Log Message:
ndpi: updated to 4.8

4.8 Stable

Major Changes

Reworked lists implementation that decreased memory usage of orders of magnitude
Improved code robustness via extensive code fuzzing
Various improvements to overall library performance
Extended IPv6 support

New Supported Protocols and Services

Add "Heroes of the Storm" video game signature detection.
Add Apache Thrift protocol dissector.
Add Remote Management Control Protocol (RMCP).
Add Service Location Protocol dissector.
Add VK detection
Add Yandex services detection
Add a new protocol id for generic Adult Content traffic
Add a new protocol id for generic advertisement/analytics/tracking stuff
Add bitcoing protocol dissector.
Add detection of Roblox games
Add support for (un-encrypted) HTTP/2
Add support for Epic Games and GeForceNow/Nvidia
Add support for SRTP
Added BACnet dissector.
Added HAProxy protocol.
Added OICQ dissector.
Added OperaVPN detection
ProtonVPN: add basic detection
Added detection of Facebook Reels and Stories
Add an heuristic to detect fully encrypted flows
Added NDPI_MALWARE_HOST_CONTACTED flow risk
Added NDPI_TLS_ALPN_SNI_MISMATCH flow risk

Improvements

Improve protocol detection for:
FreeBSD compilation fix (C) update
Gnutella: improve detection
H323: fix false positives
HTTP: fix another memory access error
HTTP: fix extraction of filename
HTTP: fix heap-buffer-overflow
HTTP: improve extraction of metadata and of flow risks
HTTP: remove useless code about XBOX
HTTP: rework state machine
Hangout: detect Hangout/Duo/GoogleMeet/... in the STUN code
Enhance DNS risk for long hostnames (> 32)
Enhanced MS teams STUN/Azure detection
Enhanced custom port definition and improved error reporting in case of duplications
Improve detection of Alibaba flows
Improve detection of crawler/bot traffic
Improve detection of crawlers/bots
Improved MGCP detection by allowing '\r' as line feed.
Improved MS Teams detection with heuristic
Improved Steam detection by adding steamdiscover pattern.
Improved Wireguard detection
Improved checks for duplicated entries in protocols file
Improved classification further reducing memory used
Improved detection of invalid chars in DNS names
Improved domain search tet unit
Improved helper scripts.
MS Teams enhancement
MySql: improve detection
zabbix: improve detection

Tools

ndpiReader: allow to configure LRU caches TTL and size
ndpiReader: fix VXLAN de-tunneling
ndpiReader: fix export of DNS/BitTorrent attributes
ndpiReader: fix export of HTTP attributes
ndpiReader: fix flow stats
ndpiReader: fix print of flow payload
ndpiReader: improve printing of payload statistics
ndpiReader: print how many packets (per flow) were needed to perform full DPI
ndpireader: fix detection of DoH traffic based on packet distributions

