vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 07:29:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

189 commits

Author SHA1 Message Date
0x41CEA55
66036a14f4
Remove PPStream protocol and add iQIYI (#2403) 
P2P video player PPStream was discontinued shortly after the purchase of PPS.tv by Baidu (iQIYI) on 2013 (see https://www.techinasia.com/report-baidu-acquires-video-rival-pps)
So we remove the old `NDPI_PROTOCOL_PPSTREAM` logic and add `NDPI_PROTOCOL_IQIYI` id to handle all the iQIYI traffic, which is basically video streaming traffic.

A video hosting service, called PPS.tv, is still offered by the same company: for the time being we classified both services with the same protocol id.
 2024-04-23 18:01:36 +02:00
0x41CEA55
fd388845d5
Add BFCP protocol support (#2401) 2024-04-23 15:35:19 +02:00
0x41CEA55
905120588b
Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398) 2024-04-19 21:35:32 +02:00
0x41CEA55
e75d7a620e
Add KNXnet/IP protocol support (#2397) 
* Add KNXnet/IP protocol support

* Improve KNXnet/IP over TCP detection
 2024-04-19 12:54:00 +02:00
Ivan Nardi
0535e54484
STUN: fix boundary checks on attribute list parsing (#2387) 
Restore all unit tests.
Add some configuration knobs.
Fix the endianess.
 2024-04-12 22:55:51 +02:00
Luca Deri
b83eb7c7a2 Implemented STUN peer_address, relayed_address, response_origin, other_address parsing 
Added code to ignore invalid STUN realm
Extended JSON output with STUN information
 2024-04-12 19:50:04 +02:00
Vladimir Gavrilov
c63697205b
Add Label Distribution Protocol support (#2385) 
* Add Label Distribution Protocol support

* Fix typo

* Update unit test results
 2024-04-12 17:44:36 +02:00
Ivan Nardi
93f02ee507
Fix ndpi_reconcile_msteams_udp (#2377) 
Microsoft UDP traffic over port ~3478 is voip traffic, using some kind
of proprietary STUN-like protocol: so use the most specific protocol id.

More important, we definitely want `Stun/Skype_TeamsCall` and not
`Stun/Skype_Teams`
 2024-04-12 17:05:28 +02:00
Toni Uhlig
082b00ede7
Updated unit test results 
* fixed invalid read

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-04-12 16:38:44 +02:00
Vladimir Gavrilov
9ff4bece33
Add The Elder Scrolls Online support (#2376) 
* Add The Elder Scrolls Online support

* Use ndpi_memmem instead of memmem from libc

* Add protocol description

* Change selection bitmask to V4_V6

* Update protocols.rst
 2024-04-10 18:04:02 +02:00
Ivan Nardi
1b3ef7d7b2
STUN: improve extraction of Mapped-Address metadata (#2370) 
Enable parsing of Mapped-Address attribute for all STUN flows: that
means that STUN classification might require more packets.

Add a configuration knob to enable/disable this feature.

Note that we can have (any) STUN metadata also for flows *not*
classified as STUN (because of DTLS).

Add support for ipv6.

Restore the correct extra dissection logic for Telegram flows.
 2024-04-08 10:24:51 +02:00
Toni
727e72d1f1
Calculate packet entropy for unknown protocols. (#2369) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-04-06 17:01:19 +02:00
Vladimir Gavrilov
5b32c98a21
Add LoL: Wild Rift detection (#2356) 2024-03-26 08:11:14 +01:00
Nardi Ivan
15a80527c6 STUN: remove workaround to identify RTP traffic 
We are able to demultiplex RTP packets in STUN flows since 3608ab01b, at
least; no need to explicity call the RTP dissector
 2024-03-20 09:39:15 +01:00
Vladimir Gavrilov
e6474d835f
Add FLUTE protocol dissector (#2351) 
* Add FLUTE protocol dissector

* Add flute.c to MSVC project
 2024-03-19 09:11:04 +01:00
Vladimir Gavrilov
8fad77991d
Add PFCP protocol dissector (#2342) 2024-03-13 20:18:43 +01:00
Vladimir Gavrilov
e2949048e0
Add Path of Exile protocol dissector (#2337) 
* Add Path of Exile protocol dissector

* Update protocols.rst
 2024-03-06 19:59:09 +01:00
Vladimir Gavrilov
58fdc9fafb
Add Naraka Bladepoint detection support (#2334) 2024-03-04 08:30:54 +01:00
Vladimir Gavrilov
f2e3c7fb90
Add BFD protocol dissector (#2332) 2024-02-29 08:19:00 +01:00
Nardi Ivan
ed5ba179f6 Telegram: improve identification 
Follow up of 31c706c3db and
75485e177c.

Allow fast classification by ip, but give time to other dissectors to
kick in (for example, the TLS code for the Telegram Web flows).

