439 lines
16 KiB
Plaintext
439 lines
16 KiB
Plaintext
|
-------------------------------------------------------------------
|
||
|
Fri Dec 20 16:18:54 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 4.12
|
||
|
* https://github.com/ntop/nDPI/releases/tag/4.12
|
||
|
* https://github.com/ntop/nDPI/releases/tag/4.10
|
||
|
* https://github.com/ntop/nDPI/releases/tag/4.8
|
||
|
* https://github.com/ntop/nDPI/releases/tag/4.6
|
||
|
* https://github.com/ntop/nDPI/releases/tag/4.4
|
||
|
* https://github.com/ntop/nDPI/releases/tag/4.2
|
||
|
- Drop not longer needed patches
|
||
|
* 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
|
||
|
* 0002-Report-whether-a-protocol-is-encrypted.patch
|
||
|
* 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
|
||
|
- Add patch:
|
||
|
* fix-makefile.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Feb 22 13:56:41 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
|
||
|
- Use %autosetup macro. Allows to eliminate the usage of deprecated
|
||
|
%patchN
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Aug 26 16:30:53 UTC 2021 - Dirk Stoecker <opensuse@dstoecker.de>
|
||
|
|
||
|
- Add conflicts for ndpi-common package, as version 3 did not follow
|
||
|
packaging guidelines fully
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Aug 26 09:15:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Create -common subpackage
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Aug 22 12:48:59 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 4.0
|
||
|
New Features
|
||
|
* Add API for computing RSI (Relative Strenght Index)
|
||
|
* Add GeoIP support
|
||
|
* Add fragments management
|
||
|
* Add API for jitter calculation
|
||
|
* Add single exponential smoothing API
|
||
|
* Add timeseries forecasting support implementing Holt-Winters
|
||
|
with confidence interval
|
||
|
* Add support for MAC to radi tree and expose the full API to
|
||
|
applications
|
||
|
* Add JA3+, with ALPN and elliptic curve
|
||
|
* Add double exponential smoothing implementation
|
||
|
* Extended API for managing flow risks
|
||
|
* Add flow risk score
|
||
|
* New flow risks:
|
||
|
+ Desktop or File Sharing Session
|
||
|
+ HTTP suspicious content (useful for tracking trickbot)
|
||
|
+ Malicious JA3
|
||
|
+ Malicious SHA1
|
||
|
+ Risky domain
|
||
|
+ Risky AS
|
||
|
+ TLS Certificate Validity Too Long
|
||
|
+ TLS Suspicious Extension
|
||
|
New Supported Protocols and Services
|
||
|
* New protocols:
|
||
|
+ AmongUs
|
||
|
+ AVAST SecureDNS
|
||
|
+ CPHA (CheckPoint High Availability Protocol)
|
||
|
+ DisneyPlus
|
||
|
+ DTLS
|
||
|
+ Genshin Impact
|
||
|
+ HP Virtual Machine Group Management (hpvirtgrp)
|
||
|
+ Mongodb
|
||
|
+ Pinterest
|
||
|
+ Reddit
|
||
|
+ Snapchat VoIP calls
|
||
|
+ Tumblr
|
||
|
+ Virtual Asssitant (Alexa, Siri)
|
||
|
+ Z39.50
|
||
|
* Add protocols to HTTP as subprotocols
|
||
|
* Add detection of TLS browser type
|
||
|
* Add connectionless DCE/RPC detection
|
||
|
Improvements
|
||
|
* 2.5x speed bump. Example ndpiReader with a long mixed pcap
|
||
|
v3.4 - nDPI throughput: 1.29 M pps / 3.35 Gb/sec
|
||
|
v4.0 - nDPI throughput: 3.35 M pps / 8.68 Gb/sec
|
||
|
* Improve detection/dissection of:
|
||
|
+ AnyDesk
|
||
|
+ DNS
|
||
|
+ Hulu
|
||
|
