SHA256
1
0
forked from pool/ndpi

12 Commits

Author SHA256 Message Date
5da0151144 Accepting request 1233260 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/1233260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=12
2024-12-26 11:23:42 +00:00
Martin Hauke
e15d9e0fef - Update to version 4.12
* https://github.com/ntop/nDPI/releases/tag/4.12
  * https://github.com/ntop/nDPI/releases/tag/4.10
  * https://github.com/ntop/nDPI/releases/tag/4.8
  * https://github.com/ntop/nDPI/releases/tag/4.6
  * https://github.com/ntop/nDPI/releases/tag/4.4
  * https://github.com/ntop/nDPI/releases/tag/4.2
- Drop not longer needed patches
  * 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
  * 0002-Report-whether-a-protocol-is-encrypted.patch
  * 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
- Add patch:
  * fix-makefile.patch

OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=29
2024-12-24 14:35:22 +00:00
30cd397f29 Accepting request 1149576 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/1149576
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=11
2024-06-09 18:20:53 +00:00
3580238835 Accepting request 914423 from server:monitoring
- Add conflicts for ndpi-common package, as version 3 did not follow
  packaging guidelines fully
- Create -common subpackage
- Update to version 4.0
  New Features
  * Add API for computing RSI (Relative Strenght Index)
  * Add GeoIP support
  * Add fragments management
  * Add API for jitter calculation
  * Add single exponential smoothing API
  * Add timeseries forecasting support implementing Holt-Winters
    with confidence interval
  * Add support for MAC to radi tree and expose the full API to
    applications
  * Add JA3+, with ALPN and elliptic curve
  * Add double exponential smoothing implementation
  * Extended API for managing flow risks
  * Add flow risk score
  * New flow risks:
    + Desktop or File Sharing Session
    + HTTP suspicious content (useful for tracking trickbot)
    + Malicious JA3
    + Malicious SHA1
    + Risky domain
    + Risky AS
    + TLS Certificate Validity Too Long
    + TLS Suspicious Extension
  New Supported Protocols and Services
  * New protocols:
    + AmongUs
    + AVAST SecureDNS
    + CPHA (CheckPoint High Availability Protocol)
    + DisneyPlus
    + DTLS
    + Genshin Impact
    + HP Virtual Machine Group Management (hpvirtgrp)
    + Mongodb
    + Pinterest
    + Reddit
    + Snapchat VoIP calls
    + Tumblr
    + Virtual Asssitant (Alexa, Siri)
    + Z39.50
  * Add protocols to HTTP as subprotocols
  * Add detection of TLS browser type
  * Add connectionless DCE/RPC detection
  Improvements
  * 2.5x speed bump. Example ndpiReader with a long mixed pcap
    v3.4 - nDPI throughput: 1.29 M pps / 3.35 Gb/sec
    v4.0 - nDPI throughput: 3.35 M pps / 8.68 Gb/sec
  * Improve detection/dissection of:
    + AnyDesk
    + DNS
    + Hulu
    + DCE/RPC (avoid false positives)
    + dnscrypt
    + Facebook (add new networks)
    + Fortigate
    + FTP Control
    + HTTP
      - Fix user-agent parsing
      - Fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined
    + IEC104
    + IEC60870
    + IRC
    + Netbios
    + Netflix
    + Ookla speedtest (detection over IPv6)
    + openspeedtest.com
    + Outlook / MicrosoftMail
    + QUIC
      - update to draft-33
      - improve handling of SNI
      - support for fragmented Client Hello
      - support for DNS-over-QUIC
    + RTSP
    + RTSP via HTTP
    + SNMP (reimplemented)
    + Skype
    + SSH
    + Steam (Steam Datagram Relay - SDR)
    + STUN (avoid false positives, improved Skype detection)
    + TeamViewer (add new hosts)
    + TOR (update hosts)
    + TLS
      - Certificate Subject matching
      - Check for common ALPNs
      - Reworked fingerprint calculation
      - Fix extraction for TLS signature algorithms
      - Fix ClientHello parsing
    + UPnP
    + wireguard
    + Improve DGA detection
    + Improve JA3
    + Improve Mining detection
    + Improve string matching algorithm
    + Improve ndpi_pref_enable_tls_block_dissection
    + Optimize speed and memory size
    + Update ahocorasick library
    + Improve subprotocols detection
  Fixes
  * Fix partial application matching
  * Fix multiple segfault and leaks
  * Fix uninitialized memory use
  * Fix release of patterns allocated in ndpi_add_string_to_automa
  * Fix return value of ndpi_match_string_subprotocol
  * Fix setting of flow risks on 32 bit machines
  * Fix TLS certificate threshold
  * Fix a memory error in TLS JA3 code
  * Fix false positives in Z39.50
  * Fix off-by-one memory error for TLS-JA3
  * Fix bug in ndpi_lru_find_cache
  * Fix invalid xbox and playstation port guesses
  * Fix CAPWAP tunnel decoding
  * Fix parsing of DLT_PPP datalink type
  * Fix dissection of QUIC initial packets coalesced with 0-RTT one
  * Fix parsing of GTP headers
  * Add bitmap boundary checks
  Misc
  * Update download category name
  * Update category labels
  * Renamed Skype in Skype_Teams (the protocol is now shared across
    these apps)
  * Add IEC analysis wireshark plugin
  * Flow risk visualization in Wireshark
  * ndpiReader
    + add statistics about nDPI performance
    + fix memory leak
    + fix collecting of risks statistics
  * Move installed libraries from /usr/local to /usr
  * Improve NDPI_API_VERSION generation
  * Update ndpi_ptree_match_addr prototype
- Add patches (for compatibility with ntopng 5.0):
  * 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
  * 0002-Report-whether-a-protocol-is-encrypted.patch
  * 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch

