vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 17:00:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

4969 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ivan Nardi
767f403e0d
fuzz: improve fuzzing coverage (#2535) 
Updtae pl7m code (fix a Use-of-uninitialized-value error and add GTP
support)
 2024-09-03 12:40:45 +02:00
Nardi Ivan
5d8edccef8 Bittorrent: improve detection of UTPv1 and avoid false positives 2024-09-03 12:39:07 +02:00
Nardi Ivan
91531ed040 Bittorrent: fix extra dissection 
On extra-dissection data-path we only need to look for the hash (the
flow is already classified as Bittorrent).
As a nice side-effect, the confidence is now always with the right
value.
 2024-09-03 12:39:07 +02:00
Ivan Nardi
338eedd05b
HTTP, QUIC, TLS: allow to disable sub-classification (#2533) 2024-09-03 12:35:45 +02:00
Alfredo Cardigliano
2d040247a7 Update doc 2024-09-02 18:11:02 +02:00
Liam Wilson
bcce6beee4
Improved Yahoo matching for Japanese traffic (#2539) 
Japanese Yahoo domains are missed. Add yahoo.co.jp, yimg.jp, and the
domain for ads seen when accessing yahoo.co.jp.
 2024-09-02 08:17:36 +02:00
Vladimir Gavrilov
3189f19b0f
Fix CNP-IP false positives (#2531) 2024-08-30 13:31:34 +02:00
Alfredo Cardigliano
69fd4aadf3 Print risk code in ndpi_dump_risks_score 2024-08-28 11:41:15 +02:00
Alfredo Cardigliano
bdf7108224 Add missing risks in ndpi_risk2code and ndpi_risk2code 2024-08-28 11:41:04 +02:00
Luca Deri
d769b23e05 Added print_ndpi_address_port in nDPi API 2024-08-27 16:38:35 +02:00
Luca Deri
5436dddef5 Added ndpi_risk2code and ndpi_code2risk 2024-08-27 15:41:40 +02:00
Ivan Nardi
34e1ac0bbb
fuzz: fix compilation (#2532) 2024-08-26 21:01:18 +02:00
Luca Deri
6fcd1ba941 ndpi_get_protocol_by_name now return UNKNoWN when one protocol (either master or app) is not recognized 2024-08-26 16:48:18 +02:00
Luca Deri
c8f8d87bf9 Comments 2024-08-26 16:47:11 +02:00
Luca Deri
9263d4dd87 Added in API 
bool ndpi_is_proto(ndpi_master_app_protocol proto, u_int16_t p);
bool ndpi_is_proto_unknown(ndpi_master_app_protocol proto);
bool ndpi_is_proto_equals(ndpi_master_app_protocol to_check, ndpi_master_app_protocol to_match, bool exact_match_only);
u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name);
char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
extern ndpi_master_app_protocol ndpi_get_protocol_by_name(struct ndpi_detection_module_struct *ndpi_str, const char *name);

Removed (duplicate of ndpi_get_proto_by_name)
int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto);
 2024-08-26 15:56:18 +02:00
Luca Deri
e4e91e9380 Typo 2024-08-26 10:53:33 +02:00
Vladimir Gavrilov
64a5dc3cb3
Add TRDP protocol support (#2528) 
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
 2024-08-25 13:31:39 +02:00
Luca Deri
fbbe40b821 Added comment 2024-08-25 12:06:58 +02:00
Vladimir Gavrilov
aec2e2fbb8
Endian-independent implementation of IEEE 802.3 CRC32 (#2529) 2024-08-25 11:54:17 +02:00
Luca Deri
763a9c6474 Tests output update 2024-08-25 11:53:15 +02:00
Luca Deri
bad0e60813 Changed NDPI_MALICIOUS_JA3 to NDPI_MALICIOUS_FINGERPRINT 2024-08-25 11:34:43 +02:00
Luca Deri
f7ee92c690 Added ndpi_get_protocol_by_name*( API call 2024-08-24 17:43:19 +02:00
Luca Deri
0a4198b35a Fix for old gcc compilers 2024-08-24 16:55:20 +02:00
Luca Deri
b627ec91d1 Compilation fixes 2024-08-24 17:18:33 +02:00
Luca Deri
2315f44efa Compilation fixes 2024-08-24 16:59:56 +02:00
Luca Deri
53a6bae365 Introduced ndpi_master_app_protocol typedef 2024-08-24 16:30:58 +02:00
wssxsxxsx
8894ebc76f
Add Automatic Tank Gauge protocol (#2527) 
See also #2523

