blob: 0a56624e336b13f3af1f75a762f87a355e40137b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
# CHANGELOG
#### nDPId 1.7 (Oct 2024)
- Read and parse configuration files for nDPId (+ libnDPI) and nDPIsrvd
- Added loading risk domains from a file (`-R`, thanks to @UnveilTech)
- Added Filebeat configuration file
- Improved hostname handling; will now always be part of `analyse`/`end`/`idle` events (if dissected)
- Improved Documentation (INSTALL / Schema)
- Added PF\_RING support
- Improved nDPIsrvd-analyse to write global stats to a CSV
- Added global (heap) memory stats for daemon status events (if enabled)
- Fixed IPv6 address/netmask retrieval on some systems
- Improved nDPIsrvd-collect; gauges and counters are now handled the right way
- Added nDPId Grafana dashboard
- Fixed `detection-update` event bug; was thrown even if nothing changed
- Fixed `not-detected` event spam if detection not completed (in some rare cases)
- Improved InfluxDB push daemon (severity parsing / gauge handling)
- Improved zLib compression
- Fixed nDPIsrvd-collectd missing escape character
#### nDPId 1.6 (Nov 2023)
- Added Event I/O abstraction layer (supporting only poll/epoll by now)
- Support for OSX and *BSD systems
- Added proper DLT_RAW dissection for IPv4 and IPv6
- Improved TCP timeout handling if FIN/RST seen which caused Midstream TCP flows when there shouldn't be any
- Fixed a crash if `nDPId -o value=''` was used
- Added OpenWrt packaging
- Added new flow event "analyse" used to give some statistical information about active flows
- Added new analyse event daemon which generates CSV files from such events
- Fixed a crash in nDPIsrvd if a collector closes a connection
- Support `nDPId` to send it's data to a UDP endpoint instead of a nDPIsrvd collector
- Added events and flow states documentation
- Added basic systemd support
- Fixed a bug in base64 encoding which could lead to invalid base64 strings
- Added some machine learning examples
- Fixed various smaller bugs
- Fixed nDPIsrvd bug which causes invalid JSON messages sent to Distributors
#### nDPId 1.5 (Apr 2022)
- Improved nDPId cross compilation
- zLib flow memory compression (Experimental!)
- Memory profiling for nDPId-test
- JSMN with parent link support for subtoken iteration
- Refactored nDPIsrvd buffer and buffer bloat handling
- Upgraded JSMN/uthash
- Improved nDPIsrvd.(h|py) debugging capability for client apps
- Advanced flow usage logging usable for memory profiling
- Support for dissection additional layer2/layer3 protocols
- Serialize more JSON information
- Add TCP/IP support for nDPIsrvd
- Improved nDPIsrvd connection lost behaviour
- Reworked Python/C distributor API
- Support read()/recv() timeouts and nonblocking I/O
#### nDPId 1.4 (Jun 2021)
- Use layer4 specific flow timeouts for nDPId
- Reworked layer4 flow length names and calculations (use only layer4 payload w/o any previous headers) for nDPId
- Build system cleanup and cosmetics
#### nDPId 1.3 (May 2021)
- Added missing datalink layer types
#### nDPId 1.2 (May 2021)
- OpenWrt compatible build system
#### nDPId 1.1 (May 2021)
- Added License information
#### nDPId 1.0 (May 2021)
- First public release
|