vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 07:29:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

92 commits

Author SHA1 Message Date
Vladimir Gavrilov
f5cec001f3
Add detection of Gaijin Entertainment games (#2311) 
* Add detection of Gaijin Entertainment games

* Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN

* Add default UDP port for Gaijin Entertainment games

* Remove NDPI_PROTOCOL_CROSSOUT protocol id
 2024-02-09 11:07:48 +01:00
Luca Deri
47f72443fa Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial protocol 2024-01-29 13:28:41 +01:00
Ivan Nardi
d577508727
fuzz: extend fuzzing coverage (#2281) 2024-01-24 21:16:58 +01:00
Ivan Nardi
82e8bf91dd
Improve handling of custom rules (#2276) 
Avoid collisions between user-ids and internal-ids protocols in the
`example/protos.txt` file.
Add a new value for the classification confidence:
`NDPI_CONFIDENCE_CUSTOM_RULE`

With `./example/ndpiReader -p example/protos.txt -H` we now see also the
custom protocols and their internal/external ids:

```
nDPI supported protocols:
 Id Userd-id Protocol               Layer_4    Nw_Proto Breed        Category
  0        0 Unknown                TCP        X        Unrated      Unspecified

...

387      387 Mumble                 UDP        X        Fun          VoIP
388      388 iSCSI                  TCP                 Acceptable   Unspecified
389      389 Kibana                 TCP                 Acceptable   Unspecified
390      390 TestProto              TCP                 Acceptable   Unspecified
391      391 HomeRouter             TCP                 Acceptable   Unspecified
392      392 CustomProtocol         TCP                 Acceptable   Unspecified
393      393 AmazonPrime            TCP                 Acceptable   Unspecified
394      394 CustomProtocolA        TCP                 Acceptable   Unspecified
395      395 CustomProtocolB        TCP                 Acceptable   Unspecified
396      800 CustomProtocolC        TCP                 Acceptable   Unspecified
397     1024 CustomProtocolD        TCP                 Acceptable   Unspecified
398     2048 CustomProtocolE        TCP                 Acceptable   Unspecified
399     2049 CustomProtocolF        TCP                 Acceptable   Unspecified
400     2050 CustomProtocolG        TCP                 Acceptable   Unspecified
401    65535 CustomProtocolH        TCP                 Acceptable   Unspecified
```

We likely need to take a better look in general at the iteration between
internal and external protocols ids...

This PR fixes the issue observed in
https://github.com/ntop/nDPI/pull/2274#discussion_r1460674874 and in
https://github.com/ntop/nDPI/pull/2275.
 2024-01-21 19:53:32 +01:00
Vladimir Gavrilov
5620e10742
Add ElectronicArts detection support (#2274) 
* Add ElectronicArts detection support

* Merge electronicarts.pcapng into sites.pcapng
 2024-01-21 18:58:12 +01:00
Toni
7d24e1258d
Add Yojimbo (netcode) protocol dissector (#2277) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-21 17:47:42 +01:00
Vladimir Gavrilov
6ac2ce84f8
Add Mumble detection support (#2269) 2024-01-19 07:46:51 +01:00
Vladimir Gavrilov
248f3d5588
Rework Steam detection (part 1) (#2264) 
* Clean up Steam dissector

* Add Steam Datagram Relay dissector

* Update docs

* Update test results

* Remove csgo.c from MSVC project

* Small fixes

* Add Steam TLS pcap sample

* Merge Steam pcap samples into single one

* Fix typo

* Update test results
 2024-01-18 19:23:44 +01:00
Toni
0aea509e23
Add KCP protocol dissector. (#2257) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-12 12:14:59 +01:00
Vladimir Gavrilov
3d57dec6b4
Add PIA (Private Internet Access) support (#2250) 
* Fix typo in protocols.rst

* Add PIA (Private Internet Access) support

* Update ndpi_main.c
 2024-01-09 18:28:57 +01:00
Toni
c5b0b05b80
Add Roughtime protocol dissector. (#2248) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-09 07:56:27 +01:00
Vladimir Gavrilov
ce08291ccd
Add Google Chat support (#2244) 2024-01-07 18:04:59 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Vladimir Gavrilov
3d09b25653
Add Ceph protocol dissector (#2242) 
* Add Ceph protocol dissector

* Update protocols.rst
 2024-01-04 13:22:23 +01:00
Vladimir Gavrilov
7f9973bd0c
Add HL7 protocol dissector (#2240) 
* Add HL7 protocol dissector

* Small fixes

* Small fixes
 2024-01-02 20:57:05 +01:00
Vladimir Gavrilov
0180c1f04a
Add IEC62056 (DLMS/COSEM) protocol dissector (#2229) 
* Add IEC62056 (DLMS/COSEM) protocol dissector

* Fix detection on big endian architectures

* Update protocols.rst

* Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c

* Update pcap sample

* Remove empty .out file

* iec62056: add some documentation

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-01-02 16:45:54 +01:00
Vladimir Gavrilov
2796bc9b47
Add NoMachine NX protocol dissector (#2234) 
* Add NoMachine protocol dissector

* Fix detection on big endian architectures

* Make NoMachine over UDP check more strict

* Small fixes
 2024-01-02 10:23:42 +01:00
Vladimir Gavrilov
5eb468d07b
Add Apache Kafka protocol dissector (#2226) 2023-12-22 14:42:47 +01:00
Vladimir Gavrilov
6fc8aa4e61
Add WebDAV detection support (#2224) 
* Add WebDAV detection support

