vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 15:39:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5068 commits 9 branches 12 tags 263 MiB
Commit graph

28 commits

Author SHA1 Message Date
Luca Deri
511228d36d Added DigitalOcean protocol 2025-01-17 18:26:27 +01:00
Ivan Nardi
5c0143ce58
HTTP: fix entropy calculation (#2666) 
We calculate HTTP entropy according to "Content-type:" header, see
`ndpi_validate_http_content()` on HTTP code
 2025-01-12 12:49:32 +01:00
Toni
9a0a3bb8e7
Improved WebSocket-over-HTTP detection (#2664) 
* detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-01-11 11:23:42 +01:00
Ivan Nardi
c5bd9d8bff
RTP, STUN: improve detection of multimedia flow type (#2620) 
Let's see if we are able to tell audio from video calls only looking at
RTP Payload Type field...
 2024-11-19 16:38:14 +01:00
Luca Deri
3ce8d0e508
Implemented Mikrotik discovery protocol dissection and metadata extraction (#2618) 2024-11-14 23:34:31 +01:00
Luca Deri
d5236c0aaf Fixes TCP fingerprint calculation when multiple EOL are specified in TCP options 2024-10-27 08:17:27 +01:00
Luca Deri
14b076a58b Improved TCP fingerprint 2024-10-20 22:25:55 +02:00
Luca Deri
0cc84e4fdd Improved TCP fingepring calculation 
Adde basidc OS detection based on TCP fingerprint
 2024-10-18 23:47:34 +02:00
Luca Deri
0ef0752c80
Increased struct ndpi_flow_struct size (#2596) 
Build fix
 2024-10-18 07:17:03 +02:00
Luca Deri
ec5efe5cf2 Added sonos dissector 2024-10-13 18:50:34 +02:00
Ivan Nardi
69c89f9061
TLS: heuristics: fix memory allocations (#2577) 
Allocate heuristics state only if really needed.
Fix memory leak (it happened with WebSocket traffic on port 443)
 2024-09-30 16:55:07 +02:00
Nardi Ivan
5d8edccef8 Bittorrent: improve detection of UTPv1 and avoid false positives 2024-09-03 12:39:07 +02:00
Vladimir Gavrilov
64a5dc3cb3
Add TRDP protocol support (#2528) 
The Train Real Time Data Protocol (TRDP) is a UDP/TCP-based communication protocol designed for IP networks in trains, enabling data exchange between devices such as door controls and air conditioning systems. It is standardized by the IEC under IEC 61375-2-3 and is not related to the Remote Desktop Protocol (RDP).
 2024-08-25 13:31:39 +02:00
Vladimir Gavrilov
a10c48c80a
Add CNP/IP protocol support (#2521) 
ISO/IEC 14908-4 defines how to tunnel Control Network Protocol (CNP) over IP networks. It encapsulates protocols like EIA-709, EIA-600, and CNP, making it a versatile solution for building automation and control systems.
 2024-08-22 15:26:32 +02:00
Ivan Nardi
65e31b0ea3
FPC: small improvements (#2512) 
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
 2024-07-22 17:42:23 +02:00
Ivan Nardi
456f0fd427
Improve detection of Cloudflare WARP traffic (#2491) 
See: #2484
 2024-07-04 08:59:04 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Toni
8fd649ab1e
Add Ripe Atlas probe protocol. (#2473) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-06-17 11:00:38 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Toni
80171dbcf3
Add ZUG consensus protocol dissector. (#2458) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-05-28 20:29:48 +02:00
Ivan Nardi
0109014f2c
Follow-up of 2093ac5bf (#2451) 2024-05-21 12:47:25 +02:00
Luca Deri
2093ac5bf6 Minor dissector optimizations 2024-05-20 12:17:04 +02:00
Vladimir Gavrilov
3d1da00d8d
Add Call of Duty Mobile support (#2438) 2024-05-15 12:46:02 +02:00
Ivan Nardi
0110623b4e
H323: improve detection and avoid false positives (#2432) 2024-05-11 23:39:54 +02:00
Vladimir Gavrilov
2d33431948
Add Ethernet Global Data support (#2437) 2024-05-11 16:49:16 +02:00
Ivan Nardi
b116456fc5
Viber: add detection of voip calls and avoid false positives (#2434) 2024-05-11 09:21:13 +02:00
Ivan Nardi
d4650f0f81
Raknet/RTP: avoid Raknet false positives and harden RTP heuristic (#2427) 
There is some overlap between RTP and Raknet detection: give precedence
to RTP logic.
Consequences:
* Raknet might require a little bit more packets for some flows (not a
big issue)
* some very small (1-2 pkts) Raknet flows are not classified (not sure
what do do about that..)
 2024-05-09 21:18:18 +02:00
Ivan Nardi
2e7fc82e55
Protobuf: fix false positives (#2428) 2024-05-09 15:38:06 +02:00