| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
RabbitMQ 3.9.15
Core Server
Bug Fixes
Stream delivery rate could drop if concurrent stream consumers consumed in a way
that made them reach the end of the stream often.
If a cluster that had streams enabled was upgraded with a jump of multiple
patch releases, stream state could fail an upgrade.
Significantly faster queue re-import from definitions
on subsequent node restarts. Initial definition import still takes
the same amount of time as before.
Priority queues could run into an exception in some cases.
Maintenance mode could run into a timeout during queue leadership transfer.
Prometheus Plugin
Bug Fixes
Prometheus collector could run into an exception early on node's
schema database sync.
Management Plugin
Bug Fixes
Connection data transfer rate units were incorrectly displayed when
rate was less than 1 kiB per second.
rabbitmqadmin now correctly loads TLS-related keys from its configuration file.
Corrected a help message for node memory usage tool tip.
LDAP Plugin
Enhancements
More Erlang 24.3's eldap library compatibility improvements.
|
|
|
|
|
|
New in version 4.2
==================
Enhancements
------------
* Add support for NTPv4 extension field improving synchronisation
stability and resolution of root delay and dispersion (experimental)
* Add support for NTP over PTP (experimental)
* Add support for AES-CMAC and hash functions in GnuTLS
* Improve server interleaved mode to be more reliable and support
multiple clients behind NAT
* Update seccomp filter
* Add statistics about interleaved mode to serverstats report
Bug fixes
---------
* Fix RTC support with 64-bit time_t on 32-bit Linux
* Fix seccomp filter to work correctly with bind*device directives
* Suppress kernel adjustments of system clock (dosynctodr) on illumos
Other changes
-------------
* Switch Solaris support to illumos
|
|
|
|
7.1.6
Add reduce() method to errors for pickle compatible.
use unittest.mock instead of mock.
|
|
It's better to generate these lists from the resulting package to be
installed via DESTDIR, rather than the ingoing source, as not everything
found in the latter is installed. (The sed command also doesn't work
with BSD sed as intended, but that's left as-is.)
|
|
Changelog:
2021/08/13:
Change directory structure : include/ and src/ directories.
|
|
pkgsrc: Fetch source from main repository and not from github mirror. This will
avoid missing updates again due to non-mirrored releases.
0.7.0
-updated dependencies, added new -k flag. Fixes #5
0.6.8
-trying to circumvent new WatchMDH structures (yet incomplete)
0.6.7
-Now that we use the new YouTube API, the need for cipher decoding should be a
thing of the past.
|
|
atomic64.mk is already included in Makefile.common.
|
|
Addresses PR pkg/56787 from Chris Branton. (It looks like the list of
config files simply wasn't kept up to date. Partly that's because the
example code to generate the list wasn't looking for symlinks.)
|
|
get_iplayer 3.29 Release Notes
Changes in 3.29
There is a breaking change in this release
* Fixed bug that caused searches to fail when target episode title in
cache contained vertical bar (|) characters. Vertical bars now
converted to hyphens.
* Adjusted stream classification to accommodate BBC changes
* 960x540@25 streams are apparently no longer provided for
programmes first broadcast after approximately 2021-12-05. The
are still available for older programmes, including recent
repeats.
* 960x540@25 streams for new programmes have been replaced by
960x540@50 streams with the same bit rate. get_iplayer now
detects these lower-bitrate 50fps streams and classifies them
appropriately. Use --tv-lower-bitrate to prefer those streams if
they are available. The file sizes should be roughly the same as
the previous 25fps streams. You do not need to change your
preferences.
* Restored BBC Three schedules to the programme indexing to accomodate
its return as a broadcast channel. Perform a full rebuild of the TV
programme index cache if you want to ensure it includes all supported
BBC Three programmes:
get_iplayer --rebuild-cache
Ignore these warnings, as there were no BBC Three schedule listings
for that week:
WARNING: Got 0 programmes for BBC Three schedule page (HTML): https://www.bbc.co.uk/schedules/p00fzl95/2022/w01
WARNING: Failed to parse BBC Three schedule page: https://www.bbc.co.uk/schedules/p00fzl95/2022/w01
* Options related to recording quality have been changed
* Some command iine parameters have been renamed:
Old New Option Key
--modes --quality modes
--tv-mode --tv-quality tvmode
--radio-mode --radio-quality radiomode
--fps25 --tv-lower-bitrate fps25
The old command-line option names are scheduled for removal in
the next release. The option keys (used in preferences, presets,
and PVR searches) remain the same, so recording quality settings
in existing preferences, presets, and PVR searches will continue
to work.