+ DCE/RPC (avoid false positives)
|
||
|
+ dnscrypt
|
||
|
+ Facebook (add new networks)
|
||
|
+ Fortigate
|
||
|
+ FTP Control
|
||
|
+ HTTP
|
||
|
- Fix user-agent parsing
|
||
|
- Fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined
|
||
|
+ IEC104
|
||
|
+ IEC60870
|
||
|
+ IRC
|
||
|
+ Netbios
|
||
|
+ Netflix
|
||
|
+ Ookla speedtest (detection over IPv6)
|
||
|
+ openspeedtest.com
|
||
|
+ Outlook / MicrosoftMail
|
||
|
+ QUIC
|
||
|
- update to draft-33
|
||
|
- improve handling of SNI
|
||
|
- support for fragmented Client Hello
|
||
|
- support for DNS-over-QUIC
|
||
|
+ RTSP
|
||
|
+ RTSP via HTTP
|
||
|
+ SNMP (reimplemented)
|
||
|
+ Skype
|
||
|
+ SSH
|
||
|
+ Steam (Steam Datagram Relay - SDR)
|
||
|
+ STUN (avoid false positives, improved Skype detection)
|
||
|
+ TeamViewer (add new hosts)
|
||
|
+ TOR (update hosts)
|
||
|
+ TLS
|
||
|
- Certificate Subject matching
|
||
|
- Check for common ALPNs
|
||
|
- Reworked fingerprint calculation
|
||
|
- Fix extraction for TLS signature algorithms
|
||
|
- Fix ClientHello parsing
|
||
|
+ UPnP
|
||
|
+ wireguard
|
||
|
+ Improve DGA detection
|
||
|
+ Improve JA3
|
||
|
+ Improve Mining detection
|
||
|
+ Improve string matching algorithm
|
||
|
+ Improve ndpi_pref_enable_tls_block_dissection
|
||
|
+ Optimize speed and memory size
|
||
|
+ Update ahocorasick library
|
||
|
+ Improve subprotocols detection
|
||
|
Fixes
|
||
|
* Fix partial application matching
|
||
|
* Fix multiple segfault and leaks
|
||
|
* Fix uninitialized memory use
|
||
|
* Fix release of patterns allocated in ndpi_add_string_to_automa
|
||
|
* Fix return value of ndpi_match_string_subprotocol
|
||
|
* Fix setting of flow risks on 32 bit machines
|
||
|
* Fix TLS certificate threshold
|
||
|
* Fix a memory error in TLS JA3 code
|
||
|
* Fix false positives in Z39.50
|
||
|
* Fix off-by-one memory error for TLS-JA3
|
||
|
* Fix bug in ndpi_lru_find_cache
|
||
|
* Fix invalid xbox and playstation port guesses
|
||
|
* Fix CAPWAP tunnel decoding
|
||
|
* Fix parsing of DLT_PPP datalink type
|
||
|
* Fix dissection of QUIC initial packets coalesced with 0-RTT one
|
||
|
* Fix parsing of GTP headers
|
||
|
* Add bitmap boundary checks
|
||
|
Misc
|
||
|
* Update download category name
|
||
|
* Update category labels
|
||
|
* Renamed Skype in Skype_Teams (the protocol is now shared across
|
||
|
these apps)
|
||
|
* Add IEC analysis wireshark plugin
|
||
|
* Flow risk visualization in Wireshark
|
||
|
* ndpiReader
|
||
|
+ add statistics about nDPI performance
|
||
|
+ fix memory leak
|
||
|
+ fix collecting of risks statistics
|
||
|
* Move installed libraries from /usr/local to /usr
|
||
|
* Improve NDPI_API_VERSION generation
|
||
|
* Update ndpi_ptree_match_addr prototype
|
||
|
- Add patches (for compatibility with ntopng 5.0):
|
||
|
* 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
|
||
|
* 0002-Report-whether-a-protocol-is-encrypted.patch
|
||
|
* 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Apr 23 14:57:05 UTC 2021 - Mathias Homann <Mathias.Homann@opensuse.org>
|
||
|
|
||
|
- Update to 3.4
|
||
|
* removed 001-Refresh-of-ndpi_netbios_name_interpret.patch, implemented
|
||
|
upstream
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Apr 24 17:25:05 UTC 2020 - Petr Cervinka <petr@cervinka.net>
