vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5405 commits 9 branches 12 tags 263 MiB
Commit graph

18 commits

Author SHA1 Message Date
Ivan Nardi
aa6dcad15e
ndpiReader: print categories summary (#2895) 2025-06-21 12:41:00 +02:00
Ivan Nardi
0d2213f7ff
Gnutella: simplify code, to support only gtk-gnutella client (#2830) 
Close #2818
 2025-05-20 15:48:56 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
91fd1bccd2
Rework the old MapleStory code to identify traffic from generic Nexon games (#2773) 
Remove `NDPI_PROTOCOL_MAPLESTORY` and add a generic
`NDPI_PROTOCOL_NEXON`
 2025-03-19 17:58:42 +01:00
Ivan Nardi
34dcf18128 Add a new internal function internal_giveup() 
This function is always called once for every flow, as last code
processing the flow itself.

As a first usage example, check here if the flow is unidirectional
(instead of checking it at every packets)
 2025-03-05 20:51:06 +01:00
Ivan Nardi
85fb7eb2e5 Flow risk infos are always exported "in order" (by flow risk id) 
This way, the `ndpiReader` output doesn't change if we change the
internal logic about the order we set/check the various flow risks.

Note that the flow risk *list* is already printed by `ndpiReader`
in order.
 2025-03-04 13:23:58 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection (#2664) 
* detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-01-11 11:23:42 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Luca Deri
fc4fb4d409 Fixed probing attempt risk that was creating false positives 2024-08-07 11:38:41 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Luca
44a290286b More NDPI_PROBING_ATTEMPT changes 2024-05-22 18:04:33 +02:00
Toni
18e03a26ca
Add extra entropy checks and more precise(?) analysis. (#2383) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-05-09 15:24:11 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Nardi Ivan
950f209a17 config: HTTP: enable/disable processing of HTTP responses 2024-01-18 10:21:24 +01:00