Misc

ARM compilation fix
Add ndpi_domain_classify_finalize() function
Add a configuration knob to enable/disable loading of gambling list
Add a new flow risk about literal IP addresses used as SNI
Add an heuristic to detect/ignore some anomalous TCP ACK packets
Add another example of custom rules
Add support for multiline json
Add support for roaring_bitmap_xor_inplace
Add support for vxlan decapsulation
Added Source Engine dissector.
Added lists/gambling.list to extra dist.
Added slackb.com SNI.
Added ability to define an unlimited number of custom rules IP:port for the same \ 
IP (it used tobe limited to 2)
Added check to avoid skype heuristic false positives
Added comment
Added coverage targets to Makefile.am for convenience.
Added fix for better handling exceptions rollback in case of later match
Added hyperlink
Added ndpi_binary_bitmap data structure
Added ndpi_bitmap64 support
Added ndpi_bitmap_andnot API call
Added ndpi_bitmap_copy() API call
Added ndpi_bitmap_is_empty() and ndpi_bitmap_optimize() API calls
Added ndpi_domain_classify_XXX(0 API
Added ndpi_filter_add_multi() API call
Added ndpi_murmur_hash to the nDPI API
Added new API calls for implementing Bloom-filter like data structures
Added printf/fprintf replacement for some internal modules.
Added scripts to auto generate hostname/SNI *.inc files.
Added sub-domain classification fix
Added the ability to define custom protocols with arbitrary Ids in proto.txt
Added vlan_id in ndpi_flow2json() prototype
Adds new pcap for testing "funny" HTTP servers
All protocols should be excluded sooner or later
Allow init of app protocols w/o any hostnames set.
Avoid calling ndpi_reconcile_protocols() twice in ndpi_detection_giveup()
Boundary check
CI: fix Performance job
Centos7 fixes
Changed logging callback function sig.
Changes for supporting more efficient sub-string matching
Classification fixes
DNS: extract geolocation information, if available
Debian 12 fixes
Disabled query string validation in MDNS in order to avoid zapping chars that in \ 
DNS (instead) are not permitted
DisneyPlus/Hulu ip lists should be auto-generated
Extend content list of Microsoft protocols
Extend content-match list
Fix LRU/Patricia/Automa stats in ndpiReader with multiple threads
Fix MS Teams detection with heuristic
Fix access to packet/flow information
Fix an heap-buffer-overflow
Fix classification-by-ip in ndpi_detection_giveup
Fix compilation
Fix compilation in CI jobs
Fix compilation on Windows
Fix compilation with GCC-7 and latest RoaringBitmap code
Fix detection of packet direction and NDPI_UNIDIRECTIONAL_TRAFFIC risk
Fix export/serialization of flow->risk
Fix for buffer overflow in serialization
Fix insert of ip addresses into patricia tree(s)
Fix missing u_char, u_short and u_int typedefs for some platforms e.g.:
Fix packet counters
Fix some errors found by fuzzers
Fix some memory errors triggered by allocation failures
Fix some prototypes
Fix string truncation.
Fixed OpenWRT arm related build issues.
Fixed heap-buffer-overflow issue
Fixed heap-overflow if compiled with --enable-tls-sigs.
Fixed invalid use of ndpi_free(). Sorry, my fault.
Fixed missing AS_HELP_STRING in configure.ac.
Fixed two OpenWRT arm related build issues.
Fixes matches with domain name strings that start with a dot
Fixes risk mask exception handling while improving the overall performance
Implemented Count-Min Sketch [count how many times a value has been observed]
Implemented Zoom/Teams stream type detection
Implemented ndpi_XXX_reset() API calls whre XXX is ses, des, hw
Implemented ndpi_predict_linear() for predicting a timeseries value overtime
Improved debug output.
Improved invalid logging via printf().
Improved line protocol dissection with heuristic
Improved missing usage of nDPIs malloc wrapper.
Improved protocol detection exploiting IP-based guess Reworked \ 
ndpi_reconcile_protocols() that is now called only in front of a match (less \ 
overhead)
Improvement for reducing false positives
Included Gambling website data from the Polish hazard.mf.gov.pl list
Keep master protocol in ndpi_reconcile_protocols
Leak fix
Language fix
Line: fix heap-buffer-overflow error
Made VK protocol detection more strict
Make Bittorrent LRU cache IPv6 aware.
Merged new and old version of ndpi_domain_classify.c code
Mullvad VPN service added (based on entry node IP addresses)
Numeric truncation at ndpi_analyze.c at lines 101, 104, 107, 110
Numeric truncation at tls.c:1010
Ookla: rework detection
Optimizes and fixes possible out0of0boundary write in ndpi_fill_prefix_v4()
ProtonVPN: split the ip list
QUIC: add support for QUIC version 2
QUIC: export QUIC version as metadata
QUIC: fix a memory access error
QUIC: fix dissection of packets forcing VN
RDP: improve detection over UDP
RTP: remove dead-code
RTP: rework code
Refreshed ASN lists Enhanced the Line IP list with \ 
https://ipinfo.io/AS23576/125.209.252.0/24 used by line
Remove some useless checks
Remove special handling of some TCP flows without SYN
Removed overlapping port
Renamed HTTP/2 to HTTP2 as the '/' can have side effects with applications \ 
sitting on top of nDPI
Replaces free() with ndpi_free()
Rework CI jobs to try reducing CI duration
Reworked domain classification based on binary filters
Reworked initialization
Reworked ndpi_filter_xxx implementation using compressed bitmaps
Reworked teams handling
RiotGames: add detection of flows
STUN: add dissection of DTLS handshake
STUN: avoid FacebookVoip false positives
STUN: fix Skype/MsTeams detection and monitoring logic
STUN: fix detection of Google Voip apps
STUN: fix detection over TCP
STUN: improve WhatsappCall detection
STUN: keep monitoring/processing STUN flows
STUN: tell RTP from RTCP while in monitoring state
Serialization fix
Set _DEFAULT_SOURCE and _GNU_SOURCE globally.
Simplify ndpi_internal_guess_undetected_protocol()
Simplify the report of streaming multimedia info
SoftEther: fix invalid memory access
Swap from Aho-Corasick to an experimental/home-grown algorithm that uses a \ 
probabilistic approach for handling Internet domain names.
Sync unit tests results
Sync unit tests results
Sync unit tests results
Sync utests results
TLS: add basic, basic, detection of Encrypted ClientHello
TLS: fix another interger overflow in certificate processing
TLS: fix parsing of certificate elements
Test files for riit games
Test multiple ndpiReader configurations
Thrift: fix heap-buffer-overflow
Update GitHub runners versions
Update every ip lists
Update libinjection code
Update protocols documentation
Update roaring bitmap code
Updated line test result
Updated pcap detection results after Facebook Reel/Stories support
Updated results
Updated results after the latest changes
Win include change
Windows code rework
Windows compilation fixes
Windows warning checks
add 2 ns from fdn.fr to DoH section
add support for gre decapsulation
added bimap and/or with allocation
added feature to extract filename from http attachment
added new domain names
configure: add an option to enable debug build, i.e -g
fix Stack overflow caused by invalid write in ndpi_automa_match_strin…
fixed numeric truncation error
fixed numeric truncation error in diameter.c
fixed numeric truncation error in kerberos.c
fixed numeric truncation error in ndpi_main.c:6837
fixed numeric truncation error in rtcp.c
fuzz: add a new fuzzer to test TLS certificates
fuzz: add a new fuzzer triggering the payload analyzer function(s)
fuzz: add fuzzer for DGA detection code
fuzz: add fuzzer to test internal gcrypt code
fuzz: add fuzzers to test bitmap64 and domain_classify data structures
fuzz: add fuzzers to test reader_util code
fuzz: extend coverage
fuzz: extend fuzz coverage
fuzz: extend fuzzers coverage
fuzz: extend fuzzing coverage
fuzz: extend fuzzing coverage
fuzz: extend fuzzing coverage
fuzz: simplify fuzzers dependencies in CIFuzz
fuzz: some improvements and add two new fuzzers
fuzzing: extend fuzzing coverage
in case of failure, failing result files are not listed
minor fixes
oss-fuzz: sync build script with upstream
remove redefinition to vxlanhdr struct in vxlan dissector
removed useless call of ndpi_set_risk func
tests: add an option to force the overwrite of the unit tests results
tests: restore some old paths as symbolic links
tftp: check for Option Acknowledgements
tftp: check incrementation for DATA and ACK packets
tftp: rework request checking to account for options
tftp: update pcap results
version of dirent.c that is liked by both VC++ and MinGW