Even if we don't classify it anymore at the very first packet (i.e. SYN)
we fully classify Telegram traffic at the first packet with payload, as
*any* other protocol.
This way, we always have the proper category, the proper confidence
for the UDP flows and we don't overwrite previous classifications (TLS
or ICMP)

Remove old and stale identification logic for TCP flows
 2024-02-26 09:26:21 +01:00
Luca Deri
71b7afccf5 Updated telegam out 2024-02-23 16:22:13 +01:00
Luca Deri
31c706c3db Improved telegram detection 2024-02-22 22:23:23 +01:00
Vladimir Gavrilov
66b6e2b3f2
Add DLEP protocol dissector (#2326) 2024-02-20 16:05:41 +01:00
Vladimir Gavrilov
e93bcfd619
Add ANSI C12.22 protocol dissector (#2317) 
* Add ANSI C12.22 protocol dissector

* Add UDP sample
 2024-02-15 09:36:06 +01:00
Ivan Nardi
ae36648c6c
Skype: remove old detection logic (#1954) 
Skype has been using standard protocols (STUN/ICE or TLS) for a long,
long time, now. Long gone are the days of Skype as a distribuited
protocol.

See: #2166
 2024-02-12 18:39:24 +01:00
Vladimir Gavrilov
f5cec001f3
Add detection of Gaijin Entertainment games (#2311) 
* Add detection of Gaijin Entertainment games

* Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN

* Add default UDP port for Gaijin Entertainment games

* Remove NDPI_PROTOCOL_CROSSOUT protocol id
 2024-02-09 11:07:48 +01:00
Vladimir Gavrilov
6207be43fa
Add TencentGames protocol dissector (#2306) 2024-02-08 08:10:35 +01:00
Vladimir Gavrilov
4c9446379f
Add Gearman protocol dissector (#2297) 2024-02-01 19:46:57 +01:00
Luca Deri
47f72443fa Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial protocol 2024-01-29 13:28:41 +01:00
Vladimir Gavrilov
c807d84054
Fix RESP detection (#2289) 
* Rename redis_net.c to resp.c

* Fix RESP detection
 2024-01-27 21:19:34 +01:00
Toni
bcca89b78c
Add Raft protocol dissector. (#2286) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-25 20:26:18 +01:00
Vladimir Gavrilov
4e712e3ab5
Add Radmin protocol dissector (#2283) 
* Add Radmin protocol dissector

* Update test results
 2024-01-25 08:10:29 +01:00
Vladimir Gavrilov
f04b4450a1
Add STOMP protocol dissector (#2280) 2024-01-23 21:08:13 +01:00
Toni
7d24e1258d
Add Yojimbo (netcode) protocol dissector (#2277) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-21 17:47:42 +01:00
Ivan Nardi
eb129297e9
Add a dedicated dissector for Zoom (#2265) 
Move it from the RTP code and extend it
 2024-01-19 10:01:38 +01:00
Vladimir Gavrilov
6ac2ce84f8
Add Mumble detection support (#2269) 2024-01-19 07:46:51 +01:00
Vladimir Gavrilov
248f3d5588
Rework Steam detection (part 1) (#2264) 
* Clean up Steam dissector

* Add Steam Datagram Relay dissector

* Update docs

* Update test results

* Remove csgo.c from MSVC project

* Small fixes

* Add Steam TLS pcap sample

* Merge Steam pcap samples into single one

* Fix typo

* Update test results
 2024-01-18 19:23:44 +01:00
Nardi Ivan
f55358973f config: move LRU cache configurations to the new API 2024-01-18 10:21:24 +01:00
Toni
0aea509e23
Add KCP protocol dissector. (#2257) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-12 12:14:59 +01:00
Toni
c5b0b05b80
Add Roughtime protocol dissector. (#2248) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-09 07:56:27 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Vladimir Gavrilov
3d09b25653
Add Ceph protocol dissector (#2242) 
* Add Ceph protocol dissector

* Update protocols.rst
 2024-01-04 13:22:23 +01:00
Vladimir Gavrilov
7f9973bd0c
Add HL7 protocol dissector (#2240) 
* Add HL7 protocol dissector

* Small fixes

* Small fixes
 2024-01-02 20:57:05 +01:00
Vladimir Gavrilov
0180c1f04a
Add IEC62056 (DLMS/COSEM) protocol dissector (#2229) 
* Add IEC62056 (DLMS/COSEM) protocol dissector

* Fix detection on big endian architectures

* Update protocols.rst

* Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c

* Update pcap sample

* Remove empty .out file

* iec62056: add some documentation

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-01-02 16:45:54 +01:00
Vladimir Gavrilov
2796bc9b47
Add NoMachine NX protocol dissector (#2234) 
* Add NoMachine protocol dissector

* Fix detection on big endian architectures

* Make NoMachine over UDP check more strict

* Small fixes
 2024-01-02 10:23:42 +01:00
Luca Deri
8285fffdae Implements JA4 Support (#2191) 2023-12-22 20:40:42 +01:00
Vladimir Gavrilov
5eb468d07b
Add Apache Kafka protocol dissector (#2226) 2023-12-22 14:42:47 +01:00
Vladimir Gavrilov
149067b3fc
Add JSON-RPC protocol dissector (#2217) 
* Add JSON-RPC protocol dissector

* Small fixes

* Improve detection
 2023-12-20 12:42:25 +01:00
Vladimir Gavrilov
33f11cb10f
Add OpenFlow protocol dissector (#2222) 2023-12-20 10:48:45 +01:00
Vladimir Gavrilov
59c8eabc0e
Add UFTP protocol dissector (#2215) 
* Add UFTP protocol dissector

* Update docs

* Merge pcap files
 2023-12-18 11:21:07 +01:00