vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 23:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

638 commits

Author SHA1 Message Date
Ivan Nardi
d6cbd624d0
TLS: fix JA4 when there are no ciphers or extensions (#3084) 2026-01-13 19:33:23 +01:00
Ivan Nardi
6828c1ef30
TLS: fix JA4 when there are more than 99 ciphers or extensions (#3083) 2026-01-13 19:31:00 +01:00
Ivan Nardi
411af3e639
Fix HTTP hostname normalization with IPv6 literal address (#3081) 
Close #3065
 2026-01-13 18:43:02 +01:00
Luca Deri
901e317422
Added --cfg "tls,max_num_blocks_to_analyze,X" for dynamically setting TLS blocks number (#3073) 
* Added --cfg "tls,max_num_blocks_to_analyze,X" where if X > 0 TLS blocks are analyzed

Example --cfg "tls,max_num_blocks_to_analyze,8"

* TLS blocks now include a time-delta (msec) with respect to the previous TLS block.
The format is @<msec delta>. Example:

 "tls_blocks": [
         "22:1=232@191",
         "22:2=-122@5,20=-1@5,21=-23@5,21=-905@5,21=-281@5",
         "21=-53@0",
         "20=1@3,21=53@3",
         "21=-218@119,21=-218@119",
 ]
 2026-01-08 23:36:13 +01:00
Luca Deri
6eb2256ce6 Added JA4 testing pcap 2026-01-02 15:36:24 +01:00
Toni
246462592e
Add additional msgpack protocol validations (Fix #3060, false-positives) (#3061) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-11 14:18:00 +01:00
Ivan Nardi
99b0668765 Fix 2025-12-08 17:51:32 +01:00
Ivan Nardi
39f3cd9558 test: rework main script 
The issue about `config.txt` files is that they contains paths:
* to configuration files, which are in the source tree
* to the dynamic plugins, which are in the build tree

Solution:
* copy all configuration files into the build tree
* all those paths are about the build tree
* tests run from the build tree, no from the source tree anymore
 2025-12-08 17:51:32 +01:00
Toni Uhlig
285496d0b9 Add (generic) MsgPack protocol dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-08 17:50:20 +01:00
Toni
aa3241e17b
Add (generic) JSON protocol dissector. (#2492) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-06 20:15:19 +01:00
Luca Deri
3f2f1f8ce4
Added ability to define protocol dissectors in shared libraries (#3047) 
* Added ability to define protocol dissectors in shred libraries and load them at runtime

