Skip to content

4.10 Stable

Latest
Compare
Choose a tag to compare
@lucaderi lucaderi released this 05 Aug 07:50
· 4 commits to 4.10-stable since this release
85ecb10

Major Changes

  • Initial work towards First Packet Classification (FPC)

New Supported Protocols and Services

  • Add OpenWire support (#2513)
  • FPC: add DNS correlation (#2497)
  • ipaddr2list.py, ndpi2timeline.py: reformatted (#2509)
  • Add Nano (XNO) protocol support (#2508)
  • Added ClickHouse protocol
  • Add HLS support (#2502)
  • Add infrastructure for explicit support of Fist Packet Classification (#2488)
  • Add detection of Twitter bot (#2487)
  • Added default port mappings to ndpiReader help -H (#2477)
  • Add Ripe Atlas probe protocol. (#2473)
  • Add ZUG consensus protocol dissector. (#2458)
  • Added NDPI_PROBING_ATTEMPT risk
  • DTLS: add support for DTLS 1.3 (#2445)
  • Added dpi.compute_entropy configuration parameter
  • Add Call of Duty Mobile support (#2438)
  • Add Ethernet Global Data support (#2437)
  • Viber: add detection of voip calls and avoid false positives (#2434)
  • Add support for Mastodon, Bluesky and (FB-)Threads (#2418)
  • Fixes JA4 computation adding a better GREASE detect funzion
  • DTLS: add support for Alert message type (similar to TLS) (#2406)
  • Add Adobe Connect support (#2407)
  • Remove PPStream protocol and add iQIYI (#2403)
  • Add BFCP protocol support (#2401)
  • Add strlcpy implementation (#2395)
  • Add KNXnet/IP protocol support (#2397)
  • STUN: add support for ipv6 in some metadata (#2389)
  • Implemented STUN peer_address, relayed_address, response_origin, other_address parsing Added code to ignore invalid STUN realm Extended JSON output with STUN information
  • Add Label Distribution Protocol support (#2385)
  • Add The Elder Scrolls Online support (#2376)
  • Add Shellscript risk detection. (#2375)
  • Add PE32/PE32+ risk detection (detect transmitted windows executables). (#2312)
  • Added support for STUN Mapped IP address
  • Added binary data transfer risk alert
  • Add LoL: Wild Rift detection (#2356)
  • STUN: add dissection of XOR-PEER-ADDRESS with ipv6 address
  • Add FLUTE protocol dissector (#2351)
  • Add PFCP protocol dissector (#2342)
  • Add Path of Exile protocol dissector (#2337)
  • Add NetEase Games detection support (#2335)
  • Add Naraka Bladepoint detection support (#2334)
  • Add BFD protocol dissector (#2332)
  • Add DLEP protocol dissector (#2326)
  • Add ANSI C12.22 protocol dissector (#2317)
  • TLS: add configuration of JA* fingerprints (#2313)
  • Add detection of Gaijin Entertainment games (#2311)
  • Add new AppsFlyer domain (#2307)
  • Add TencentGames protocol dissector (#2306)
  • Add Gearman protocol dissector (#2297)
  • Add Raft protocol dissector. (#2286)
  • Add Radmin protocol dissector (#2283)
  • Add STOMP protocol dissector (#2280)
  • Add ElectronicArts detection support (#2274)
  • Add Yojimbo (netcode) protocol dissector (#2277)
  • Add a dedicated dissector for Zoom (#2265)
  • Add Mumble detection support (#2269)
  • Add KCP protocol dissector. (#2257)
  • Add PIA (Private Internet Access) support (#2250)
  • Add more adult content hostnames (#2247)
  • Add Roughtime protocol dissector. (#2248)
  • Add realtime protocol output to ndpiReader. (#2197)
  • Add Google Chat support (#2244)
  • ndpiReader: add breed stats on output used for CI (#2236)
  • Add Ceph protocol dissector (#2242)
  • Add HL7 protocol dissector (#2240)
  • Add IEC62056 (DLMS/COSEM) protocol dissector (#2229)
  • Add NoMachine NX protocol dissector (#2234)
  • Add Apache Kafka protocol dissector (#2226)
  • Add WebDAV detection support (#2224)
  • Add JSON-RPC protocol dissector (#2217)
  • Add OpenFlow protocol dissector (#2222)
  • Add UFTP protocol dissector (#2215)
  • Add HiSLIP protocol dissector (#2214)
  • Add PROFINET/IO protocol dissector (#2213)
  • Add Monero protocol classification. (#2196)
  • Add Ether-S-Bus protocol dissector (#2200)
  • Add IEEE C37.118 protocol dissector (#2193)
  • Add ISO 9506-1 MMS protocol dissector (#2189)
  • Add Beckhoff ADS protocol dissector (#2181)
  • Add Schneider Electric’s UMAS detection support (#2180)
  • Add Ether-S-I/O protocol dissector (#2174)
  • Add Omron FINS protocol dissector (#2172)
  • Rework S7Comm dissector; add S7Comm Plus support (#2165)
  • Add OPC UA protocol dissector (#2169)
  • Add RTPS protocol dissector (#2168)
  • Add HART-IP protocol dissector (#2163)
  • Add IEEE 1588-2008 (PTPv2) dissector (#2156)
  • Added TeslaServices and improved TikTok host names. Fixes #2140. (#2144)
  • Add ethereum protocol dissector. (#2111)
  • Added generic Google Protobuf dissector. (#2109)
  • Add CAN over Ethernet dissector.

