vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 07:29:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
5656 commits 9 branches 12 tags 263 MiB
Commit graph

114 commits

Author SHA1 Message Date
Vladimir Gavrilov
6a77a891a8
Add Nano (XNO) protocol support (#2508) 2024-07-18 16:18:12 +02:00
Ivan Nardi
456f0fd427
Improve detection of Cloudflare WARP traffic (#2491) 
See: #2484
 2024-07-04 08:59:04 +02:00
Ivan Nardi
843e487270
Add infrastructure for explicit support of Fist Packet Classification (#2488) 
Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
 2024-07-03 18:02:07 +02:00
Toni
8fd649ab1e
Add Ripe Atlas probe protocol. (#2473) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-06-17 11:00:38 +02:00
Nardi Ivan
526cf6f291 Zoom: remove "stun_zoom" LRU cache 
Since 070a0908b we are able to detect P2P calls directly from the packet
content, without any correlation among flows
 2024-06-17 10:19:55 +02:00
Mark Jeffery
f796c94375
Added protocol - JRMI - Java Remote Method Invocation (#2470) 2024-06-15 10:52:28 +02:00
Maatuq
6127e04900
support rtp/rtcp over tcp (#2422) (#2457) 
Support rtp/rtcp over tcp as per rfc4571.

Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
 2024-05-28 22:01:08 +02:00
Toni
80171dbcf3
Add ZUG consensus protocol dissector. (#2458) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-05-28 20:29:48 +02:00
Ivan Nardi
0109014f2c
Follow-up of 2093ac5bf (#2451) 2024-05-21 12:47:25 +02:00
Luca Deri
2093ac5bf6 Minor dissector optimizations 2024-05-20 12:17:04 +02:00
Vladimir Gavrilov
3d1da00d8d
Add Call of Duty Mobile support (#2438) 2024-05-15 12:46:02 +02:00
Ivan Nardi
0110623b4e
H323: improve detection and avoid false positives (#2432) 2024-05-11 23:39:54 +02:00
Vladimir Gavrilov
2d33431948
Add Ethernet Global Data support (#2437) 2024-05-11 16:49:16 +02:00
Ivan Nardi
95fe21015d
Remove "zoom" cache (#2420) 
This cache was added in b6b4967aa, when there was no real Zoom support.
With 63f349319, a proper identification of multimedia stream has been
added, making this cache quite useless: any improvements on Zoom
classification should be properly done in Zoom dissector.

Tested for some months with a few 10Gbits links of residential traffic: the
cache pretty much never returned a valid hit.
 2024-05-06 12:51:45 +02:00
Ivan Nardi
266af02752
Merge RTP and RTCP logic (#2416) 
Avoid code duplication between these two protocols.

We remove support for RTCP over TCP; it is quite rare to find this kind
of traffic and, more important, we have never had support for RTP
over TCP: we should try to add both detecion as follow-up.

Fix a message log in the LINE code
 2024-05-06 10:19:46 +02:00
Ivan Nardi
a6fd981fcf
eDonkey: improve/update classification (#2410) 
eDonkey is definitely not as used as >10 years ago, but it seems it is
still active.

While having a basic TCP support seems easy, identification over UDP doesn't
work and it is hard to do it rightly (packets might be only 2 bytes long):
remove it.

Credits to V.G <v.gavrilov@securitycode.ru>
 2024-05-04 19:11:31 +02:00
0x41CEA55
fd388845d5
Add BFCP protocol support (#2401) 2024-04-23 15:35:19 +02:00
0x41CEA55
905120588b
Remove obsolete protocols: tuenty, tvuplayer and kontiki (#2398) 2024-04-19 21:35:32 +02:00
0x41CEA55
e75d7a620e
Add KNXnet/IP protocol support (#2397) 
* Add KNXnet/IP protocol support

* Improve KNXnet/IP over TCP detection
 2024-04-19 12:54:00 +02:00
Vladimir Gavrilov
c63697205b
Add Label Distribution Protocol support (#2385) 
* Add Label Distribution Protocol support

* Fix typo

* Update unit test results
 2024-04-12 17:44:36 +02:00
Vladimir Gavrilov
5b32c98a21
Add LoL: Wild Rift detection (#2356) 2024-03-26 08:11:14 +01:00
Vladimir Gavrilov
e6474d835f
Add FLUTE protocol dissector (#2351) 
* Add FLUTE protocol dissector

* Add flute.c to MSVC project
 2024-03-19 09:11:04 +01:00
Vladimir Gavrilov
8fad77991d
Add PFCP protocol dissector (#2342) 2024-03-13 20:18:43 +01:00
Vladimir Gavrilov
58fdc9fafb
Add Naraka Bladepoint detection support (#2334) 2024-03-04 08:30:54 +01:00
Vladimir Gavrilov
f2e3c7fb90
Add BFD protocol dissector (#2332) 2024-02-29 08:19:00 +01:00
Vladimir Gavrilov
66b6e2b3f2
Add DLEP protocol dissector (#2326) 2024-02-20 16:05:41 +01:00
Vladimir Gavrilov
e93bcfd619
Add ANSI C12.22 protocol dissector (#2317) 
* Add ANSI C12.22 protocol dissector

* Add UDP sample
 2024-02-15 09:36:06 +01:00
Ivan Nardi
ae36648c6c
Skype: remove old detection logic (#1954) 
Skype has been using standard protocols (STUN/ICE or TLS) for a long,
long time, now. Long gone are the days of Skype as a distribuited
protocol.