|
||
|
|
||
|
- Add upstream patch to fix ntopng build failure (ntopng#3675)
|
||
|
001-Refresh-of-ndpi_netbios_name_interpret.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Feb 20 21:03:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 3.2
|
||
|
New Features
|
||
|
* New API calls
|
||
|
* Protocol detection: ndpi_is_protocol_detected
|
||
|
* Categories: ndpi_load_categories_file / ndpi_load_category
|
||
|
* JSON/TLV serialization: ndpi_serialize_string_boolean /
|
||
|
ndpi_serialize_uint32_boolean
|
||
|
* Patricia tree: ndpi_load_ipv4_ptree
|
||
|
* Module initialization: ndpi_init_detection_module /
|
||
|
ndpi_finalize_initalization
|
||
|
* Base64 encoding: ndpi_base64_encode
|
||
|
* JSON export: ndpi_flow2json
|
||
|
* Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
|
||
|
* Libfuzz integration
|
||
|
* Implemented Community ID hash (API call ndpi_flowv6_flow_hash
|
||
|
and ndpi_flowv4_flow_hash)
|
||
|
* Detection of RCE in HTTP GET requests via PCRE
|
||
|
* Integration of the libinjection library to detect SQL
|
||
|
injections and XSS type attacks in HTTP requests
|
||
|
New Supported Protocols and Services
|
||
|
* TLS: new decode
|
||
|
* Added ALPN support
|
||
|
* Added export of supported version in TLS header
|
||
|
* Added Telnet dissector with metadata extraction
|
||
|
* Added Zabbix dissector
|
||
|
* Added POP3/IMAP metadata extraction
|
||
|
* Added FTP user/password extraction
|
||
|
* Added NetBIOS metadata extraction
|
||
|
* Added Kerberos metadata extraction
|
||
|
* Implemented SQL Injection and XSS attack detection
|
||
|
* Host-based detection improvements and changes
|
||
|
* Added Microsoft range
|
||
|
* Added twitch.tv website
|
||
|
* Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
|
||
|
* Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
|
||
|
* Added 52.84.0.0/14 range as Amazon
|
||
|
* Added pastebin.com
|
||
|
* Changed 13.64.0.0/11 range from Skype to Microsoft
|
||
|
* Refreshed Whatsapp server list, added whatsapp-.fbcdn.net IPs
|
||
|
* Added public DNSoverHTTPS servers
|
||
|
Improvements
|
||
|
* Reworked and improved the TLS dissector
|
||
|
* Reworked Kerberos dissector
|
||
|
* Improved DNS response decoding
|
||
|
* Support for DNS continuous flow dissection
|
||
|
* Improved Python bindings
|
||
|
* Improved Ethereum support
|
||
|
* Improved categories detection with streaming and HTTP
|
||
|
* Support for IP-based detection to compute the application
|
||
|
protocol
|
||
|
* Renamed protocol 104 to IEC60870 (more meaningful)
|
||
|
* Added failed authentication support with FTP
|
||
|
* Renamed DNSoverHTTPS to handle bot DoH and DoT
|
||
|
* Implemented stacked DPI decoding
|
||
|
* Improvements for CapWAP and Bloomberg
|
||
|
* Improved SMB dissection
|
||
|
* Improved SSH dissection
|
||
|
* Added capwap support
|
||
|
* Modified API signatures for ndpi_ssl_version2str /
|
||
|
ndpi_detection_giveup
|
||
|
* Removed ndpi_pref_http_dont_dissect_response /
|
||
|
ndpi_pref_dns_dont_dissect_response (replaced by
|
||
|
ndpi_extra_dissection_possible)
|
||
|
Fixes
|
||
|
* Fixed memory invalid access in SMTP and leaks in TLS
|
||
|
* Fixed a few memory leaks
|
||
|
* Fixed invalid memory access in a few protocol dissectors (HTTP,
