Skip to content

4.14 Stable

Latest
Latest
Compare
Choose a tag to compare
@lucaderi lucaderi released this 28 Apr 06:59
· 5 commits to 4.14-stable since this release
4.14
90090b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

nDPI 4.14 (Apr 2025)

Major Changes

  • Introduce QoE (Quality of Experience) classification

New Supported Protocols and Services

  • Add DigitalOcean protocol
  • Add GearUP Booster application protocol/dissector (heuristic based) (#2764 #2765)
  • Add LagoFast protocol dissector. (#2743)
  • Add RUTUBE (#2725)
  • Add Vivox support (#2668)
  • Add new protocol ID to handle Mozilla/Firefox generic traffic (#2740)
  • Add health category
  • Unify "Skype" and "Teams" IDs (#2687)

Information about all protocols are available at https://github.com/ntop/nDPI/blob/dev/doc/protocols.rst

New features

  • Add ndpi_find_protocol_qoe() API call
  • Add ndpi_network_ptree6_match() API call
  • Add ndpi_data_jitter() API call

New configuration knobs

  • Add configuration parameter to enable/disable export of flow risk info (#2761)
  • Add a specific configuration for classification only (#2689)
  • Add the ability to enable/disable every specific flow risks (#2653)
  • Extend configuration to enable/disable export of flow risk info (#2780)
  • bittorrent: add configuration for "hash" metadata (#2706)
  • HTTP: add configuration for some metadata (#2704)
  • SSDP: add configuration for disabling metadata extraction (#2736)

Further information available aathttps://github.com/ntop/nDPI/blob/dev/doc/configuration_parameters.md

Improvements

  • armagetron: reworked dissector (#2777)
  • blizzard: add detection of Overwatch2, improve detection of generic battle.net traffic
  • Rework the old Starcraft code to identify traffic from generic Blizzard games (#2776)
  • DNS: code rework
    • Rework adding entries to the FPC-DNS cache (#2730)
    • Improve detection and handling of TCP packets (#2728)
    • Set NDPI_MALFORMED_PACKET risk if the answer message is invalid (#2724)
    • Rework/isolate code to process domain name (#2721)
    • Faster exclusion (#2719)
    • Disable subclassification by default (#2715)
    • Evaluate all flow risks even if sub-classification is disabled (#2714)
    • Export transactionId
  • FPC: save all addresses from DNS to fpc_dns cache (#2792)
  • HTTP: extract host and referer metadata
  • RTP: improve dissection with EVS and other mobile voice codecs
    • Add ndpi_rtp_payload_type2str() API call
    • Export RTP payload in packet metadata
    • Improve detection of multimedia type for Signal calls (#2697)
  • Path of Exile 2 support (#2654)
  • QUIC: extract "max idle timeout" parameter (#2649)
  • SMBv1: improve heuristic to avoid triggering risks for SMBv1 broadcast messages when used to browse (old) network devices
  • STUN: improve detection of Telegram calls (#2671)
  • STUN/RTP: extend extracted metadata (#2798)
  • TLS: avoid sub-classification for RDP flows (#2769)
  • TOR: update IP lists (#2748), improve detection, improve exit node download and add IPv6 support
  • UBNTAC2,Ookla: improve detection (#2793 #2744)
  • WoW: update detection
  • Add a new specific ID for generic Ubiquity traffic (#2796)
  • Add support for UTF-8 encoding in JSON serialization
  • Add ndpi_str_to_utf8() API call to convert an ISO 8859 stirng to UTF-8
  • Add API calls to load TCP fingeprints
  • Add initial LLM traffic recognition
  • Add secondary single exponential smoothing implementation
  • Add Autonomous System Organization to geoip (#2763)
  • Add city as a geoip possibility (#2746)
  • Add additional VK ASNs
  • Add Windows fingerprints
  • Add missing Dropbox domain (#2685)
  • Add support for loading a list of JA4C malicious fingerprints (#2678)
  • Add ICMP risk checks for valid packet payloads
  • Auto-generate Microsoft-related list of domains (#2688)
  • Enhanced Cybersecurity protocol
  • Extend list of domains for SNI matching (#2791)
  • Flow risk infos are always exported "in order" (by flow risk id)
  • Implement detection of the latest Signal video/audio calls leveraging on Cloudflare CDN
  • Improve Google PlayStore detection
  • Improve DICOM detection
  • Improve WebSocket-over-HTTP detection (#2664)
  • Implement SSDP Metadata export (#2729)
  • Rework MapleStory support to identify traffic from generic Nexon games (#2773)
  • Update SNI for YandexMetrica and YandexAlice (#2711)

Bug Fixes

  • Address cache: fix a use-of-uninitialized-value error on cache restore
  • Address cache: fix some bugs on cache traversal
  • DNS: fix message parsing (#2732)
  • DNS: fix parsing of hostname for empty response messages (#2731)
  • DNS: fix dissection (#2726)
  • DNS: fix check for DGA domain (#2716)
  • DNS: fix writing to flow->protos.dns
  • DNS: fix dissection when there is only the response message
  • DNS: fix relationship between FPC and subclassification (#2702 #2709)
  • DNS: fix extraction of transactionID field (#2703)
  • Flute: fix heap-buffer-overflow
  • HTTP: fix entropy calculation (#2666)
  • SSH: fix how the flow risk is set (#2652)
  • TLS: fix NDPI_TLS_WEAK_CIPHER flow risk (#2647)
  • Wireguard: fix configuration of sub-classification
  • Fix JA4 SSL 2 version and remove fictional SSL 1 version along with mis-mapping to s3 (#2684)
  • Fix a stack-buffer-overflow error (#2782)
  • Fix function checking if a packet is multicast
  • Fix CSV serialization
  • Fix bad IPv6 format (#1890 #2651)
  • Fix bug in domain name computation
  • Fix code scanning alert no. 13: Multiplication result converted to larger type (#2675)
  • Fix code scanning alert no. 12: Multiplication result converted to larger type (#2676)
  • Fix code scanning alert no. 7: Multiplication result converted to larger type (#2677)
  • Fix code scanning alert no. 14: Redundant null check due to previous dereference (#2674)
  • Fix CodeQL GitHub action (#2665)
  • Fix classification "by-port" (#2655)
  • Fix compilation on latest mac versions with external libraries (#2669)

Misc

  • TLS: avoid exporting TLS heuristic fingerprint as metadata (#2783)
  • Add extra check to trap application that mix on the same flow different protocols (#2762)
  • Add 2 new fuzzers for KD-trees and Ball-trees (#2670)
  • Extend fuzz coverage (#2786)
  • Move rtp info out of flow->protos (#2739)
  • Update all IP/domain lists (#2795)
  • ndpiReader: print more DNS information (#2717)
  • ndpiReader: add some global statistics about FPC (#2680)
  • Remove extraction of QUIC user-agent (#2650)
  • Remove Cobalt strike
  • Remove JA3C (#2679)
  • Remove TLS ESNI support (#2648)
  • Remove NDPI_FULLY_ENCRYPTED flow risk (#2779)
  • Remove NDPI_TLS_SUSPICIOUS_ESNI_USAGE flow risk (#2778)
  • Rename ndpi_search_tls_udp to ndpi_search_dtls
  • Rename ips_match to ndpi_ips_match
  • Added 14 new categories

Full Changelog: 4.12...4.14

Assets 2
Loading