Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libndpi3-3.2-lp152.2.2 RPM for x86_64

From OpenSuSE Leap 15.2 for x86_64

Name: libndpi3 Distribution: openSUSE Leap 15.2
Version: 3.2 Vendor: openSUSE
Release: lp152.2.2 Build date: Sat May 16 19:07:43 2020
Group: System/Libraries Build host: sheep81
Size: 1268457 Source RPM: ndpi-3.2-lp152.2.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/ntop/nDPI
Summary: Extensible deep packet inspection library
nDPI is a ntop-maintained superset of the OpenDPI library. It extends
the original library by adding new protocols that are otherwise
available only on the paid version of OpenDPI. nDPI was modified to
be more suitable for traffic monitoring applications, by disabling
specific features that slow down the DPI engine while being them
un-necessary for network traffic monitoring.

Provides

Requires

License

LGPL-3.0-only

Changelog

* Fri Apr 24 2020 Petr Cervinka <petr@cervinka.net>
  - Add upstream patch to fix ntopng build failure (ntopng#3675)
    001-Refresh-of-ndpi_netbios_name_interpret.patch
* Thu Feb 20 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 3.2
    New Features
    * New API calls
    * Protocol detection: ndpi_is_protocol_detected
    * Categories: ndpi_load_categories_file / ndpi_load_category
    * JSON/TLV serialization: ndpi_serialize_string_boolean /
      ndpi_serialize_uint32_boolean
    * Patricia tree: ndpi_load_ipv4_ptree
    * Module initialization: ndpi_init_detection_module /
      ndpi_finalize_initalization
    * Base64 encoding: ndpi_base64_encode
    * JSON export: ndpi_flow2json
    * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
    * Libfuzz integration
    * Implemented Community ID hash (API call ndpi_flowv6_flow_hash
      and ndpi_flowv4_flow_hash)
    * Detection of RCE in HTTP GET requests via PCRE
    * Integration of the libinjection library to detect SQL
      injections and XSS type attacks in HTTP requests
    New Supported Protocols and Services
    * TLS: new decode
    * Added ALPN support
    * Added export of supported version in TLS header
    * Added Telnet dissector with metadata extraction
    * Added Zabbix dissector
    * Added POP3/IMAP metadata extraction
    * Added FTP user/password extraction
    * Added NetBIOS metadata extraction
    * Added Kerberos metadata extraction
    * Implemented SQL Injection and XSS attack detection
    * Host-based detection improvements and changes
    * Added Microsoft range
    * Added twitch.tv website
    * Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
    * Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
    * Added 52.84.0.0/14 range as Amazon
    * Added pastebin.com
    * Changed 13.64.0.0/11 range from Skype to Microsoft
    * Refreshed Whatsapp server list, added whatsapp-.fbcdn.net IPs
    * Added public DNSoverHTTPS servers
    Improvements
    * Reworked and improved the TLS dissector
    * Reworked Kerberos dissector
    * Improved DNS response decoding
    * Support for DNS continuous flow dissection
    * Improved Python bindings
    * Improved Ethereum support
    * Improved categories detection with streaming and HTTP
    * Support for IP-based detection to compute the application
      protocol
    * Renamed protocol 104 to IEC60870 (more meaningful)
    * Added failed authentication support with FTP
    * Renamed DNSoverHTTPS to handle bot DoH and DoT
    * Implemented stacked DPI decoding
    * Improvements for CapWAP and Bloomberg
    * Improved SMB dissection
    * Improved SSH dissection
    * Added capwap support
    * Modified API signatures for ndpi_ssl_version2str /
      ndpi_detection_giveup
    * Removed ndpi_pref_http_dont_dissect_response /
      ndpi_pref_dns_dont_dissect_response (replaced by
      ndpi_extra_dissection_possible)
    Fixes
    * Fixed memory invalid access in SMTP and leaks in TLS
    * Fixed a few memory leaks
    * Fixed invalid memory access in a few protocol dissectors (HTTP,
      memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
    * Fixed IPv6 address format across the various platforms
    * Fixed infinite loop in ndpi_workflow_process_packet
    * Fixed SHA1 certificate detection
    * Fixed custom protocol detection
    * Fixed SMTP dissection (including email)
    * Fixed Telnet dissection and invalid password report
    * Fixed invalid category matching in HTTP
    * Fixed Skype and STUN false positives
    * Fixed SQL Injection detection
    * Fixed invalid SMBv1 detection
    * Fixed SSH dissection
    * Fixed ndpi_ssl_version2str
    * Fixed ndpi_extra_dissection_possible
    * Fixed out of bounds read in ndpi_match_custom_category
    ndpiReader
    * CSV output enhancements
    * Added tunnelling decapsulation
    * Improved HTTP reporting
    * Added scan and HTTP attacks (XSS, SQL Injection) detection
* Thu Jan 02 2020 Martin Hauke <mardnh@gmx.de>
  - Add hyperscan-devel as dependency to libndpi-devel
* Wed Dec 25 2019 Martin Hauke <mardnh@gmx.de>
  - Drop not longer needed patches (fixed upstream)
    * ndpi-fix-build.patch
    * reproducible.patch
  - Update to version 3.0
    New Features
    * nDPI now reports the protocol ASAP even when specific fields
      have not yet been dissected because such packets have not yet
      been observed. This is important for inline applications that
      can immediately act on traffic. Applications that need full
      dissection need to call the new API function
      ndpi_extra_dissection_possible() to check if metadata dissection