* The possible recording quality settings have been reduced to:
Type Quality Settings Aliases Default
TV fhd,hd,sd,web,mobile 1080p,720p,540p,396p,288p hd,sd,web,mobile
Radio high,std,med,low 320k,128k,96k,48k high,std,med,low
In the next release, it will be a fatal error to enter an invalid
quality setting on the command line. Aliases can be used
interchangeably with their corresponding alphabetic codes. The
two substantive changes are that TV "high" quality is now "web",
and TV "low" quality is now "mobile". This makes TV and radio
quality settings distinct sets that can be mixed unambiguously
for --quality and the Web PVR Manager. All recording quality
settings that cannot be translated into values from the lists
above are discarded. See Recording Quality for further
information. See below for more information about the "fhd"
quality setting.
* BREAKING CHANGE: Existing quality settings (or recording modes)
saved in preferences, presets, and PVR searches will be
translated into new quality settings in a backwards-compatible
manner, with one exception. If your saved values have prefixes
denoting stream format (hls,hvf,had,dash,dvf,daf), or numeric
suffixes for specific streams, those prefixes and suffixes are
now stripped and ignored. You should never use numeric suffixes
since they are non-deterministic. In the unlikely event you need
to restrict the stream formats to record, use the new
--exclude-format option. --exclude-format=dash will exclude
MPEG-DASH streams, and --exclude-format=hls will exclude HLS
streams.
* If you have not specifed at least one of sd,web,high with
--tv-quality when downloading an audiodescribed programme,
get_iplayer will now insert those quality settings to ensure a
stream is available. HD is not available for audiodescribed
programmes.
* Changes to programme metadata fields
* No longer included in XML/JSON metadata files: durations,
geoblocked, modes, modesizes, unavailable, verpids, versions. Use
--info to see available version-dependent metadata values.
* Now included in XML/JSON metadata files: quality, verpid
* No longer displayed with --info unless --verbose is also
specified: modes, modesizes
* Now displayed with --info: qualities, qualitysizes
* Changes to application options
* --purge-files has been removed.
* --trim-history and --no-purge are now ignored and will be removed
in the next release. You can remove them from your preferences
with:
get_iplayer --prefs-del --trim-history=0 --no-purge
get_iplayer will no longer issue a warning to remove downloaded
programmes more than 30 days old.
* EXPERIMENTAL: Full HD streams (1080p)
* Before anyone asks: UHD 4k streams are still not available to
get_iplayer.
* get_iplayer now attempts to generate 1920x1080@50 ("fhd") stream
URLs for every programme that has 1280x720@50 ("hd") streams (so
no audiodescribed programmes). The purpose of these 1080p streams
is not known. They may be used for some smart TVs or set-top
boxes, or they may be a BBC experiment.
* It is not a bug if "fhd" streams are not available for a
programme. Do not depend on the presence of these streams. They
may disappear at any time. They are provided solely for you to
experiment with if you find them useful. You may decide that the
video quality of "fhd" streams does not justify their extra
download and storage requirements.
* The "fhd" streams are not included by default, nor are they
included when expanding the obsolete "best" shortcut if it is
saved in your preferences, presets, or PVR searches. You must
request "fhd" downloads specifically with --tv-quality=fhd or
--tv-quality=1080p. This is done in part to avoid resource shock
for the presumed majority of users who don't read release notes
and documentation, but also because the quality of "fhd" streams
varies greatly. If you wish to include "fhd" in your default
settings, save it in your preferences:
get_iplayer --prefs-add --tv-quality=fhd,hd,sd,web,mobile
* The bit rates for the "fhd" streams can vary quite a bit between
programmes. The maximum appears to be around 10 Mb/s (though most
are far lower), so output files could be up to ~90% larger than
their "hd" equivalents, in the region of 3.8 GB/hr for video.
Most will have far lower bit rates, sometimes lower than their
"hd" equivalents, likely due to more sophisticated compression
techniques being employed.
* Because of the method used to access the "fhd" streams,
get_iplayer can't estimate their actual bit rates, so it assumes
8 Mb/s, the value advertised in iPlayer metadata. Consequently,
file size estimates and download progress reports may be quite
far off.
