vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5405 commits 9 branches 12 tags 263 MiB
Commit graph

55 commits

Author SHA1 Message Date
Ivan Nardi
898135b2f7 Fix ndpi_reconcile_protocols with classification by port/ip 2025-07-01 12:35:35 +02:00
Ivan Nardi
e0b14cc3fb
STUN: don't check NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT flow risk (#2901) 2025-06-23 18:15:48 +02:00
Ivan Nardi
aa6dcad15e
ndpiReader: print categories summary (#2895) 2025-06-21 12:41:00 +02:00
Vladimir Gavrilov
40fe26b2f1
Add Hamachi protocol detection support (#2860) 2025-06-02 14:00:31 +02:00
Vladimir Gavrilov
afc0da6468
Simplify ZeroMQ detection (#2847) 2025-05-23 16:09:16 +02:00
Vladimir Gavrilov
74cb03eb4c
Add MELSEC protocol support (#2846) 2025-05-23 11:13:52 +02:00
Vladimir Gavrilov
31a8d4307e
Drop Warcraft 3 (pre Reforged) support (#2826) 2025-05-19 13:28:19 +02:00
Ivan Nardi
38be52583a
RTSP: simplify detection (#2822) 2025-05-18 20:36:58 +02:00
Vladimir Gavrilov
5e2912770b
Remove World Of Kung Fu support (#2815) 2025-05-15 12:03:16 +02:00
Vladimir Gavrilov
6312e4c9aa
Add Microsoft Delivery Optimization protocol (#2799) 2025-04-28 13:40:21 +02:00
Ivan Nardi
092a6e10d0 WoW: update detection 
Remove the specific dissector and use the Blizzard's generic one.
For the time being, keep `NDPI_PROTOCOL_WORLDOFWARCRAFT`
 2025-03-30 20:22:09 +02:00
Ivan Nardi
34dcf18128 Add a new internal function internal_giveup() 
This function is always called once for every flow, as last code
processing the flow itself.

As a first usage example, check here if the flow is unidirectional
(instead of checking it at every packets)
 2025-03-05 20:51:06 +01:00
Ivan Nardi
85fb7eb2e5 Flow risk infos are always exported "in order" (by flow risk id) 
This way, the `ndpiReader` output doesn't change if we change the
internal logic about the order we set/check the various flow risks.

Note that the flow risk *list* is already printed by `ndpiReader`
in order.
 2025-03-04 13:23:58 +01:00
Ivan Nardi
3dbc6d2523
DNS: faster exclusion (#2719) 2025-02-12 17:42:00 +01:00
Luca Deri
56e52448c4 When triggering risk "Known Proto on Non Std Port", nDPi now reports the port that was supposed to be used as default 2024-11-22 18:21:58 +01:00
Ivan Nardi
1140d28c3d Sync unit tests results 2024-11-21 09:53:10 +01:00
Ivan Nardi
c5bd9d8bff
RTP, STUN: improve detection of multimedia flow type (#2620) 
Let's see if we are able to tell audio from video calls only looking at
RTP Payload Type field...
 2024-11-19 16:38:14 +01:00
Luca
4fd12278b1 Added DICOM support 
Testing pcaps courtesy of https://github.com/virtalabs/tapirx.git
 2024-11-15 18:45:51 +01:00
Vladimir Gavrilov
dc125dc2a8
Add Paltalk protocol support (#2606) 2024-10-28 16:57:05 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Ivan Nardi
2d7085a23e
STUN: if the same metadata is found multiple times, keep the first value (#2591) 2024-10-15 15:12:37 +02:00
Ivan Nardi
8299f5abab
STUN: fix monitoring of Whatsapp and Zoom flows (#2590) 2024-10-15 12:05:22 +02:00
Vladimir Gavrilov
6cb1631132
Add DingTalk protocol support (#2581) 2024-10-07 15:45:51 +02:00
Ivan Nardi
456bc2a52c
Tls out of order (#2561) 
* Revert "Added fix for handling Server Hello before CLient Hello"

This reverts commit eb15b22e77.

* TLS: add some tests with unidirectional traffic

* TLS: another attempt to process CH received after the SH

Obviously, we will process unidirectional traffic longer, because we are
now waiting for messages in both directions
 2024-09-18 21:04:03 +02:00
Luca
eb15b22e77 Added fix for handling Server Hello before CLient Hello 2024-09-17 19:04:01 +02:00
Ivan Nardi
92507c0146
oracle: fix dissector (#2548) 
We can do definitely better, but this change is a big improvements
respect the current broken code
 2024-09-07 12:00:31 +02:00
Vladimir Gavrilov
81eaa3bd52
Add Lustre protocol detection support (#2544) 2024-09-04 10:22:04 +02:00
Vladimir Gavrilov
3189f19b0f
Fix CNP-IP false positives (#2531) 2024-08-30 13:31:34 +02:00
Vladimir Gavrilov
64a5dc3cb3
Add TRDP protocol support (#2528) 
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
 2024-08-25 13:31:39 +02:00
wssxsxxsx
8894ebc76f
Add Automatic Tank Gauge protocol (#2527) 
See also #2523

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-08-23 22:35:08 +02:00
Vladimir Gavrilov
a10c48c80a
Add CNP/IP protocol support (#2521) 
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
 2024-08-22 15:26:32 +02:00
Luca Deri
fc4fb4d409 Fixed probing attempt risk that was creating false positives 2024-08-07 11:38:41 +02:00
Ivan Nardi
85501c9aaa
FPC: add DPI information (#2514) 
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
 2024-07-23 08:50:27 +02:00
Vladimir Gavrilov
b15337a32b
Add OpenWire support (#2513) 2024-07-22 19:20:44 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Vladimir Gavrilov
6a77a891a8
Add Nano (XNO) protocol support (#2508) 2024-07-18 16:18:12 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Mark Jeffery
f796c94375
Added protocol - JRMI - Java Remote Method Invocation (#2470) 2024-06-15 10:52:28 +02:00
Maatuq
6127e04900
support rtp/rtcp over tcp (#2422) (#2457) 
Support rtp/rtcp over tcp as per rfc4571.

Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
 2024-05-28 22:01:08 +02:00
Ivan Nardi
25f8964a23
CiscoVPN: we detect it only over UDP (#2454) 
The original code handled also TCP/TLS, but it was removed in 6fc29b3ae
 2024-05-28 14:07:48 +02:00
Luca
44a290286b More NDPI_PROBING_ATTEMPT changes 2024-05-22 18:04:33 +02:00
Ivan Nardi
0109014f2c
Follow-up of 2093ac5bf (#2451) 2024-05-21 12:47:25 +02:00
Luca Deri
2093ac5bf6 Minor dissector optimizations 2024-05-20 12:17:04 +02:00
Ivan Nardi
0110623b4e
H323: improve detection and avoid false positives (#2432) 2024-05-11 23:39:54 +02:00
Toni
18e03a26ca
Add extra entropy checks and more precise(?) analysis. (#2383) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-05-09 15:24:11 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Ivan Nardi
266af02752
Merge RTP and RTCP logic (#2416) 
Avoid code duplication between these two protocols.

We remove support for RTCP over TCP; it is quite rare to find this kind
of traffic and, more important, we have never had support for RTP
over TCP: we should try to add both detecion as follow-up.

Fix a message log in the LINE code
 2024-05-06 10:19:46 +02:00