vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 23:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

580 commits

Author SHA1 Message Date
Ivan Nardi
d6cbd624d0
TLS: fix JA4 when there are no ciphers or extensions (#3084) 2026-01-13 19:33:23 +01:00
Ivan Nardi
6828c1ef30
TLS: fix JA4 when there are more than 99 ciphers or extensions (#3083) 2026-01-13 19:31:00 +01:00
Ivan Nardi
411af3e639
Fix HTTP hostname normalization with IPv6 literal address (#3081) 
Close #3065
 2026-01-13 18:43:02 +01:00
Luca Deri
6eb2256ce6 Added JA4 testing pcap 2026-01-02 15:36:24 +01:00
Toni
246462592e
Add additional msgpack protocol validations (Fix #3060, false-positives) (#3061) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-11 14:18:00 +01:00
Toni Uhlig
285496d0b9 Add (generic) MsgPack protocol dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-08 17:50:20 +01:00
Toni
aa3241e17b
Add (generic) JSON protocol dissector. (#2492) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-12-06 20:15:19 +01:00
Luca Deri
3f2f1f8ce4
Added ability to define protocol dissectors in shared libraries (#3047) 
* Added ability to define protocol dissectors in shred libraries and load them at runtime

---------

Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-12-04 15:26:15 +01:00
Ivan Nardi
5cae544a40
s7comm: small fixes and extend tests (#3046) 2025-11-30 15:52:22 +01:00
Luca Deri
b6f0d08086 Added testing pcap files for EthernetIP 2025-11-29 11:38:55 +01:00
Ivan Nardi
e58f23dc75 tests: extend utests 2025-11-18 13:32:14 +01:00
Luca Deri
bb10ecc380 RDP: Added check to detect probing attempts 2025-11-06 22:45:19 +01:00
Ivan Nardi
bb4c6b0a3a
Update every lists (#3017) 2025-11-03 13:00:27 +01:00
Ivan Nardi
71033e0370
Extend http-url custom rules: support for category and breed (#3014) 2025-10-24 19:17:48 +02:00
Ivan Nardi
1fdb6df2b1
Fix FPC confidence with custom rules (#3008) 2025-10-23 12:29:39 +02:00
Ivan Nardi
01836e0071
Proper handling of internal/external ids in FPC; fix FPC with custom rules (#3007) 2025-10-22 21:28:12 +02:00
Ivan Nardi
faca0a6565 ndpiReader: improve statistics 2025-10-22 20:34:29 +02:00
Ivan Nardi
9a925abd28 Proper handling of internal/external ids in ndpi_detection_giveup() 2025-10-22 20:14:43 +02:00
Luca Deri
4ce936bd83
Reworked custom rule protocol classification (#3005) 2025-10-22 17:30:21 +02:00
Luca Deri
ef159add87 Updated test results 2025-10-22 11:39:50 +02:00
Luca Deri
5abe185e2c Added support for urlXXXX@proto in protos.txt 
Fixed varisous protocol mapping in custom protocols definition
 2025-10-22 09:00:58 +02:00
Ivan Nardi
00c0eb947b
Fix the hash statistics of public suffix lists (#3003) 
In the flow risk information always report the original domain name.
Extend the unit tests
 2025-10-21 17:34:25 +02:00
Ivan Nardi
f3ec1cca05
ndpi fingerprint: avoid calculating it for flows without TCP and TLS handshakes (#3002) 2025-10-20 20:39:03 +02:00
Ivan Nardi
9c27c2df3a
Allow to overwrite domain matching via custom rules (#2999) 
This is basically the revert of 0db12b1390 and 43d9caac00.
Add some tests about this feature
 2025-10-20 15:28:16 +02:00
Ivan Nardi
6eb63d9cf9
tests: fixed protocol ids for all custom rules (#3000) 
To ease PR/Commit comparisons
 2025-10-20 14:59:15 +02:00
Ivan Nardi
e7bba509fb
Follow-up of d69446893 (#2998) 
Update the documentation.
We can't return public id on `ndpi_guess_host_protocol_id()` because we
use that value internally:
```
src/lib/ndpi_main.c:  flow->guessed_protocol_id_by_ip = ndpi_guess_host_protocol_id(ndpi_str, flow);
```
 2025-10-19 12:38:51 +02:00
Luca Deri
c28c0a5edc Updated test results 2025-10-18 00:43:18 +02:00
Luca Deri
f80aa7845d Updated results 
Signed-off-by: Luca Deri <deri@ntop.org>
 2025-10-18 00:03:54 +02:00
Luca Deri
d69446893d Added NDPI_MISMATCHING_PROTOCOL_WITH_IP flow risk 
Fixed host protocol matching
Added NDPI_PROTOCOL_AKAMAI protocol
 2025-10-17 23:48:44 +02:00
Ivan Nardi
9d22805954
Add statistics about hash data structures (#2995) 2025-10-17 20:39:15 +02:00
Luca Deri
cb9e63fc8c Improved Android classification 2025-10-16 15:44:06 +02:00
Toni
c67d8b63fa
Improved Telnet detection. Fixes #2936 (#2982) 
* get rid of telnet stage's