      has been completely performed or if there is more to read before
      declaring it completed.
    * TLS (formerly identified as SSL in nDPI v2.x) is now dissected
      more deeply, certificate validity is extracted as well
      certificate SHA-1.
    * nDPIreader can now export data in CSV format with option -C
    * Implemented Sequence of Packet Length and Time (SPLT) and Byte
      Distribution (BD) as specified by Cisco Joy
      (https://github.com/cisco/joy). This allows malware activities
      on encrypted TLS streams.
    * Available as library and in ndpiReader with option -J
    * Promoted usage of protocol categories rather than protocol
      identifiers in order to classify protocols. This allows
      application protocols to be clustered in families and thus better
      managed by users/developers rather than using hundred of
      protocols unknown to most of the people.
    * Added Inter-Arrival Time (IAT) calculation used to detect
      protocol misbehaviour (e.g. slow-DoS detection)
    * Added data analysis features for computign metrics such as
      entropy, average, stddev, variance on a single and consistent
      place that will prevent when possible. This should ease traffic
      analysis on monitoring/security applications. New API calls have
      been implemented such as ndpi_data_XXX() to handle these
      calculations.
    * Initial release of Python bindings available under nDPI/python.
    * Implemented search of human readable strings for promoting data
      exfiltration detection
    * Available as library and in ndpiReader with option -e
    * Fingerprints
      JA3 (https://github.com/salesforce/ja3)
      HASSH (https://github.com/salesforce/hassh)
      DHCP
    * Implemented a library to serialize/deserialize data in both
      Type-Length-Value (TLV) and JSON format
    New Supported Protocols and Services
    * DTLS (i.e. TLS over UDP)
    * Hulu
    * TikTok/Musical.ly
    * WhatsApp Video
    * DNSoverHTTPS
    * Datasaver
    * Line protocol
    * Google Duo and Hangout merged
    * WireGuard VPN
    * IMO
    * Zoom.us
    Improvements
    * TLS
      + Organizations
      + Ciphers
      + Certificate analysis
    * Added PUBLISH/SUBSCRIBE methods to SIP
    * Implemented STUN cache to enhance matching of STUN-based protocols
    * Dissection improvements
      + Viber
      + WhatsApp
      + AmazonVideo
      + SnapChat
      + FTP
      + QUIC
      + OpenVPN support for UDP-based VPNs
      + Facebook Messenger mobile
      + Various improvements for STUN, Hangout and Duo
    * Added new categories:
      + CUSTOM_CATEGORY_ANTIMALWARE,
      + NDPI_PROTOCOL_CATEGORY_MUSIC,
      + NDPI_PROTOCOL_CATEGORY_VIDEO,
      + NDPI_PROTOCOL_CATEGORY_SHOPPING,
      + NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY
      + NDPI_PROTOCOL_CATEGORY_FILE_SHARING
    * Added NDPI_PROTOCOL_DANGEROUS classification
    Fixes
    * Fixed the dissection of certain invalid DNS responses
    * Fixed Spotify dissection
    * Fixed false positives with FTP and FTP_DATA
    * Fix to discard STUN over TCP flows
    * Fixed MySQL dissector
    * Fix category detection due to missing initialization
    * Fix DNS rsp_addr missing in some tiny responses
    * Various hardening fixes
* Wed Jun 05 2019 Bernhard Wiedemann <bwiedemann@suse.com>
  - Add reproducible.patch to override build date (boo#1047218)
* Sat Mar 30 2019 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.8
    New Supported Protocols and Services
    * Added Modbus over TCP dissector
    Improvements
    * Wireshark Lua plugin compatibility with Wireshark 3
    * Improved MDNS dissection
    * Improved HTTP response code handling
    * Full dissection of HTTP responses
    Fixes
    * Fixed false positive mining detection
    * Fixed invalid TCP DNS dissection
    * Releasing buffers upon realloc failures
    * ndpiReader: Prevents references after free
    * Endianness fixes
    * Fixed IPv6 HTTP traffic dissection
    * Fixed H.323 detection
    Other
    * Disabled ookla statistics which need to be improved
    * Support for custom protocol files of arbitrary length
    * Update radius.c to RFC2865
* Sun Feb 24 2019 schwab@suse.de
  - override prefix and libdir during install
  - ndpi-fix-build.patch: don't install multiple copies of the library
* Tue Jan 08 2019 Jan Engelhardt <jengelh@inai.de>
  - Compact descriptions of all but the most promiment package
    (libndpi2) for size. Trim bias and metadata redundancies, too.
* Mon Jan 07 2019 mardnh@gmx.de
  - Add wireshark/ndpi.lua to the doc section of ndpi-tools
  - Add a comment to clarify the license of wireshark/ndpi.lua
* Fri Dec 28 2018 mardnh@gmx.de
  - Rename files according to the package name nDPI -> ndpi
* Sat Dec 22 2018 mardnh@gmx.de
  - Update to version 2.6
    See /usr/share/doc/packages/libndpi2/CHANGELOG.md for the full
    changelog
* Sun Oct 22 2017 mardnh@gmx.de
  - Initial package, version 2.0

Files

/usr/lib64/libndpi.so.3
/usr/lib64/libndpi.so.3.2.0
/usr/share/doc/packages/libndpi3
/usr/share/doc/packages/libndpi3/CHANGELOG.md
/usr/share/doc/packages/libndpi3/README.md
/usr/share/doc/packages/libndpi3/README.nDPI
/usr/share/doc/packages/libndpi3/README.protocols
/usr/share/doc/packages/libndpi3/nDPI_QuickStartGuide.pdf
/usr/share/licenses/libndpi3
/usr/share/licenses/libndpi3/COPYING
/usr/share/ndpi
/usr/share/ndpi/ndpiCustomCategory.txt
/usr/share/ndpi/ndpiProtos.txt


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 11:31:35 2024