vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 02:16:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

22 commits

Author SHA1 Message Date
Ivan Nardi
85501c9aaa
FPC: add DPI information (#2514) 
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
 2024-07-23 08:50:27 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Ivan Nardi
0535e54484
STUN: fix boundary checks on attribute list parsing (#2387) 
Restore all unit tests.
Add some configuration knobs.
Fix the endianess.
 2024-04-12 22:55:51 +02:00
Luca Deri
b83eb7c7a2 Implemented STUN peer_address, relayed_address, response_origin, other_address parsing 
Added code to ignore invalid STUN realm
Extended JSON output with STUN information
 2024-04-12 19:50:04 +02:00
Vladimir Gavrilov
c63697205b
Add Label Distribution Protocol support (#2385) 
* Add Label Distribution Protocol support

* Fix typo

* Update unit test results
 2024-04-12 17:44:36 +02:00
Ivan Nardi
c0d3f8a92e
STUN: rework sub-classification (#2361) 
The main goal is to have the "real" application (if any; i.e.
Signal/Whatsapp/Telegram/...) always as "application" protocol and not
as "master" one
 2024-04-04 18:16:40 +02:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Ivan Nardi
241c42ad7e
ndpiReader: fix guessed_flow_protocols statistic (#2203) 
Increment the counter only if the flow has been guessed
 2023-12-12 19:44:03 +01:00
Ivan Nardi
42d24f8799
STUN: major code rework (#2116) 
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.

STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification

Add identification of Telegram VoIP calls.
 2023-10-30 10:28:19 +01:00
Ivan Nardi
32b50f5aa4
IPv6: add support for IPv6 risk exceptions (#2122) 2023-10-29 12:14:20 +01:00
Ivan Nardi
e8e4b9e8ff
IPv6: add support for IPv6 risk tree (#2118) 
Fix the script to download crawler addressess
 2023-10-27 13:58:15 +02:00
Ivan Nardi
8b07be4b9f
Jabber: remove support for UDP (#2115) 
Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp`
suggests that...).

Bug introduced in 5266c726f
 2023-10-26 20:16:27 +02:00
Ivan Nardi
611c3b66f0
ipv6: add support for ipv6 addresses lists (#2113) 2023-10-26 20:15:44 +02:00
Toni
e70333de87
Added generic Google Protobuf dissector. (#2109) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-24 12:18:31 +02:00
Toni Uhlig
a443bba0dd Add CAN over Ethernet dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-23 13:45:56 +02:00
Toni Uhlig
f69909d49b Add Remote Management Control Protocol (RMCP). 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-19 19:50:57 +02:00
Toni
e4d3d619bc
Add Service Location Protocol dissector. (#2036) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-08-01 08:50:46 +02:00
Luca Deri
fea09e825b Fixes risk mask exception handling while improving the overall performance 2023-07-14 19:52:34 +02:00
Ivan Nardi
950f5cc4e3
fuzz: extend fuzzing coverage (#2040) 
Some notes:
* libinjection: according to https://github.com/libinjection/libinjection/issues/44,
it seems NULL characters are valid in the input string;
* RTP: `rtp_get_stream_type()` is called only for RTP packets; if you
want to tell RTP from RTCP you should use `is_rtp_or_rtcp()`;
* TLS: unnecessary check; we already make the same check just above, at
the beginning of the `while` loop
 2023-07-11 10:12:08 +02:00