mirror of
https://github.com/nfstream/nfstream.git
synced 2026-05-21 02:10:50 +00:00
68dfdb6120
* Upgrade nDPI from 4.7.0 to 5.0 with Windows build fix (#230) - Upgrade nDPI submodule from 4.7.0 to 5.0 - Fix all 9 nDPI 5.0 API breaking changes: * Protocol structure: .app_protocol -> .proto.app_protocol * Protocol structure: .master_protocol -> .proto.master_protocol * ndpi_protocol2name() signature change * ndpi_detection_giveup() signature change (removed enable_guess/guessed params) * ndpi_extra_dissection_possible() replaced with state check * ndpi_init_detection_module() now expects NULL * Protocol bitmask removed (all protocols enabled by default) * TCP/UDP struct size checks removed * Fingerprint extraction: ja3_client -> ja4_client - Maintain backward compatibility by keeping field names: * client_fingerprint: Now JA4 (TLS), HASSH client (SSH), DHCP fingerprint * server_fingerprint: Now JA3S (TLS), HASSH server (SSH) - Update build system for nDPI 5.0: * Add --with-only-libndpi flag to build.sh * Make CFFI marker extraction optional in engine_build.py - Update tests for nDPI 5.0: * Update fingerprint assertions (JA3 MD5 -> JA4 format) * Regenerate all 228 baseline test results * Remove invalid test file (memcached.cap) - All 29 tests passing * Fix memcpy buffer overreads and enable DNS subclassification - Fix buffer overread in fingerprint memcpy calls by using source size instead of destination size: - HASSH client/server: 33 bytes (was reading 48) - JA4 client: 37 bytes (was reading 48) - JA3 server: 33 bytes (was reading 48) - DHCP: 48 bytes (consistent with others) - Enable DNS subclassification (disabled by default in nDPI 5.0) to restore detection of DNS.Apple, DNS.Google, etc. - Regenerate test baselines with fixes applied * Replace outdated Steam test pcaps with nDPI 5.0 version - Remove steam.pcap and steam_datagram_relay_ping.pcapng (obsolete) - Add steam.pcapng from nDPI 5.0 test suite - nDPI 5.0 reworked Steam detection (ntop/nDPI#2264) * Fix Windows build: add missing configure step for nDPI 5.0 The Windows build script was missing the ./configure --with-only-libndpi step before make, causing nDPI headers to not be properly installed. This resulted in the CFFI preprocessing marker //CFFI.NDPI_PACKED_STRUCTURES being absent from ndpi_cdefinitions_packed.h, crashing engine_build.py. Aligns build_windows.sh with build.sh which already had this step. * Fix Windows build: install libpcap-dev for nDPI 5.0 configure nDPI 5.0 configure requires libpcap when --with-only-libndpi is used on MinGW (see ntop/nDPI#3114). Install mingw-w64-x86_64-libpcap via pacman to satisfy this dependency.
22 lines
805 B
Text
22 lines
805 B
Text
id,bidirectional_packets,bidirectional_bytes,application_name,application_category_name,application_is_guessed,application_confidence
|
|
0,4,3360,HTTP,Streaming,0,6
|
|
1,4,3680,HTTP,Streaming,0,6
|
|
2,2,467,HTTP,Streaming,0,6
|
|
3,2,582,HTTP.Facebook,SocialNetwork,0,6
|
|
4,2,582,HTTP.Facebook,SocialNetwork,0,6
|
|
5,2,378,HTTP.Google,Web,0,6
|
|
6,2,576,HTTP.Facebook,SocialNetwork,0,6
|
|
7,3,2311,HTTP,Streaming,0,6
|
|
8,4,2735,HTTP,Streaming,0,6
|
|
9,3,1337,HTTP_Proxy.QQ,Chat,0,6
|
|
10,65,45902,HTTP,Streaming,0,6
|
|
11,2,641,HTTP_Proxy.QQ,Download,0,6
|
|
12,3,983,HTTP_Proxy.QQ,Download,0,6
|
|
13,2,877,HTTP_Proxy.QQ,Download,0,6
|
|
14,2,943,HTTP_Proxy.QQ,Download,0,6
|
|
15,2,1469,HTTP.Xiaomi,Web,0,6
|
|
16,8,6032,HTTP,Streaming,0,6
|
|
17,7,5048,HTTP,Streaming,0,6
|
|
18,25,19606,HTTP,Streaming,0,6
|
|
19,4,2754,HTTP,Streaming,0,6
|
|
20,7,4284,HTTP,Streaming,0,6
|