---------

Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-12-04 15:26:15 +01:00
Ivan Nardi
5cae544a40
s7comm: small fixes and extend tests (#3046) 2025-11-30 15:52:22 +01:00
Luca Deri
b6f0d08086 Added testing pcap files for EthernetIP 2025-11-29 11:38:55 +01:00
Ivan Nardi
b762509177
S7Comm: follow-up to complete monitoring feature (#3045) 2025-11-28 18:11:24 +01:00
Ivan Nardi
e58f23dc75 tests: extend utests 2025-11-18 13:32:14 +01:00
Ivan Nardi
14dc8eb1bd utests: small fix 2025-11-12 19:13:18 +01:00
Luca Deri
bb10ecc380 RDP: Added check to detect probing attempts 2025-11-06 22:45:19 +01:00
Ivan Nardi
bb4c6b0a3a
Update every lists (#3017) 2025-11-03 13:00:27 +01:00
Ivan Nardi
71033e0370
Extend http-url custom rules: support for category and breed (#3014) 2025-10-24 19:17:48 +02:00
Ivan Nardi
1b566135d7
Fix flow risks with custom rules (#3010) 2025-10-23 19:51:12 +02:00
Ivan Nardi
1fdb6df2b1
Fix FPC confidence with custom rules (#3008) 2025-10-23 12:29:39 +02:00
Ivan Nardi
01836e0071
Proper handling of internal/external ids in FPC; fix FPC with custom rules (#3007) 2025-10-22 21:28:12 +02:00
Ivan Nardi
faca0a6565 ndpiReader: improve statistics 2025-10-22 20:34:29 +02:00
Ivan Nardi
9a925abd28 Proper handling of internal/external ids in ndpi_detection_giveup() 2025-10-22 20:14:43 +02:00
Luca Deri
4ce936bd83
Reworked custom rule protocol classification (#3005) 2025-10-22 17:30:21 +02:00
Luca Deri
ef159add87 Updated test results 2025-10-22 11:39:50 +02:00
Luca Deri
5abe185e2c Added support for urlXXXX@proto in protos.txt 
Fixed varisous protocol mapping in custom protocols definition
 2025-10-22 09:00:58 +02:00
Ivan Nardi
b9c847a176 config: fix "only_classification" configuration 2025-10-21 20:19:56 +02:00
Ivan Nardi
00c0eb947b
Fix the hash statistics of public suffix lists (#3003) 
In the flow risk information always report the original domain name.
Extend the unit tests
 2025-10-21 17:34:25 +02:00
Ivan Nardi
f3ec1cca05
ndpi fingerprint: avoid calculating it for flows without TCP and TLS handshakes (#3002) 2025-10-20 20:39:03 +02:00
Ivan Nardi
9c27c2df3a
Allow to overwrite domain matching via custom rules (#2999) 
This is basically the revert of 0db12b1390 and 43d9caac00.
Add some tests about this feature
 2025-10-20 15:28:16 +02:00
Ivan Nardi
6eb63d9cf9
tests: fixed protocol ids for all custom rules (#3000) 
To ease PR/Commit comparisons
 2025-10-20 14:59:15 +02:00
Ivan Nardi
e7bba509fb
Follow-up of d69446893 (#2998) 
Update the documentation.
We can't return public id on `ndpi_guess_host_protocol_id()` because we
use that value internally:
```
src/lib/ndpi_main.c:  flow->guessed_protocol_id_by_ip = ndpi_guess_host_protocol_id(ndpi_str, flow);
```
 2025-10-19 12:38:51 +02:00
Luca Deri
c28c0a5edc Updated test results 2025-10-18 00:43:18 +02:00
Luca Deri
f80aa7845d Updated results 
Signed-off-by: Luca Deri <deri@ntop.org>
 2025-10-18 00:03:54 +02:00
Luca Deri
d69446893d Added NDPI_MISMATCHING_PROTOCOL_WITH_IP flow risk 
Fixed host protocol matching
Added NDPI_PROTOCOL_AKAMAI protocol
 2025-10-17 23:48:44 +02:00
Ivan Nardi
9d22805954
Add statistics about hash data structures (#2995) 2025-10-17 20:39:15 +02:00
Luca Deri
cb9e63fc8c Improved Android classification 2025-10-16 15:44:06 +02:00
Toni
c67d8b63fa
Improved Telnet detection. Fixes #2936 (#2982) 
* get rid of telnet stage's

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-10-07 16:01:17 +02:00
Ivan Nardi
d06291d125
Add detection of ESPN traffic (#2980) 2025-10-05 21:03:53 +02:00
Ivan Nardi
ceb9a4e69c Workarounf for breed configuration with categories lists 2025-10-05 11:41:59 +02:00
Ivan Nardi
113170cca4
New protocols for Amazon/AWS sub-classification (#2975) 
Add:
* Cognito
* API Gateway
* Kinesis
* EC2
* EMR
* S3
* Cloudfront
* DynamoDB

Keep `NDPI_PROTOCOL_AMAZON_AWS` for generic AWS traffic
 2025-10-02 11:48:25 +02:00
Ivan Nardi
c9dfc946ff example: fix some proto ids in custom rules to ease unit test differences 2025-10-02 11:06:43 +02:00
Ivan Nardi
5aaab7f354
Fix ndpi_is_valid_hostname() (#2974) 
It was completly broken.
Pay some attention to HTTP case where we might have Host header in the
"$DOMAIN:$PORT" form: we usually want to strip the port part

`memrchr` is not available on macOS and on Windows: create a wrapper
 2025-09-29 12:27:21 +02:00
Ivan Nardi
a22083d100
WindowsUpdate: fix category and flow risk (over HTTP) (#2973) 2025-09-25 14:51:13 +02:00
kalinda
e1c0d8ba64
Add Matter protocol dissector (#2957) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-09-23 15:20:48 +02:00
Ivan Nardi
ddd277fc44
HTTP: add further configuration to enable/disable metadata extraction (#2972) 
Rename existing configuration knobs, to better separate metadata from
requests, from metadata from responses
 2025-09-23 15:11:25 +02:00
Ivan Nardi
05f9d96ec0 Sync unit tests results 2025-09-15 08:46:17 +02:00
Toni
6f05ddbcc4
Add Samsung SDP protocol dissector (#2966) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-15 08:40:17 +02:00
Toni
043fe06c1b
Improved CryNetwork disector; detect "special" packets (#2965) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-15 08:33:29 +02:00