vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 02:16:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

30 commits

Author SHA1 Message Date
Ivan Nardi
85501c9aaa
FPC: add DPI information (#2514) 
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
 2024-07-23 08:50:27 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Ivan Nardi
fd02baa13a
DTLS: fix JA4 fingerprint (#2446) 2024-05-21 18:13:25 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Ivan Nardi
e31ef00715
TLS: avoid setting NDPI_TLS_SELFSIGNED_CERTIFICATE for webrtc traffic (#2417) 
See RFC8122: it is quite likely that STUN/DTLS/SRTP flows use
self-signed certificates

Follow-up of b287d6ec8
 2024-05-06 10:20:07 +02:00
Ivan Nardi
abc7e430e2
STUN: slightly faster sub-classification with DTLS (#2404) 2024-04-23 09:31:48 +02:00
Ivan Nardi
8edb2f133c
STUN: add support for ipv6 in some metadata (#2389) 2024-04-13 14:12:20 +02:00
Luca Deri
b83eb7c7a2 Implemented STUN peer_address, relayed_address, response_origin, other_address parsing 
Added code to ignore invalid STUN realm
Extended JSON output with STUN information
 2024-04-12 19:50:04 +02:00
Luca Deri
a8507c3308 STUN: 
- Fixed issue with XOR-MAPPED-ADDRESS decoding
- Implemented MAPPED_ADDRESS (IPv4 only)
 2024-04-12 15:49:42 +02:00
Ivan Nardi
1b3ef7d7b2
STUN: improve extraction of Mapped-Address metadata (#2370) 
Enable parsing of Mapped-Address attribute for all STUN flows: that
means that STUN classification might require more packets.

Add a configuration knob to enable/disable this feature.

Note that we can have (any) STUN metadata also for flows *not*
classified as STUN (because of DTLS).

Add support for ipv6.

Restore the correct extra dissection logic for Telegram flows.
 2024-04-08 10:24:51 +02:00
Ivan Nardi
56ce228a8b
Add a specific protocol id for audio/video calls made using Google apps (#2341) 
Same logic already used for Signal/Whatsapp/Line/Facebook/...
 2024-03-07 13:48:19 +01:00
Ivan Nardi
c95e8c184e
STUN: fix category when sub-classification is set in "extra-dissection" data path (#2320) 2024-02-24 09:44:24 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Ivan Nardi
88d1416b70
STUN: fix detection of Google Meet over IPv6 (#2241) 2024-01-02 19:30:59 +01:00
Vladimir Gavrilov
0f4d9f5054
Remove Google Hangouts/Duo stuff (#2233) 
* Remove Google Hangouts/Duo support

* Update protocols.rst
 2024-01-02 14:01:33 +01:00
Ivan Nardi
241c42ad7e
ndpiReader: fix guessed_flow_protocols statistic (#2203) 
Increment the counter only if the flow has been guessed
 2023-12-12 19:44:03 +01:00
Ivan Nardi
42d24f8799
STUN: major code rework (#2116) 
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.

STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification

Add identification of Telegram VoIP calls.
 2023-10-30 10:28:19 +01:00
Ivan Nardi
32b50f5aa4
IPv6: add support for IPv6 risk exceptions (#2122) 2023-10-29 12:14:20 +01:00
Ivan Nardi
e8e4b9e8ff
IPv6: add support for IPv6 risk tree (#2118) 
Fix the script to download crawler addressess
 2023-10-27 13:58:15 +02:00
Ivan Nardi
8b07be4b9f
Jabber: remove support for UDP (#2115) 
Jabber/XMPP is only over TCP (even the name `ndpi_search_jabber_tcp`
suggests that...).

Bug introduced in 5266c726f
 2023-10-26 20:16:27 +02:00
Ivan Nardi
611c3b66f0
ipv6: add support for ipv6 addresses lists (#2113) 2023-10-26 20:15:44 +02:00
Toni
e70333de87
Added generic Google Protobuf dissector. (#2109) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-24 12:18:31 +02:00
Toni Uhlig
a443bba0dd Add CAN over Ethernet dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-23 13:45:56 +02:00
Toni Uhlig
f69909d49b Add Remote Management Control Protocol (RMCP). 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-10-19 19:50:57 +02:00
Toni
e4d3d619bc
Add Service Location Protocol dissector. (#2036) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-08-01 08:50:46 +02:00
Luca Deri
fea09e825b Fixes risk mask exception handling while improving the overall performance 2023-07-14 19:52:34 +02:00
Ivan Nardi
bb978907e6
STUN: fix detection of Google Voip apps (#2031) 
Fix: 2c7fb9179
 2023-07-05 14:37:38 +02:00
Ivan Nardi
7ffd31ebc3
STUN: avoid FacebookVoip false positives (#2029) 
Attribute 0xC057 is defined in the Google public implementation of
webrtc (which is used by Google products but also by other applications)
 2023-07-03 17:21:46 +02:00