* It has been observed in initial testing that MPEG-DASH "fhd"
downloads are much faster than HLS equivalents, so MPEG-DASH
streams are tried first, while the opposite is true for non-"fhd"
streams. This makes no difference to the output. The extra
post-processing time required for MPEG-DASH is more than offset
by the faster download. You can test the difference with
--tv-quality=fhd --exclude-format=hls and --tv-quality=fhd
--exclude-format=dash.
|
|
I tried it on NetBSD 9.2_STABLE and Fedora 35, and it doesn't work as
expected. Needs investigation.
|
|
RabbitMQ 3.9.14
Changes Worth Mentioning
Core Server
Bug Fixes
Restart of a node that hosted one or more stream leaders resulted in
their consumers not "re-attaching" to the newly elected leader.
Large fanouts experienced a performance regression when streams were not
enabled using a feature flag.
Stream management plugin did not support mixed version clusters.
Stream deletion did not result in a basic.cancel being sent to AMQP 0-9-1 consumers.
Stream clients did not receive a correct stream unavailability error in some
cases.
It is again possible to clear user tags and update the password in a single operation.
Enhancements
Forward compatibility with Erlang 25.
File handle cache efficiency improvements.
Uknown stream properties (e.g. those requested by a node that runs a newer version)
are now handled gracefully.
Temporary hostname resolution issues (attempts that fail with nxdomain)
are now handled more gracefully and with a delay of several seconds.
Build time compatibility with Elixir 1.13.
OAuth 2 AuthN/AuthZ Backend Plugin
Bug Fixes
auth_oauth2.additional_scopes_key in rabbitmq.conf was not converted correctly
during configuration translation and thus had no effect.
LDAP AuthN/AuthZ Backend Plugin
Enhancement
Adapt to a breaking Erlang 24.3 LDAP client change.
Shovel Plugin
Enhacements
Shovels now can be declared with delete-after parameter set to 0.
Such shovels will immediately stop instead of erroring and failing to
start after a node restart.
Consul Peer Discovery Plugin
Enhancements
Support for Consul 1.1 response code changes
when an operation is attempted on a non-existent health check.
|
|
0.14.0 / 2022-04-05 Latest
[ENHANCEMENT] Continued typing improvements and coverage.
[ENHANCEMENT] Allow binding to IPv6 addresses.
[ENHANCEMENT] Negotiate gzip content-encoding, enabled by default.
[ENHANCEMENT] Allow disabling _created metrics via the PROMETHEUS_DISABLE_CREATED_SERIES environment variable.
[BUGFIX] Correct minor typo in exception raised when exemplar labels are too long.
0.13.1 / 2022-01-28
[BUGFIX] Relax some type constraints that were too strict.
[BUGFIX] Explicitly export functions with __all__.
0.13.0 / 2022-01-25
[CHANGE] Drop support for Python versions 2.7, 3.4, and 3.5.
[FEATURE] Support adding labels when using .time()
[ENHANCEMENT] Begin to add type hints to functions.
[ENHANCEMENT] Improved go-to-declaration behavior for editors.
[BUGFIX] Remove trailing slashes from pushgateway URLS.
[BUGFIX] Catch non-integer bucket/count values
|
|
2.5.5
- CI: github actions: add the output of $CC -dM -E-
- CI: github actions: use cache for OpenTracing
- CI: refactor OpenTracing build script
- CI: github actions: use cache for SSL libs
- CI: Consistently use actions/checkout@v2
- BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
- BUILD: tree-wide: mark a few numeric constants as explicitly long long
- BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
- BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
- REGTESTS: fix the race conditions in normalize_uri.vtc
- REGTESTS: fix the race conditions in secure_memcmp.vtc
- BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
- BUG/MINOR: pool: always align pool_heads to 64 bytes
- BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
- BUILD: fix kFreeBSD build.