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-10-07 16:01:17 +02:00
Ivan Nardi
d06291d125
Add detection of ESPN traffic (#2980) 2025-10-05 21:03:53 +02:00
Ivan Nardi
ceb9a4e69c Workarounf for breed configuration with categories lists 2025-10-05 11:41:59 +02:00
Ivan Nardi
113170cca4
New protocols for Amazon/AWS sub-classification (#2975) 
Add:
* Cognito
* API Gateway
* Kinesis
* EC2
* EMR
* S3
* Cloudfront
* DynamoDB

Keep `NDPI_PROTOCOL_AMAZON_AWS` for generic AWS traffic
 2025-10-02 11:48:25 +02:00
Ivan Nardi
c9dfc946ff example: fix some proto ids in custom rules to ease unit test differences 2025-10-02 11:06:43 +02:00
Ivan Nardi
5aaab7f354
Fix ndpi_is_valid_hostname() (#2974) 
It was completly broken.
Pay some attention to HTTP case where we might have Host header in the
"$DOMAIN:$PORT" form: we usually want to strip the port part

`memrchr` is not available on macOS and on Windows: create a wrapper
 2025-09-29 12:27:21 +02:00
Ivan Nardi
a22083d100
WindowsUpdate: fix category and flow risk (over HTTP) (#2973) 2025-09-25 14:51:13 +02:00
kalinda
e1c0d8ba64
Add Matter protocol dissector (#2957) 
Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
 2025-09-23 15:20:48 +02:00
Ivan Nardi
05f9d96ec0 Sync unit tests results 2025-09-15 08:46:17 +02:00
Toni
6f05ddbcc4
Add Samsung SDP protocol dissector (#2966) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-15 08:40:17 +02:00
Toni
043fe06c1b
Improved CryNetwork disector; detect "special" packets (#2965) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-15 08:33:29 +02:00
Toni
6eb9249f01
Add TriStation dissector (#2964) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-11 16:20:55 +02:00
Ivan Nardi
906eab3863
Update every lists (#2962) 2025-09-09 17:18:47 +02:00
Toni
1c1894720e
Update CryNetwork protocol dissector (#2959) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-08 09:43:11 +02:00
Ivan Nardi
8497b75394
SSDP: fix extraction of SNI (#2955) 
Close #2953
 2025-09-05 17:05:02 +02:00
Toni
1216ec6a27
Fixed risk typ0 (#2952) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2025-09-04 10:46:52 +02:00
Ivan Nardi
efccc7d5e4
Rework flow breed (#2926) 
Right now, there is, in essence, a static mapping between flow protocols
and flow breeds.
Make it dynamic: allow to have different flows, with the same
classification but differents breeds. This is the same logic that we
already have for categories....

Preliminary work to support breed in category lists.

API change from the app POV: to get the flow breed don't use anymore
`ndpi_get_proto_breed()`, but access directly `struct ndpi_proto->breed`

The functions `ndpi_domain_classify_*()` and
`ndpi_get_host_domain_suffix()` now have a `u_int32_t` parameter as
`class_id` (instead of `u_int_16_t`), with the following logic:
```
class_id = (breed << 16) | category
```
instead of the old:
```
class_id = category
```
Please note that this change is back-compatible: if you are not
interested into breeds, you don't need to update the application code.
 2025-09-02 16:54:34 +02:00
Ivan Nardi
c25c1be778 tests: add an example of custom rule with nDPI fingerprint 2025-08-31 19:10:05 +02:00
Ivan Nardi
f4995e5d5f Revert "Always compute nDPI fingerprint (#2950)" 
This reverts commit 2531c2555e.
 2025-08-31 19:07:13 +02:00