is classified (via DPI) after the first packet, we should use this information as FPC | ||
| * | Add OpenWire support (#2513) | Vladimir Gavrilov | 2024-07-22 |
| | | |||