- MINOR: pools: add a new global option "no-memory-trimming"
- MINOR: stats: Add dark mode support for socket rows
- BUILD: pools: fix backport of no-memory-trimming on non-linux OS
- BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
- BUG/MINOR: add missing modes in proxy_mode_str()
- BUG/MINOR: cli: shows correct mode in "show sess"
- BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
- BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
- DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
- BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
- DEBUG: stream: Add the missing descriptions for stream trace events
- DEBUG: stream: Fix stream trace message to print response buffer state
- BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
- BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
- BUG/MEDIUM: httpclient: don't consume data before it was analyzed
- CLEANUP: htx: remove unused co_htx_remove_blk()
- BUG/MINOR: httpclient: consume partly the blocks when necessary
- BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
- BUG/MEDIUM: httpclient: must manipulate head, not first
- REGTESTS: fix the race conditions in be2hex.vtc
|
|
don't accidentally find asciidoctor which would cause documentation to
be built and installed.
|
|
|
|
Find your work across repositories
* Add gh status command
The status command displays issues and pull requests assigned to you from
anywhere on GitHub, as well as requests for your review, mentions of your
name, and notifications.
* gh search: Add search issues and search pull requests commands
Other New Features
* Add label list and label create commands
* Add ability to filter issue and pull request lists
* extension install: Add option to pin extensions to a version
* Add support for Dependabot secrets
* Add GH_DEBUG environment variable, deprecate DEBUG for verbose mode
Fixes
* Codespaces: Disallow some operations on codespaces that have a pending
operation
* Codespaces: Listen to agent port-forwarding events when forwarding ports
* cs ssh: remove unwanted trailing quote
* cs ssh: use setup example that should work with any ssh config
* cs cp: parse additional scp args
* cs create: rename repo permissions opt-out parameter
* pr view: respect GH_FORCE_TTY
* extension upgrade --all: do not throw an error if no extensions are
installed
* run download: fix extracting to root path
* pr create --web: fix escaping URL path components
* release list: fix "latest" release logic
* Text editor: only add UTF-8 BOM on Windows
* Bump github.com/AlecAivazis/survey/v2 from 2.3.2 to 2.3.4
|
|
|
|
Doesn't build, last release from 1999 and even then it said on the
homepage: "just a bunch of code thrown together and you can consider
yourself lucky it it goes as far as compiling."
|
|
Doesn't build against current libpcap, upstream development stopped in 2015
|
|
Upstream changes:
1.33 Dec 16, 2021
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
|
|
No upstream ChangeLog.
|
|
No upstream ChangeLog.
|
|
No upstream ChangeLog.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
dead upstream, youtube downloaders need regular updating
|
|
Last release from 1999, no upstream, does not build with current libpcap.
|
|
Abandoned upstream, project has been archived.
|
|
Wireshark 3.6.3 Release Notes
What’s New
Bug Fixes
The following bugs have been fixed:
• Fuzz job crash output: fuzz-2022-01-19-7399.pcap Issue 17894[1].
• TLS dissector incorrectly reports JA3 values Issue 17942[2].
• "Wiki Protocol page" in packet details menu is broken - wiki
pages not migrated to GitLab? Issue 17944[3].
• Dissector bug, protocol PFCP display Flow Description IE value
error in Additional Flow Description of PFD Management Request
Message Issue 17951[4].
• Bluetooth: Fails to open Log file for SCO connection Issue
17964[5].
• Fuzz job crash output: fuzz-2022-03-07-10896.pcap Issue 17984[6].
• libwiretap: Save as ERF causes segmentation fault Issue 17989[7].