OBS-URL: https://build.opensuse.org/request/show/914423
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=10
2021-08-26 21:14:57 +00:00
f87218238b Accepting request 888209 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/888209
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=9
2021-04-24 21:09:24 +00:00
3ae1db6ac6 Accepting request 798122 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/798122
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=8
2020-04-27 21:38:49 +00:00
8b2dab88bb Accepting request 778081 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/778081
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=7
2020-02-22 18:07:48 +00:00
d6e87cabd7 Accepting request 761346 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/761346
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=6
2020-01-07 22:53:32 +00:00
71e6571e05 Accepting request 759921 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/759921
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=5
2019-12-30 11:35:08 +00:00
b3d04f9e0d Accepting request 707881 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/707881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=4
2019-06-06 16:18:13 +00:00
70f49a8003 Accepting request 691915 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/691915
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=3
2019-04-08 08:38:40 +00:00
Stephan Kulow
eeb2c8bc9d Accepting request 678573 from server:monitoring
OBS-URL: https://build.opensuse.org/request/show/678573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=2
2019-02-25 16:56:22 +00:00
8 changed files with 61 additions and 1434 deletions

File diff suppressed because it is too large Load Diff

View File

@@ -1,26 +0,0 @@
From 5f286a17c1ecb88b06ee069650fa73f7565165dc Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sat, 7 Aug 2021 17:35:34 +0200
Subject: [PATCH 2/3] Report whether a protocol is encrypted
---
example/ndpiReader.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index b4434650..053dc2ec 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1368,6 +1368,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
flow->detected_protocol, buf1, sizeof(buf1)));
+ fprintf(out, "[%s]",
+ ndpi_is_encrypted_proto(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol) ? "Encrypted" : "ClearText");
+
if(flow->detected_protocol.category != 0)
fprintf(out, "[cat: %s/%u]",
ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
--
2.32.0

View File

@@ -1,43 +0,0 @@
From 817c00b65ab4d0bf78927e494227ac5308417f91 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 18 Aug 2021 11:33:33 +0200
Subject: [PATCH 3/3] Firs crash on ARM during steam protocol dissection
---
src/lib/protocols/steam.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c
index 8cd3ec41..53bbfc6a 100644
--- a/src/lib/protocols/steam.c
+++ b/src/lib/protocols/steam.c
@@ -114,14 +114,19 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru
}
/* Check for Steam Datagram Relay (SDR) packets. */
- if (payload_len > 8 &&
- ndpi_ntohll(get_u_int64_t(packet->payload, 0)) == 0x0101736470696e67 /* "\x01\x01sdping" */)
- {
- NDPI_LOG_INFO(ndpi_struct, "found STEAM (Steam Datagram Relay)\n");
- ndpi_int_steam_add_connection(ndpi_struct, flow);
- return;
- }
+ if (payload_len > 8) {
+ u_int64_t n;
+ /* Necessary as simple cast crashes on ARM */
+ memcpy(&n, packet->payload, sizeof(u_int64_t));
+
+ if(ndpi_ntohll(n) == 0x0101736470696e67 /* "\x01\x01sdping" */) {
+ NDPI_LOG_INFO(ndpi_struct, "found STEAM (Steam Datagram Relay)\n");
+ ndpi_int_steam_add_connection(ndpi_struct, flow);
+ return;
+ }
+ }
+
/* Check if we so far detected the protocol in the request or not. */
if (flow->steam_stage1 == 0) {
NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n");
--
2.32.0