|
||
|
memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
|
||
|
* Fixed IPv6 address format across the various platforms
|
||
|
* Fixed infinite loop in ndpi_workflow_process_packet
|
||
|
* Fixed SHA1 certificate detection
|
||
|
* Fixed custom protocol detection
|
||
|
* Fixed SMTP dissection (including email)
|
||
|
* Fixed Telnet dissection and invalid password report
|
||
|
* Fixed invalid category matching in HTTP
|
||
|
* Fixed Skype and STUN false positives
|
||
|
* Fixed SQL Injection detection
|
||
|
* Fixed invalid SMBv1 detection
|
||
|
* Fixed SSH dissection
|
||
|
* Fixed ndpi_ssl_version2str
|
||
|
* Fixed ndpi_extra_dissection_possible
|
||
|
* Fixed out of bounds read in ndpi_match_custom_category
|
||
|
ndpiReader
|
||
|
* CSV output enhancements
|
||
|
* Added tunnelling decapsulation
|
||
|
* Improved HTTP reporting
|
||
|
* Added scan and HTTP attacks (XSS, SQL Injection) detection
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Jan 2 11:50:52 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Add hyperscan-devel as dependency to libndpi-devel
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Dec 25 10:13:32 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Drop not longer needed patches (fixed upstream)
|
||
|
* ndpi-fix-build.patch
|
||
|
* reproducible.patch
|
||
|
- Update to version 3.0
|
||
|
New Features
|
||
|
* nDPI now reports the protocol ASAP even when specific fields
|
||
|
have not yet been dissected because such packets have not yet
|
||
|
been observed. This is important for inline applications that
|
||
|
can immediately act on traffic. Applications that need full
|
||
|
dissection need to call the new API function
|
||
|
ndpi_extra_dissection_possible() to check if metadata dissection
|
||
|
has been completely performed or if there is more to read before
|
||
|
declaring it completed.
|
||
|
* TLS (formerly identified as SSL in nDPI v2.x) is now dissected
|
||
|
more deeply, certificate validity is extracted as well
|
||
|
certificate SHA-1.
|
||
|
* nDPIreader can now export data in CSV format with option -C
|
||
|
* Implemented Sequence of Packet Length and Time (SPLT) and Byte
|
||
|
Distribution (BD) as specified by Cisco Joy
|
||
|
(https://github.com/cisco/joy). This allows malware activities
|
||
|
on encrypted TLS streams.
|
||
|
* Available as library and in ndpiReader with option -J
|
||
|
* Promoted usage of protocol categories rather than protocol
|
||
|
identifiers in order to classify protocols. This allows
|
||
|
application protocols to be clustered in families and thus better
|
||
|
managed by users/developers rather than using hundred of
|
||
|
protocols unknown to most of the people.
|
||
|
* Added Inter-Arrival Time (IAT) calculation used to detect
|
||
|
protocol misbehaviour (e.g. slow-DoS detection)
|
||
|
* Added data analysis features for computign metrics such as
|
||
|
entropy, average, stddev, variance on a single and consistent
|
||
|
place that will prevent when possible. This should ease traffic
|
||
|
analysis on monitoring/security applications. New API calls have
|
||
|
been implemented such as ndpi_data_XXX() to handle these
|
||
|
calculations.
|
||
|
* Initial release of Python bindings available under nDPI/python.