• HTTP server returning multiple early hints shows too many
responses in "Follow HTTP Stream" Issue 18006[8].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
CSN.1, HTTP, IEEE 802.11, NTLM SSP, PFCP, PKTLOG, SSDP, TLS, and USB
HID
New and Updated Capture File Support
pcap and pcapng
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
0.14.4 (2022-02-23)
- Update type hints for pyright
0.14.3 (2022-02-15)
- Add type hints
|
|
ntopng 5.2 (February 2022)
Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support (data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points
Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed (delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
* Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
* Optimize polling of SNMP devices
* Improve SNMP v3 support
* Add more information including version
* Stateful SNMP alert to detect too many MACs on non-trunk
* Perform fat MIBs poll on average every 15 minutes
* Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
* Getter for the bridge MIB
* Getter for LLDP adjacencies
* Check for BPF filters
* Score charts timeseries and analysis
Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs
Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, /get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries
Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup
nEdge
* Add support for Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button
ntopng 5.0 (August 2021)
Breakthroughs
* Advanced alerts engine with security features, including the detection of [attackers and victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
* Integration of 30+ [nDPI security risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
* Generation of the `score` [indicator of compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover self-signed, expired, invalid certificates and other issues
New features
* Ability to configure alert exclusions for individual hosts to mitigate false positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access
Improvements
* Reworked the execution of hosts and flows checks (formerly user scripts), yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of [nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling
Fixes
* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface
Notes
* To ensure optimal performance and scalability and to prevent uneven resource utilization, the maximum number of interfaces handled by a single ntopng instance has been reduced to
* 16 (Enterprise M)
* 32 (Enterprise L)
* 8 (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts drilldown page with integrated charts
|
|
nDPI4.2 (Feb 2022)
New Features
- Add a "confidence" field indicating the reliability of the classification
- Add risk exceptions for services and domain names via ndpi_add_domain_risk_exceptions()
- Add ability to report whether a protocol is encrypted
New Supported Protocols and Services
- Add protocol detection for:
- Badoo
- Cassandra
- EthernetIP
Improvements
- Reduce memory footprint
- Improve protocol detection for:
- BitTorrent
- ICloud Private Relay
- IMAP, POP3, SMTP
- Log4J/Log4Shell
- Microsoft Azure
- Pandora TV
- RTP
- RTSP
- Salesforce
- STUN
- Whatsapp
- QUICv2
- Zoom
- Add flow risk:
- NDPI_CLEAR_TEXT_CREDENTIALS
- NDPI_POSSIBLE_EXPLOIT (Log4J)
- NDPI_TLS_FATAL_ALERT
- NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE
- Update WhatsAPP and Instagram addresses
- Update the list of default ports for QUIC
- Update WindowsUpdate URLs
- Add support for the .goog Google TLD
- Add googletagmanager.com
- Add bitmaps and API for handling compressed bitmaps
- Add JA3 in risk exceptions
- Add entropy calculation to check for suspicious (encrypted) payload
- Add extraction of hostname in SMTP
- Add RDP over UDP dissection
- Add support for TLS over IPV6 in Subject Alt Names field
- Improve JSON and CSV serialization
- Improve IPv6 support for almost all dissectors
- Improve CI and unit tests, add arm64, armhf and s390x as part of CI
- Improve WHOIS detection, reduce false positives
- Improve DGA detection for skipping potential DGAs of known/popular domain names
- Improve user agent analysis
- Reworked HTTP protocol dissection including HTTP proxy and HTTP connect
Changes
- TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)
- Numeric IPs are not considered for DGA checks
- Differentiate between standard Amazon stuff (i.e market) and AWS
- Remove Playstation VUE protocol
- Remove pandora.tv from Pandora protocol
- Remove outdated SoulSeek dissector
Fixes
- Fix race conditions
- Fix dissectors to be big-endian friendly
- Fix heap overflow in realloc wrapper
- Fix errors in Kerberos, TLS, H323, Netbios, CSGO, Bittorrent
- Fix wrong tuple comparison
- Fix ndpi_serialize_string_int64
- Fix Grease values parsing
- Fix certificate mismatch check
- Fix null-dereference read for Zattoo with IPv6
- Fix dissectors initialization for XBox, Diameter