See: #2166
 2024-02-12 18:39:24 +01:00
Vladimir Gavrilov
f5cec001f3
Add detection of Gaijin Entertainment games (#2311) 
* Add detection of Gaijin Entertainment games

* Short NDPI_PROTOCOL_GAIJINENTERTAINMENT to NDPI_PROTOCOL_GAIJIN

* Add default UDP port for Gaijin Entertainment games

* Remove NDPI_PROTOCOL_CROSSOUT protocol id
 2024-02-09 11:07:48 +01:00
Luca Deri
47f72443fa Implemented CIP I/O (UDP version of the CIP protocol), Common Industrial protocol 2024-01-29 13:28:41 +01:00
Toni
7d24e1258d
Add Yojimbo (netcode) protocol dissector (#2277) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-21 17:47:42 +01:00
Ivan Nardi
eb129297e9
Add a dedicated dissector for Zoom (#2265) 
Move it from the RTP code and extend it
 2024-01-19 10:01:38 +01:00
Vladimir Gavrilov
6ac2ce84f8
Add Mumble detection support (#2269) 2024-01-19 07:46:51 +01:00
Vladimir Gavrilov
248f3d5588
Rework Steam detection (part 1) (#2264) 
* Clean up Steam dissector

* Add Steam Datagram Relay dissector

* Update docs

* Update test results

* Remove csgo.c from MSVC project

* Small fixes

* Add Steam TLS pcap sample

* Merge Steam pcap samples into single one

* Fix typo

* Update test results
 2024-01-18 19:23:44 +01:00
Toni
0aea509e23
Add KCP protocol dissector. (#2257) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-12 12:14:59 +01:00
Toni
c5b0b05b80
Add Roughtime protocol dissector. (#2248) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2024-01-09 07:56:27 +01:00
Ivan Nardi
40797521af
ndpiReader: add breed stats on output used for CI (#2236) 2024-01-05 13:02:39 +01:00
Vladimir Gavrilov
0180c1f04a
Add IEC62056 (DLMS/COSEM) protocol dissector (#2229) 
* Add IEC62056 (DLMS/COSEM) protocol dissector

* Fix detection on big endian architectures

* Update protocols.rst

* Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c

* Update pcap sample

* Remove empty .out file

* iec62056: add some documentation

---------

Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
 2024-01-02 16:45:54 +01:00
Vladimir Gavrilov
2796bc9b47
Add NoMachine NX protocol dissector (#2234) 
* Add NoMachine protocol dissector

* Fix detection on big endian architectures

* Make NoMachine over UDP check more strict

* Small fixes
 2024-01-02 10:23:42 +01:00
Vladimir Gavrilov
59c8eabc0e
Add UFTP protocol dissector (#2215) 
* Add UFTP protocol dissector

* Update docs

* Merge pcap files
 2023-12-18 11:21:07 +01:00
Vladimir Gavrilov
0f3e6d832b
Add PROFINET/IO protocol dissector (#2213) 
* Add PROFINET/IO protocol dissector

* Add LE (Little Endian) to the file name

* Rework dissector

* Remove redundant check
 2023-12-16 13:30:21 +01:00
Ivan Nardi
241c42ad7e
ndpiReader: fix guessed_flow_protocols statistic (#2203) 
Increment the counter only if the flow has been guessed
 2023-12-12 19:44:03 +01:00
Ivan Nardi
f74cf16c36
OpenVPN: rework detection (#2199) 
Close #1873
 2023-12-06 10:24:26 +01:00
Vladimir Gavrilov
ad20846fad
Add Ether-S-Bus protocol dissector (#2200) 2023-12-05 17:20:38 +01:00
Vladimir Gavrilov
be50493f44
Add IEEE C37.118 protocol dissector (#2193) 2023-12-05 08:06:15 +01:00
Vladimir Gavrilov
ebb1bc2f34
Add Ether-S-I/O protocol dissector (#2174) 2023-11-27 19:04:05 +01:00
Vladimir Gavrilov
84427b0754
Add Omron FINS protocol dissector (#2172) 
* Add Omron FINS protocol dissector

* Add a kludge to avoid invalid FINS over UDP detection as SkypeTeams and RTP

* Update unit test results

* Update protocols.rst

* Remove dummy flows from fins.pcap
 2023-11-27 17:09:53 +01:00
Vladimir Gavrilov
0b6e261523
Improve CORBA detection (#2167) 
* Improve CORBA detection

* Remove dummy flow from ziop.pcap

* Merge ziop.pcap and miop.pcap into corba.pcap
 2023-11-27 13:10:50 +01:00
Vladimir Gavrilov
87399b3544
Add RTPS protocol dissector (#2168) 2023-11-27 07:17:39 +01:00
Vladimir Gavrilov
5c8c5c90c2
Add HART-IP protocol dissector (#2163) 
* Add HART-IP protocol dissector

* Update docs

* Update protocols.rst

* Reuse free proto id and re-run tests

* docs: move HART-IP to top of list

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
 2023-11-22 22:04:22 +01:00