|
||
|
* Implemented search of human readable strings for promoting data
|
||
|
exfiltration detection
|
||
|
* Available as library and in ndpiReader with option -e
|
||
|
* Fingerprints
|
||
|
JA3 (https://github.com/salesforce/ja3)
|
||
|
HASSH (https://github.com/salesforce/hassh)
|
||
|
DHCP
|
||
|
* Implemented a library to serialize/deserialize data in both
|
||
|
Type-Length-Value (TLV) and JSON format
|
||
|
New Supported Protocols and Services
|
||
|
* DTLS (i.e. TLS over UDP)
|
||
|
* Hulu
|
||
|
* TikTok/Musical.ly
|
||
|
* WhatsApp Video
|
||
|
* DNSoverHTTPS
|
||
|
* Datasaver
|
||
|
* Line protocol
|
||
|
* Google Duo and Hangout merged
|
||
|
* WireGuard VPN
|
||
|
* IMO
|
||
|
* Zoom.us
|
||
|
Improvements
|
||
|
* TLS
|
||
|
+ Organizations
|
||
|
+ Ciphers
|
||
|
+ Certificate analysis
|
||
|
* Added PUBLISH/SUBSCRIBE methods to SIP
|
||
|
* Implemented STUN cache to enhance matching of STUN-based protocols
|
||
|
* Dissection improvements
|
||
|
+ Viber
|
||
|
+ WhatsApp
|
||
|
+ AmazonVideo
|
||
|
+ SnapChat
|
||
|
+ FTP
|
||
|
+ QUIC
|
||
|
+ OpenVPN support for UDP-based VPNs
|
||
|
+ Facebook Messenger mobile
|
||
|
+ Various improvements for STUN, Hangout and Duo
|
||
|
* Added new categories:
|
||
|
+ CUSTOM_CATEGORY_ANTIMALWARE,
|
||
|
+ NDPI_PROTOCOL_CATEGORY_MUSIC,
|
||
|
+ NDPI_PROTOCOL_CATEGORY_VIDEO,
|
||
|
+ NDPI_PROTOCOL_CATEGORY_SHOPPING,
|
||
|
+ NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY
|
||
|
+ NDPI_PROTOCOL_CATEGORY_FILE_SHARING
|
||
|
* Added NDPI_PROTOCOL_DANGEROUS classification
|
||
|
Fixes
|
||
|
* Fixed the dissection of certain invalid DNS responses
|
||
|
* Fixed Spotify dissection
|
||
|
* Fixed false positives with FTP and FTP_DATA
|
||
|
* Fix to discard STUN over TCP flows
|
||
|
* Fixed MySQL dissector
|
||
|
* Fix category detection due to missing initialization
|
||
|
* Fix DNS rsp_addr missing in some tiny responses
|
||
|
* Various hardening fixes
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Jun 5 04:03:31 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||
|
|
||
|
- Add reproducible.patch to override build date (boo#1047218)
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Mar 30 09:53:01 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.8
|
||
|
New Supported Protocols and Services
|
||
|
* Added Modbus over TCP dissector
|
||
|
Improvements
|
||
|
* Wireshark Lua plugin compatibility with Wireshark 3
|
||
|
* Improved MDNS dissection
|
||
|
* Improved HTTP response code handling
|
||
|
* Full dissection of HTTP responses
|
||
|
Fixes
|
||
|
* Fixed false positive mining detection
|
||
|
* Fixed invalid TCP DNS dissection
|
||
|
* Releasing buffers upon realloc failures
|
||
|
* ndpiReader: Prevents references after free
|
||
|
* Endianness fixes
|
||
|
* Fixed IPv6 HTTP traffic dissection
|
||
|
* Fixed H.323 detection
|
||
|
Other
|
||
|
* Disabled ookla statistics which need to be improved
|
||
|
* Support for custom protocol files of arbitrary length
|
||
|
* Update radius.c to RFC2865
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Feb 24 15:00:58 UTC 2019 - schwab@suse.de
|
||
|
|
||
|
- override prefix and libdir during install
|
||
|
- ndpi-fix-build.patch: don't install multiple copies of the library
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Tue Jan 8 17:01:56 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||
|
|
||
|
- Compact descriptions of all but the most promiment package
|
||
|
(libndpi2) for size. Trim bias and metadata redundancies, too.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Jan 7 21:52:45 UTC 2019 - mardnh@gmx.de
|
||
|
|
||
|
- Add wireshark/ndpi.lua to the doc section of ndpi-tools
|
||
|
- Add a comment to clarify the license of wireshark/ndpi.lua
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Dec 28 19:44:08 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- Rename files according to the package name nDPI -> ndpi
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Dec 22 20:38:16 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- Update to version 2.6
|
||
|
See /usr/share/doc/packages/libndpi2/CHANGELOG.md for the full
|
||
|
changelog
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Oct 22 18:25:46 UTC 2017 - mardnh@gmx.de
|
||
|
|
||
|
- Initial package, version 2.0
|