- Fix confidence for STUN classifications
- Fix FreeBSD support
- Fix old GQUIC versions on big-endian machines
- Fix aho-corasick on big-endian machines
- Fix DGA false positive
- Fix integer overflow for QUIC
- Fix HTTP false positives
- Fix SonarCloud-CI support
- Fix clashes setting the hostname on similar protocols (FTP, SMTP)
- Fix some invalid TLS guesses
- Fix crash on ARM (Raspberry)
- Fix DNS (including fragmented DNS) dissection
- Fix parsing of IPv6 packets with extension headers
- Fix extraction of Realm attribute in STUN
- Fix support for START-TLS sessions in FTP
- Fix TCP retransmissions for multiple dissectors
- Fix DES initialisation
- Fix Git protocol dissection
- Fix certificate mismatch for TLS flows with no client hello observed
- Fix old versions of GQUIC on big-endian machines
Misc
- Add tool for generating automatically the Azure IP list
nDPI 4.0 (July 2021)
New Features
- Add API for computing RSI (Relative Strenght Index)
- Add GeoIP support
- Add fragments management
- Add API for jitter calculation
- Add single exponential smoothing API
- Add timeseries forecasting support implementing Holt-Winters with confidence interval
- Add support for MAC to radi tree and expose the full API to applications
- Add JA3+, with ALPN and elliptic curve
- Add double exponential smoothing implementation
- Extended API for managing flow risks
- Add flow risk score
- New flow risks:
- Desktop or File Sharing Session
- HTTP suspicious content (useful for tracking trickbot)
- Malicious JA3
- Malicious SHA1
- Risky domain
- Risky AS
- TLS Certificate Validity Too Long
- TLS Suspicious Extension
New Supported Protocols and Services
- New protocols:
- AmongUs
- AVAST SecureDNS
- CPHA (CheckPoint High Availability Protocol)
- DisneyPlus
- DTLS
- Genshin Impact
- HP Virtual Machine Group Management (hpvirtgrp)
- Mongodb
- Pinterest
- Reddit
- Snapchat VoIP calls
- Tumblr
- Virtual Asssitant (Alexa, Siri)
- Z39.50
- Add protocols to HTTP as subprotocols
- Add detection of TLS browser type
- Add connectionless DCE/RPC detection
Improvements
- 2.5x speed bump. Example ndpiReader with a long mixed pcap
v3.4 - nDPI throughput: 1.29 M pps / 3.35 Gb/sec
v4.0 - nDPI throughput: 3.35 M pps / 8.68 Gb/sec
- Improve detection/dissection of:
- AnyDesk
- DNS
- Hulu
- DCE/RPC (avoid false positives)
- dnscrypt
- Facebook (add new networks)
- Fortigate
- FTP Control
- HTTP
- Fix user-agent parsing
- Fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined
- IEC104
- IEC60870
- IRC
- Netbios
- Netflix
- Ookla speedtest (detection over IPv6)
- openspeedtest.com
- Outlook / MicrosoftMail
- QUIC
- update to draft-33
- improve handling of SNI
- support for fragmented Client Hello
- support for DNS-over-QUIC
- RTSP
- RTSP via HTTP
- SNMP (reimplemented)
- Skype
- SSH
- Steam (Steam Datagram Relay - SDR)
- STUN (avoid false positives, improved Skype detection)
- TeamViewer (add new hosts)
- TOR (update hosts)
- TLS
- Certificate Subject matching
- Check for common ALPNs
- Reworked fingerprint calculation
- Fix extraction for TLS signature algorithms
- Fix ClientHello parsing
- UPnP
- wireguard
- Improve DGA detection
- Improve JA3
- Improve Mining detection
- Improve string matching algorithm
- Improve ndpi_pref_enable_tls_block_dissection
- Optimize speed and memory size
- Update ahocorasick library
- Improve subprotocols detection
Fixes
- Fix partial application matching
- Fix multiple segfault and leaks
- Fix uninitialized memory use
- Fix release of patterns allocated in ndpi_add_string_to_automa
- Fix return value of ndpi_match_string_subprotocol
- Fix setting of flow risks on 32 bit machines
- Fix TLS certificate threshold
- Fix a memory error in TLS JA3 code
- Fix false positives in Z39.50
- Fix off-by-one memory error for TLS-JA3
- Fix bug in ndpi_lru_find_cache
- Fix invalid xbox and playstation port guesses
- Fix CAPWAP tunnel decoding
- Fix parsing of DLT_PPP datalink type
- Fix dissection of QUIC initial packets coalesced with 0-RTT one
- Fix parsing of GTP headers
- Add bitmap boundary checks
Misc
- Update download category name
- Update category labels
- Renamed Skype in Skype_Teams (the protocol is now shared across these apps)
- Add IEC analysis wireshark plugin
- Flow risk visualization in Wireshark
- ndpiReader
- add statistics about nDPI performance
- fix memory leak
- fix collecting of risks statistics
- Move installed libraries from /usr/local to /usr
- Improve NDPI_API_VERSION generation
- Update ndpi_ptree_match_addr prototype
|
|
|
|
|
|
|
|
Successor ntopng is already in pkgsrc.
Ok adam@
|
|
|
|
a result of running mkpatches after 'make configure'.
|
|
Security update - from upstream's release nites:
Changes in 3.1.13
~~~~~~~~~~~~~~~~~
* FIX: CVE-2021-31439
* FIX: CVE-2022-23121
* FIX: CVE-2022-23123
* FIX: CVE-2022-23122
* FIX: CVE-2022-23125
* FIX: CVE-2022-23124
* FIX: CVE-2022-0194
* FIX: afpd: make a variable declaration a definition
* UPD: Remove bundled libevent
|
