vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 19:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5405 commits 9 branches 12 tags 263 MiB
Commit graph

265 commits

Author SHA1 Message Date
Ivan Nardi
ae48c8df7a Workaround for big-endian builds 
Fix CI tests on big-endian builds.
We have a long-standing issue on big-endian archs: it might be related
to utash or about how we use utash in ndpiReader
 2025-07-19 16:44:56 +02:00
kalinda
9efd3cfb33
Add Blacknut ,Boosteroid and Rumble protocol(SNI detection WIP) (#2907) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-07-03 21:41:17 +02:00
Toni
a913e914e5
Added EasyWeather protocol dissector (#2912) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-07-03 12:28:48 +02:00
Ivan Nardi
43b60e3d7a
Rework classification in ndpi_match_host_subprotocol()-like functions (#2910) 2025-07-01 17:01:59 +02:00
Vladimir Gavrilov
aba60ac354
Add GLBP dissector (#2879) 
GLBP is a Cisco proprietary first-hop redundancy protocol similar to HSRP and VRRP, but with additional load balancing capabilities.
 2025-06-10 15:26:10 +02:00
Vladimir Gavrilov
75395cb264
Add category and breed support for custom rules (#2872) 
Close #2594
 2025-06-08 17:34:21 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support (#2860) 2025-06-02 14:00:31 +02:00
Ivan Nardi
651daeb01a
Fix configuration of ip lists of flow risks (#2859) 
Add some new tests about these configuration parameters.

Close #2858
 2025-05-28 20:19:19 +02:00
Luca Deri
9e5a67f369 Improved detection of TCP scanners 2025-05-27 22:17:38 +02:00
Ivan Nardi
8350cc68d4
BFCP: fix check on payload length and extract metadata (#2854) 
We should be able to identified this protocol on the first packet,
without keeping any state

Close #2745
 2025-05-26 15:08:53 +02:00
Ivan Nardi
03e1e593d1
Dofus: update detection to version 3.X (#2852) 
See #2827
 2025-05-25 20:06:12 +02:00
Luca Deri
c1d3728602 Added the support for multiple TCP fingerprint format 
- default (0) is the native nDPI format
- MuonOF (1) has been added