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-08-23 22:35:08 +02:00
Maatuq
f03938a725
ahocorasick: fix mem leaked AC_NODE_T object (#2258) (#2522) 
Skipping node at depth = AC_PATTRN_MAX_LENGTH inside `ac_automata_walk()` caused this leak, as one of the added patterns has len = AC_PATTRN_MAX_LENGTH (not including the null char), this change avoid this.

Fix: #2258

Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
 2024-08-23 20:51:35 +02:00
Ivan Nardi
7558bcd39f
Fix url for downloading X/Twitter crawler IPs (#2526) 2024-08-22 15:35:33 +02:00
Vladimir Gavrilov
a10c48c80a
Add CNP/IP protocol support (#2521) 
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
 2024-08-22 15:26:32 +02:00
Luca Deri
9b1736aa89 Initialization fix 2024-08-22 12:26:17 +02:00
Luca Deri
e72255445c Fixed initialization 2024-08-22 12:08:12 +02:00
Luca Deri
d6bde4bcd9
Removed unnecessary includes (#2525) 2024-08-21 12:21:03 +02:00
Luca Deri
5610145c6c Fixes Viber false positive detection 2024-08-19 18:27:06 +02:00
Nardi Ivan
5d33312be7 Sync unit tests results 2024-08-07 11:56:16 +02:00
Luca Deri
fc4fb4d409 Fixed probing attempt risk that was creating false positives 2024-08-07 11:38:41 +02:00
Ivan Nardi
653175e724
Fix verify_dist_tarball.sh after latest release (#2519) 
Moving from 4.8 to 4.10 (and so, from 4.9 to 4.11 for development builds)
made some paths one character longer; that triggers an error with tar
when running `verify_dist_tarball.sh` script:

```
tar: libndpi-4.11.0/fuzz/corpus/fuzz_filecfg_config/flow_risk.anonymous_subscriber.list.protonvpn.load.txt: file name is too long (max 99); not dumped
```
As a quick fix, reduce the length of that file name.
 2024-08-07 10:04:33 +02:00
Luca Deri
af0320a1fa Moved dev branch to 4.11 2024-08-05 09:50:55 +02:00
Luca Deri
2afda4ab57
Update for nDPI 4.10 2024-08-05 09:44:21 +02:00
Ivan Nardi
2740a4f4e3
Update all IP lists (#2515) 
The `suffix_id` is simply an incremental index (see
`ndpi_load_domain_suffixes`), so its value might changes every time we
update the public suffix list.
 2024-08-02 15:06:08 +02:00
Luca Deri
dbfeb06e26 Enhanced PrimeVideo detection 2024-07-30 20:02:45 +02:00
Luca Deri
c2b657f0c4 Enhanced ookla tracing 2024-07-29 18:21:45 +02:00
Luca Deri
f3ea8ca6be Improved ICMP malformed packet risk description 2024-07-25 12:54:59 +02:00
Ivan Nardi
85501c9aaa
FPC: add DPI information (#2514) 
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
 2024-07-23 08:50:27 +02:00
Vladimir Gavrilov
b15337a32b
Add OpenWire support (#2513) 2024-07-22 19:20:44 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
mmanoj
67f5cdafc0
FPC: add DNS correlation (#2497) 
Use DNS information to get a better First Packet Classification.

See: #2322

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-07-22 11:34:07 +02:00
Petr
2a3f4dc8b4
Performed some grammar and typo fixes (#2511) 2024-07-19 11:22:35 +02:00
Petr
be0b2c2d90
ipaddr2list.py, ndpi2timeline.py: reformatted (#2509) 2024-07-18 20:35:47 +02:00
Petr
92d0b8d91f
ndpi_strncasestr: optimization, fixes, tests (#2507) 2024-07-18 19:40:09 +02:00