* Add pcap example

* Update test results

* Remove redundant checks

* Add WebDAV related HTTP methods to fuzz/dictionary.dict

* Add note about WebDAV
 2023-12-22 13:23:37 +01:00
Vladimir Gavrilov
149067b3fc
Add JSON-RPC protocol dissector (#2217) 
* Add JSON-RPC protocol dissector

* Small fixes

* Improve detection
 2023-12-20 12:42:25 +01:00
Vladimir Gavrilov
33f11cb10f
Add OpenFlow protocol dissector (#2222) 2023-12-20 10:48:45 +01:00
Vladimir Gavrilov
59c8eabc0e
Add UFTP protocol dissector (#2215) 
* Add UFTP protocol dissector

* Update docs

* Merge pcap files
 2023-12-18 11:21:07 +01:00
Vladimir Gavrilov
d8c7a76611
Add HiSLIP protocol dissector (#2214) 
* Add HiSLIP protocol dissector

* Fix error
 2023-12-17 11:52:55 +01:00
Vladimir Gavrilov
0f3e6d832b
Add PROFINET/IO protocol dissector (#2213) 
* Add PROFINET/IO protocol dissector

* Add LE (Little Endian) to the file name

* Rework dissector

* Remove redundant check
 2023-12-16 13:30:21 +01:00
Toni
ef62391dba
Add Monero protocol classification. (#2196) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-12-13 19:55:18 +01:00
Ivan Nardi
241c42ad7e
ndpiReader: fix guessed_flow_protocols statistic (#2203) 
Increment the counter only if the flow has been guessed
 2023-12-12 19:44:03 +01:00
Vladimir Gavrilov
ad20846fad
Add Ether-S-Bus protocol dissector (#2200) 2023-12-05 17:20:38 +01:00
Vladimir Gavrilov
be50493f44
Add IEEE C37.118 protocol dissector (#2193) 2023-12-05 08:06:15 +01:00
Vladimir Gavrilov
c34bded4ef
Add ISO 9506-1 MMS protocol dissector (#2189) 
* Add ISO 9506-1 MMS protocol dissector
* Fix detection on big-endian architectures
 2023-12-01 09:03:07 +01:00
Vladimir Gavrilov
24df1913ac
Add Beckhoff ADS protocol dissector (#2181) 
* Add Beckhoff ADS protocol dissector

* Remove redundant le32toh

* Fix detection on big-endian architectures
 2023-11-30 09:13:45 +01:00
Vladimir Gavrilov
c60c03766c
Add Schneider Electric’s UMAS detection support (#2180) 
* Add Schneider Electric’s UMAS detection support

* Swap proto IDs in ndpi_set_detected_protocol

* Update unit test result
 2023-11-28 18:03:00 +01:00
Vladimir Gavrilov
ebb1bc2f34
Add Ether-S-I/O protocol dissector (#2174) 2023-11-27 19:04:05 +01:00
Vladimir Gavrilov
84427b0754
Add Omron FINS protocol dissector (#2172) 
* Add Omron FINS protocol dissector

* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP

* Update unit test results

* Update protocols.rst

* Remove dummy flows from fins.pcap
 2023-11-27 17:09:53 +01:00
Vladimir Gavrilov
3763c702f0
Rework S7Comm dissector; add S7Comm Plus support (#2165) 
* Rework S7Comm dissector; add S7Comm Plus support

* Cleanup s7comm.c

* Improve S7Comm Plus detection

* s7comm/s7commplus: faster detection

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2023-11-27 14:37:48 +01:00
Vladimir Gavrilov
da629709f3
Add OPC UA protocol dissector (#2169) 2023-11-27 12:13:23 +01:00
Vladimir Gavrilov
87399b3544
Add RTPS protocol dissector (#2168) 2023-11-27 07:17:39 +01:00
Vladimir Gavrilov
ae6e6d61f0
Add IEEE 1588-2008 (PTPv2) dissector (#2156) 
* Add IEEE 1588-2008 (PTPv2) dissector

PTPv2 is a time synchronization protocol in computer networks, similar to NTP.

* Add default protocol ports

* Update default test result for PTPv2

* Update copyright

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
 2023-11-21 13:39:54 +01:00
Toni
38f9a74713
Added TeslaServices and improved TikTok host names. Fixes #2140. (#2144) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2023-11-10 11:25:10 +01:00
Ivan Kapranov
5a2666ce9e
Fix proto_name and proto_id missmatch for Sina and SinaWeibo (#2131) 
* minor fixes

fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq

* fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol

* fix compile errors

* fix

* Fix name missmatch for Sina and Sina Weibo

* fix

* add Sina Weibo to doc

* fix

* add Sina Weibo to doc

---------

Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
 2023-11-01 14:12:49 +01:00
Ivan Nardi
42d24f8799
STUN: major code rework (#2116) 
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.

STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification

Add identification of Telegram VoIP calls.
 2023-10-30 10:28:19 +01:00
Ivan Nardi
32b50f5aa4
IPv6: add support for IPv6 risk exceptions (#2122) 2023-10-29 12:14:20 +01:00
Ivan Nardi
c711251578
IPv6: add support for custom rules (#2120) 2023-10-29 11:26:35 +01:00