pool/ndpi
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 777777 from home:mnhauke:security

Browse Source 
- Update to version 3.2
  New Features
  * New API calls
  * Protocol detection: ndpi_is_protocol_detected
  * Categories: ndpi_load_categories_file / ndpi_load_category
  * JSON/TLV serialization: ndpi_serialize_string_boolean /
    ndpi_serialize_uint32_boolean
  * Patricia tree: ndpi_load_ipv4_ptree
  * Module initialization: ndpi_init_detection_module /
    ndpi_finalize_initalization
  * Base64 encoding: ndpi_base64_encode
  * JSON export: ndpi_flow2json
  * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
  * Libfuzz integration
  * Implemented Community ID hash (API call ndpi_flowv6_flow_hash
    and ndpi_flowv4_flow_hash)
  * Detection of RCE in HTTP GET requests via PCRE
  * Integration of the libinjection library to detect SQL
    injections and XSS type attacks in HTTP requests
  New Supported Protocols and Services
  * TLS: new decode
  * Added ALPN support
  * Added export of supported version in TLS header
  * Added Telnet dissector with metadata extraction
  * Added Zabbix dissector
  * Added POP3/IMAP metadata extraction
  * Added FTP user/password extraction
  * Added NetBIOS metadata extraction
  * Added Kerberos metadata extraction
  * Implemented SQL Injection and XSS attack detection

OBS-URL: https://build.opensuse.org/request/show/777777
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=17
This commit is contained in:
Lars Vogdt 2020-02-21 20:06:57 +00:00 committed by Git OBS Bridge
parent 160d403fee
commit 5889a64983
4 changed files with 97 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ndpi-3.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:69fb8003f00e9b9be3d06925398e15a83ac517cd155b6768f5f0e9342471c164
size 26902734

3
ndpi-3.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6808c8c4495343e67863f4d30bb261c1e2daec5628ae0be257ba2a2dea7ec70a
size 29586049

91
ndpi.changes
View File

@ -1,3 +1,94 @@
-------------------------------------------------------------------
Thu Feb 20 21:03:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 3.2
New Features
* New API calls
* Protocol detection: ndpi_is_protocol_detected
* Categories: ndpi_load_categories_file / ndpi_load_category
* JSON/TLV serialization: ndpi_serialize_string_boolean /
ndpi_serialize_uint32_boolean
* Patricia tree: ndpi_load_ipv4_ptree
* Module initialization: ndpi_init_detection_module /
ndpi_finalize_initalization
* Base64 encoding: ndpi_base64_encode
* JSON export: ndpi_flow2json
* Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
* Libfuzz integration
* Implemented Community ID hash (API call ndpi_flowv6_flow_hash
and ndpi_flowv4_flow_hash)
* Detection of RCE in HTTP GET requests via PCRE
* Integration of the libinjection library to detect SQL
injections and XSS type attacks in HTTP requests
New Supported Protocols and Services
* TLS: new decode
* Added ALPN support
* Added export of supported version in TLS header
* Added Telnet dissector with metadata extraction
* Added Zabbix dissector
* Added POP3/IMAP metadata extraction
* Added FTP user/password extraction
* Added NetBIOS metadata extraction
* Added Kerberos metadata extraction
* Implemented SQL Injection and XSS attack detection
* Host-based detection improvements and changes
* Added Microsoft range
* Added twitch.tv website
* Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
* Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
* Added 52.84.0.0/14 range as Amazon
* Added pastebin.com
* Changed 13.64.0.0/11 range from Skype to Microsoft
* Refreshed Whatsapp server list, added whatsapp-.fbcdn.net IPs
* Added public DNSoverHTTPS servers
Improvements
* Reworked and improved the TLS dissector
* Reworked Kerberos dissector
* Improved DNS response decoding
* Support for DNS continuous flow dissection
* Improved Python bindings
* Improved Ethereum support
* Improved categories detection with streaming and HTTP
* Support for IP-based detection to compute the application
protocol
* Renamed protocol 104 to IEC60870 (more meaningful)
* Added failed authentication support with FTP
* Renamed DNSoverHTTPS to handle bot DoH and DoT
* Implemented stacked DPI decoding
* Improvements for CapWAP and Bloomberg
* Improved SMB dissection
* Improved SSH dissection
* Added capwap support
* Modified API signatures for ndpi_ssl_version2str /
ndpi_detection_giveup
* Removed ndpi_pref_http_dont_dissect_response /
ndpi_pref_dns_dont_dissect_response (replaced by
ndpi_extra_dissection_possible)
Fixes
* Fixed memory invalid access in SMTP and leaks in TLS
* Fixed a few memory leaks
* Fixed invalid memory access in a few protocol dissectors (HTTP,
memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
* Fixed IPv6 address format across the various platforms
* Fixed infinite loop in ndpi_workflow_process_packet
* Fixed SHA1 certificate detection
* Fixed custom protocol detection
* Fixed SMTP dissection (including email)
* Fixed Telnet dissection and invalid password report
* Fixed invalid category matching in HTTP
* Fixed Skype and STUN false positives
* Fixed SQL Injection detection
* Fixed invalid SMBv1 detection
* Fixed SSH dissection
* Fixed ndpi_ssl_version2str
* Fixed ndpi_extra_dissection_possible
* Fixed out of bounds read in ndpi_match_custom_category
ndpiReader
* CSV output enhancements
* Added tunnelling decapsulation
* Improved HTTP reporting
* Added scan and HTTP attacks (XSS, SQL Injection) detection
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 2 11:50:52 UTC 2020 - Martin Hauke <mardnh@gmx.de> Thu Jan 2 11:50:52 UTC 2020 - Martin Hauke <mardnh@gmx.de>

6
ndpi.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package ndpi # spec file for package ndpi
# #
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# Copyright (c) 2017, Martin Hauke <mardnh@gmx.de> # Copyright (c) 2017, Martin Hauke <mardnh@gmx.de>
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
@ -23,7 +23,7 @@
%define sover 3 %define sover 3
Name: ndpi Name: ndpi
Version: 3.0 Version: 3.2
Release: 0 Release: 0
Summary: Extensible deep packet inspection library Summary: Extensible deep packet inspection library
# wireshark/ndpi.lua is GPL-3.0-or-later # wireshark/ndpi.lua is GPL-3.0-or-later
@ -35,7 +35,6 @@ BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libnuma-devel BuildRequires: libnuma-devel
BuildRequires: libnuma-devel
BuildRequires: libpcap-devel BuildRequires: libpcap-devel
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -111,6 +110,7 @@ rm -rf %{buildroot}/%{_sbindir}/ndpi
%license COPYING %license COPYING
%doc CHANGELOG.md README.md README.nDPI README.protocols %doc CHANGELOG.md README.md README.nDPI README.protocols
%doc doc/nDPI_QuickStartGuide.pdf %doc doc/nDPI_QuickStartGuide.pdf
%{_datadir}/%{name}
%{_libdir}/libndpi.so.%{sover}* %{_libdir}/libndpi.so.%{sover}*
%files -n libndpi-devel %files -n libndpi-devel