Improvements

  • Enhanced PrimeVideo detection
  • Enhanced ookla tracing
  • Improved ICMP malformed packet risk description
  • Improve detection of Cloudflare WARP traffic (#2491)
  • tunnelbear: improve detection over wireguard (#2485)
  • Improve detection of Twitter/X (#2482)
  • Zoom: fix detection of screen sharing (#2476)
  • Improved detection of Android connectiity checks
  • Zoom: fix integer overflow (#2469)
  • RTP/STUN: look for STUN packets after RTP/RTCP classification (#2465)
  • Zoom: faster detection of P2P flows (#2467)
  • Added NDPI_PROTOCOL_NTOP assert and removed percentage comparison (#2460)
  • Add extra entropy checks and more precise(?) analysis. (#2383)
  • STUN: improve extraction of Mapped-Address metadata (#2370)
  • Added support for roaring bitmap v3 (#2355)
  • Add more TencentGames signatures (#2354)
  • Added DGA exception for Dropbox
  • QUIC: add heuristic to detect unidirectional GQUIC flows (#2207)
  • fuzzing: improve coverage (#2495)
  • Improve detection of Cloudflare WARP traffic (#2491)
  • fuzz: improve fuzzers using pl7m (#2486)
  • wireshark: lua: minor improvements
  • Improved logic for checking invalid DNS queries
  • fuzz: improve fuzzing coverage (#2474)
  • Improved Kafka dissector. (#2456)
  • H323: improve detection and avoid false positives (#2432)
  • Fix/improve fuzzing (#2426) (#2400)
  • eDonkey: improve/update classification (#2410)
  • Domain Classification Improvements (#2396)
  • STUN: improve extraction of Mapped-Address metadata (#2370)
  • Improve LoL: Wild Rift detection (#2359)
  • Improve TencentGames detection (#2353)
  • STUN: improve heurstic to detect old classic-stun
  • ahocorasick: improve matching with subdomains (#2331)
  • Improved alert on suspicious DNS traffic
  • Telegram: improve identification
  • Improved Telegram detection
  • Improved modbus dissection to discard false positives
  • Improved Polish gambling sites fetch script. (#2315)
  • fuzz: improve fuzzing coverage (#2309)
  • Improve normalization of flow->host_server_name (#2310)
  • Improve ndpi_set_config error printing. (#2300)
  • Improve MySQL detection (#2279)
  • Improve handling of custom rules (#2276)
  • Zoom: improve detection (#2270)
  • Improved ndpi_get_host_domain
  • Bittorrent: improve detection of UTPv1 (#2259)
  • Improved uTorrent via utp (TCP-like streams over UDP). (#2255)
  • fuzz: improve fuzzing coverage (#2239)
  • fuzz: improve fuzzing coverage (#2220)
  • Improved belgium gambling sites regex. (#2184)
  • Improve CORBA detection (#2167)
  • STUN: improve demultiplexing of DTLS packets (#2153)
  • Improved TFTP. Fixes #2075. (#2149)
  • fuzz: improve coverage and remove dead code (#2135)
  • Improved Protobuf dissector. (#2119)
  • Improved detection as non DGA for hostnames belnging to a CDN (#2068)
  • Improved CryNetwork protocol dissector.

Tools

  • Make the CI faster (#2475)
  • Add a script to download/update the domain suffix list (#2321)
  • Add identification of Huawei generic and cloud traffic (#2325)
  • ndpiReader: improve the check on max number of pkts processed per flow (#2261)
  • Added default port mappings to ndpiReader help -H (#2477)
  • ndpiReader: restore ndpiReader -x $DOMAIN_NAME functionality (#2329)
  • ndpiReader: improve the check on max number of pkts processed per flow (#2261)
  • ndpiReader: fix memory leak
  • Add realtime protocol output to ndpiReader. (#2197)
  • ndpiReader: add breed stats on output used for CI (#2236)
  • ndpiReader: avoid creating two detection modules when processing traffic/traces (#2209)
  • ndpiReader: fix guessed_flow_protocols statistic (#2203)

Misc

  • Improved tests coverage
  • Varisous performance improvements
  • Added stress test
  • Added new API calls - ndpi_load_domain_suffixes() - ndpi_get_host_domain_suffix()
  • Add some fast CRC16 algorithms implementation (#2195)
  • Add a FAQ for the project (#2185)
  • Ip address list: aggregate Mullvad and Tor lists too (#2154)
  • IP lists: aggregate addresses wherever possible (#2152)
  • Added malicious sites from the polish cert. (#2121)
  • IPv6: add support for custom categories (#2126)
  • IPv6: add support for IPv6 risk exceptions (#2122)
  • IPv6: add support for custom rules (#2120)
  • IPv6: add support for IPv6 risk tree (#2118)
  • ipv6: add support for ipv6 addresses lists (#2113)