29
fix-makefile.patch Normal file
View File

@@ -0,0 +1,29 @@
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index b446ba2..e5d0ea4 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -11,7 +11,6 @@ RANLIB = @RANLIB@
#
# Installation directories
#
-PREFIX = @prefix@
libdir = @libdir@
includedir = @includedir@/ndpi
ifneq ($(OS),Windows_NT)
@@ -96,10 +95,10 @@ cppcheck:
cppcheck --template='{file}:{line}:{severity}:{message}' --quiet --enable=all --force -I ../include *.c protocols/*.c
install: $(NDPI_LIBS)
- mkdir -p $(DESTDIR)$(PREFIX)$(libdir)
- cp $(NDPI_LIBS) $(DESTDIR)$(PREFIX)$(libdir)/
- cp -P $(NDPI_LIB_SHARED_BASE) $(DESTDIR)$(PREFIX)$(libdir)/
- cp -P $(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) $(DESTDIR)$(PREFIX)$(libdir)/
- mkdir -p $(DESTDIR)$(PREFIX)$(includedir)
+ mkdir -p $(DESTDIR)$(libdir)
+ cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/
+ cp -P $(NDPI_LIB_SHARED_BASE) $(DESTDIR)$(libdir)/
+ cp -P $(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) $(DESTDIR)$(libdir)/
+ mkdir -p $(DESTDIR)$(includedir)
#Avoid installing private header
- find ../include/*.h ! -name ndpi_private.h -exec cp "{}" $(DESTDIR)$(PREFIX)$(includedir)/ \;
+ find ../include/*.h ! -name ndpi_private.h -exec cp "{}" $(DESTDIR)$(includedir)/ \;

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:99e0aba6396fd633c3840f30e4942f6591a08066d037f560b65ba64e7310f4d6
size 120053617

3
ndpi-4.12.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:28b0029877bbc970a8acc924664541c71e76e7a45e3761d5d0ddf3e695b6878c
size 47562110

View File

@@ -1,3 +1,20 @@
-------------------------------------------------------------------
Fri Dec 20 16:18:54 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Update to version 4.12
* https://github.com/ntop/nDPI/releases/tag/4.12
* https://github.com/ntop/nDPI/releases/tag/4.10
* https://github.com/ntop/nDPI/releases/tag/4.8
* https://github.com/ntop/nDPI/releases/tag/4.6
* https://github.com/ntop/nDPI/releases/tag/4.4
* https://github.com/ntop/nDPI/releases/tag/4.2
- Drop not longer needed patches
* 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
* 0002-Report-whether-a-protocol-is-encrypted.patch
* 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
- Add patch:
* fix-makefile.patch
-------------------------------------------------------------------
Thu Feb 22 13:56:41 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@@ -1,8 +1,8 @@
#
# spec file for package ndpi
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2017-2021, Martin Hauke <mardnh@gmx.de>
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2017-2024, Martin Hauke <mardnh@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,13 +17,12 @@
#
%define sover 4
%ifarch %{ix86} x86_64
%bcond_without hyperscan
%endif
%define sover 4
Name: ndpi
Version: 4.0
Version: 4.12
Release: 0
Summary: Extensible deep packet inspection library
# wireshark/ndpi.lua is GPL-3.0-or-later
@@ -31,12 +30,7 @@ License: LGPL-3.0-only
Group: Development/Libraries/C and C++
URL: https://github.com/ntop/nDPI
Source: https://github.com/ntop/nDPI/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
# PATCH-FIX-UPSTREAM 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch # ntopng 5.0 needs this from the ndpi 4.0-stable branch
Patch0: 0001-Added-ability-to-report-whether-a-protocol-is-encryp.patch
# PATCH-FIX-UPSTREAM 0002-Report-whether-a-protocol-is-encrypted.patch # ntopng 5.0 needs this from the ndpi 4.0-stable branch
Patch1: 0002-Report-whether-a-protocol-is-encrypted.patch
# PATCH-FIX-UPSTREAM 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
Patch2: 0003-Firs-crash-on-ARM-during-steam-protocol-dissection.patch
Patch0: fix-makefile.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -110,18 +104,17 @@ This package contains common files used by nDPI.
%autosetup -p1 -n nDPI-%{version}
%build
sh autogen.sh
autoreconf -fiv
%configure \
%if 0%{with hyperscan}
--with-hyperscan \
%endif
--prefix="%{_prefix}"
make %{?_smp_mflags}
%{nil}
%make_build
%install
%make_install PREFIX=%{_prefix} prefix=%{_prefix} libdir=%{_libdir}
rm -f %{buildroot}/%{_libdir}/libndpi.a
rm -f %{buildroot}/%{_sbindir}/ndpi
%make_install
rm %{buildroot}/%{_libdir}/libndpi.a
%post -n libndpi%{sover} -p /sbin/ldconfig
%postun -n libndpi%{sover} -p /sbin/ldconfig
@@ -140,8 +133,8 @@ rm -f %{buildroot}/%{_sbindir}/ndpi
%files -n ndpi-common
%license COPYING
%doc CHANGELOG.md README.md README.nDPI README.protocols
%doc doc/nDPI_QuickStartGuide.pdf
%doc CHANGELOG.md README.md
%doc doc/guide/nDPI_QuickStartGuide.pdf
%{_datadir}/%{name}
%changelog