The format can be changed using metadata.tcp_fingerprint_format

Added ability to identify mass scanners using TCP fingerprint
 2025-05-24 10:30:33 +02:00
Vladimir Gavrilov
afc0da6468
Simplify ZeroMQ detection (#2847) 2025-05-23 16:09:16 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support (#2846) 2025-05-23 11:13:52 +02:00
Vladimir Gavrilov
90b5f681c6
Improve BFCP detection (#2844) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-05-22 12:23:05 +02:00
Ivan Nardi
ed29a8f963
Fix isAppProtocol for GTP_U (#2837) 
See: c590dc495
 2025-05-21 14:30:36 +02:00
Vladimir Gavrilov
0a3c8f2464
Drop GW1 support and add basic GW2 detection (#2836) 2025-05-21 11:45:31 +02:00
Vladimir Gavrilov
8b84192cad
CrossFire: update code (#2834) 2025-05-21 08:36:58 +02:00
0xA50C1A1
b49b7eb45f Rename NDPI_PROTOCOL_UBUNTUONE protocol ID to NDPI_PROTOCOL_CANONICAL 2025-05-15 21:43:34 +02:00
0xA50C1A1
af4af11afc Rename Lotus Notes to HCL Notes for product consistency 2025-05-15 21:43:34 +02:00
Vladimir Gavrilov
4b47f7c669
Add kick.com support (#2813) 2025-05-14 21:06:12 +02:00
Toni
b0867c0614
Improve Ubiquiti device discovery request/response detection. (#2810) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-05-12 13:00:08 +02:00
Vladimir Gavrilov
292d26f0db
Add vkvideo domain (#2809) 2025-05-12 09:46:19 +02:00
Vladimir Gavrilov
b3be9f16dc
Add Rockstar Games detection (#2805) 2025-04-28 19:54:00 +02:00
Vladimir Gavrilov
6312e4c9aa
Add Microsoft Delivery Optimization protocol (#2799) 2025-04-28 13:40:21 +02:00
Ivan Nardi
9283ebc1c9
Add a new specific ID for generic Ubiquity traffic (#2796) 2025-04-16 14:36:56 +02:00
Ivan Nardi
c7b71d9e55
UBNTAC2,Ookla: improve detection (#2793) 2025-04-10 13:18:44 +02:00
Ivan Nardi
3e2d69b92a Follow-up of latest Signal call change (see: 4d41588a7) 2025-04-05 14:22:05 +02:00
Ivan Nardi
153391da66 blizzard: add detection of Overwatch2 2025-03-30 20:22:09 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
56ac5bf48b
Rework the old Starcraft code to identify traffic from generic Blizzard games (#2776) 
Remove `NDPI_PROTOCOL_STARCRAFT` and add a generic `NDPI_PROTOCOL_BLIZZARD`.
 2025-03-25 17:16:10 +01:00
Ivan Nardi
f2be78561b
armagetron: update code (#2777) 2025-03-25 13:22:52 +01:00
Ivan Nardi
91fd1bccd2
Rework the old MapleStory code to identify traffic from generic Nexon games (#2773) 
Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic
`NDPI_PROTOCOL_NEXON`
 2025-03-19 17:58:42 +01:00
Ivan Nardi
0fe81c842f
TLS: avoid sub-classification for RDP flows (#2769) 
These flows are already classified as TLS.RDP.
This change also fix a memory leak

```
Direct leak of 62 byte(s) in 1 object(s) allocated from:
   #0 0x5883d762429f in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
   #1 0x5883d76fe46a in ndpi_malloc ndpi/src/lib/ndpi_memory.c:57:46
   #2 0x5883d76fe46a in ndpi_strdup ndpi/src/lib/ndpi_memory.c:110:13
   #3 0x5883d77adcd6 in ndpi_compute_ja4 ndpi/src/lib/protocols/tls.c:2298:46
   #4 0x5883d77ab2ec in processClientServerHello ndpi/src/lib/protocols/tls.c:3314:10
   #5 0x5883d77a4c51 in processTLSBlock ndpi/src/lib/protocols/tls.c:1319:5
```
Found by oss-fuzz.
See: https://oss-fuzz.com/testcase-detail/5244512192757760
 2025-03-14 15:13:29 +01:00
Toni
6a591b67aa
Add GearUP Booster protocol dissector (heuristic based). (#2765) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-03-07 20:05:44 +01:00
Luca Deri
beea70d689 Improved Tor detection 2025-02-24 22:14:41 +01:00
Ivan Nardi
084a5808d5
UBNTAC2: rework detection (#2744) 2025-02-23 17:51:51 +01:00
Toni
5858e1debf
Add LagoFast protocol dissector. (#2743) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-02-23 13:13:38 +01:00
Ivan Nardi
6c00422f5c
Update the capture length of the ssdp example (#2741) 
Some old libpcap versions don't handle pcap files with capture length
bigger than 262144 bytes

```
 ERROR: could not open pcap file: invalid interface capture length 524288, bigger than maximum of 262144
```
 2025-02-21 19:47:17 +01:00
Ivan Nardi
86af01c74d
DNS: fix message parsing (#2732) 2025-02-16 17:19:43 +01:00
Ivan Kapranov
ccb15db9b3
Implement SSDP Metadata export (#2729) 
Close #2524
 2025-02-16 17:04:16 +01:00
Ivan Kapranov
e4521440ab
Added RUTUBE (#2725) 2025-02-15 16:03:58 +01:00
Ivan Nardi
9bf513b342
DNS: fix dissection (#2726) 2025-02-15 15:13:01 +01:00
Ivan Nardi
dba7e9a8ec
DNS: try to simplify the code (#2718) 
Set the classification in only one place in the code.
 2025-02-12 09:48:35 +01:00
Ivan Nardi
dff5b2beac DNS: fix dissection when there is only the response message 2025-02-11 12:44:46 +01:00
Ivan Nardi
a298d26c20 DNS: extend tests 2025-02-11 12:44:46 +01:00
Ivan Nardi
642cf5764a Extend regression tests 2025-02-04 14:33:32 +01:00
Ivan Nardi
819b00670c
RTP: improve detection of multimedia type for Signal calls (#2697) 2025-01-24 14:13:51 +01:00
Vladimir Gavrilov
674428d824
Add Vivox support (#2668) 2025-01-11 19:37:31 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection (#2664) 
* detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-01-11 11:23:42 +01:00