pool/ndpi
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7ebf3ddb22
ndpi/ndpi.changes
Lars Vogdt 7ebf3ddb22 Accepting request 759184 from home:mnhauke:security 
- Drop not longer needed patches (fixed upstream)
  * ndpi-fix-build.patch
  * reproducible.patch
- Update to version 3.0
  New Features
  * nDPI now reports the protocol ASAP even when specific fields
    have not yet been dissected because such packets have not yet
    been observed. This is important for inline applications that
    can immediately act on traffic. Applications that need full
    dissection need to call the new API function
    ndpi_extra_dissection_possible() to check if metadata dissection
    has been completely performed or if there is more to read before
    declaring it completed.
  * TLS (formerly identified as SSL in nDPI v2.x) is now dissected
    more deeply, certificate validity is extracted as well
    certificate SHA-1.
  * nDPIreader can now export data in CSV format with option -C
  * Implemented Sequence of Packet Length and Time (SPLT) and Byte
    Distribution (BD) as specified by Cisco Joy
    (https://github.com/cisco/joy). This allows malware activities
    on encrypted TLS streams.
  * Available as library and in ndpiReader with option -J
  * Promoted usage of protocol categories rather than protocol
    identifiers in order to classify protocols. This allows
    application protocols to be clustered in families and thus better
    managed by users/developers rather than using hundred of
    protocols unknown to most of the people.
  * Added Inter-Arrival Time (IAT) calculation used to detect
    protocol misbehaviour (e.g. slow-DoS detection)
  * Added data analysis features for computign metrics such as

OBS-URL: https://build.opensuse.org/request/show/759184
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=13
2019-12-29 17:30:45 +00:00

159 lines
5.9 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Wed Dec 25 10:13:32 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Drop not longer needed patches (fixed upstream)
* ndpi-fix-build.patch
* reproducible.patch
- Update to version 3.0
New Features
* nDPI now reports the protocol ASAP even when specific fields
have not yet been dissected because such packets have not yet
been observed. This is important for inline applications that
can immediately act on traffic. Applications that need full
dissection need to call the new API function
ndpi_extra_dissection_possible() to check if metadata dissection
has been completely performed or if there is more to read before
declaring it completed.
* TLS (formerly identified as SSL in nDPI v2.x) is now dissected
more deeply, certificate validity is extracted as well
certificate SHA-1.
* nDPIreader can now export data in CSV format with option -C
* Implemented Sequence of Packet Length and Time (SPLT) and Byte
Distribution (BD) as specified by Cisco Joy
(https://github.com/cisco/joy). This allows malware activities
on encrypted TLS streams.
* Available as library and in ndpiReader with option -J
* Promoted usage of protocol categories rather than protocol
identifiers in order to classify protocols. This allows
application protocols to be clustered in families and thus better
managed by users/developers rather than using hundred of
protocols unknown to most of the people.
* Added Inter-Arrival Time (IAT) calculation used to detect
protocol misbehaviour (e.g. slow-DoS detection)
* Added data analysis features for computign metrics such as
entropy, average, stddev, variance on a single and consistent
place that will prevent when possible. This should ease traffic
analysis on monitoring/security applications. New API calls have
been implemented such as ndpi_data_XXX() to handle these
calculations.
* Initial release of Python bindings available under nDPI/python.
* Implemented search of human readable strings for promoting data
exfiltration detection
* Available as library and in ndpiReader with option -e
* Fingerprints
JA3 (https://github.com/salesforce/ja3)
HASSH (https://github.com/salesforce/hassh)
DHCP
* Implemented a library to serialize/deserialize data in both
Type-Length-Value (TLV) and JSON format
New Supported Protocols and Services
* DTLS (i.e. TLS over UDP)
* Hulu
* TikTok/Musical.ly
* WhatsApp Video
* DNSoverHTTPS
* Datasaver
* Line protocol
* Google Duo and Hangout merged
* WireGuard VPN
* IMO
* Zoom.us
Improvements
* TLS
+ Organizations
+ Ciphers
+ Certificate analysis
* Added PUBLISH/SUBSCRIBE methods to SIP
* Implemented STUN cache to enhance matching of STUN-based protocols
* Dissection improvements
+ Viber
+ WhatsApp
+ AmazonVideo
+ SnapChat
+ FTP
+ QUIC
+ OpenVPN support for UDP-based VPNs
+ Facebook Messenger mobile
+ Various improvements for STUN, Hangout and Duo
* Added new categories:
+ CUSTOM_CATEGORY_ANTIMALWARE,
+ NDPI_PROTOCOL_CATEGORY_MUSIC,
+ NDPI_PROTOCOL_CATEGORY_VIDEO,
+ NDPI_PROTOCOL_CATEGORY_SHOPPING,
+ NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY
+ NDPI_PROTOCOL_CATEGORY_FILE_SHARING
* Added NDPI_PROTOCOL_DANGEROUS classification
Fixes
* Fixed the dissection of certain invalid DNS responses
* Fixed Spotify dissection
* Fixed false positives with FTP and FTP_DATA
* Fix to discard STUN over TCP flows
* Fixed MySQL dissector
* Fix category detection due to missing initialization
* Fix DNS rsp_addr missing in some tiny responses
* Various hardening fixes
-------------------------------------------------------------------
Wed Jun 5 04:03:31 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
- Add reproducible.patch to override build date (boo#1047218)
-------------------------------------------------------------------
Sat Mar 30 09:53:01 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.8
New Supported Protocols and Services
* Added Modbus over TCP dissector
Improvements
* Wireshark Lua plugin compatibility with Wireshark 3
* Improved MDNS dissection
* Improved HTTP response code handling
* Full dissection of HTTP responses
Fixes
* Fixed false positive mining detection
* Fixed invalid TCP DNS dissection
* Releasing buffers upon realloc failures
* ndpiReader: Prevents references after free
* Endianness fixes
* Fixed IPv6 HTTP traffic dissection
* Fixed H.323 detection
Other
* Disabled ookla statistics which need to be improved
* Support for custom protocol files of arbitrary length
* Update radius.c to RFC2865
-------------------------------------------------------------------
Sun Feb 24 15:00:58 UTC 2019 - schwab@suse.de
- override prefix and libdir during install
- ndpi-fix-build.patch: don't install multiple copies of the library
-------------------------------------------------------------------
Tue Jan 8 17:01:56 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Compact descriptions of all but the most promiment package
(libndpi2) for size. Trim bias and metadata redundancies, too.
-------------------------------------------------------------------
Mon Jan 7 21:52:45 UTC 2019 - mardnh@gmx.de
- Add wireshark/ndpi.lua to the doc section of ndpi-tools
- Add a comment to clarify the license of wireshark/ndpi.lua
-------------------------------------------------------------------
Fri Dec 28 19:44:08 UTC 2018 - mardnh@gmx.de
- Rename files according to the package name nDPI -> ndpi
-------------------------------------------------------------------
Sat Dec 22 20:38:16 UTC 2018 - mardnh@gmx.de
- Update to version 2.6
See /usr/share/doc/packages/libndpi2/CHANGELOG.md for the full
changelog
-------------------------------------------------------------------
Sun Oct 22 18:25:46 UTC 2017 - mardnh@gmx.de
- Initial package, version 2.0
Reference in New Issue View Git Blame Copy Permalink