File yaf.changes of Package yaf
-------------------------------------------------------------------
Sat Oct 4 14:50:14 UTC 2025 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.17.1
-------------------------------------------------------------------
Fri Oct 22 19:49:04 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.12.2
* Added new protocols to the yafAppLabelRules.conf file and
updated several regular expressions.
* Changed the regexes used by the SMTP DPI plugin and improved
capture when multiple messages appear in a single SMTP session.
* Fixed a crash in the SMTP DPI plugin when reading uniflow
records.
* Updated the POP3 DPI plugin.
* Updated yafzcbalance to be compatibile with PF_Ring-8.
- Update to version 2.12.1
* Changed the templates and IEs used for SMTP DPI. The new
templates use different IDs than those used by previous
releases of YAF. super_mediator-1.8.0 or later is required to
read this format. Currently there is no version of Analysis
Pipeline that reads the SMTP DPI.
-------------------------------------------------------------------
Sun Nov 29 10:49:49 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.11.2
* Corrected the patch to allow building with PF_Ring.
- Update to version 2.11.1
* Fixed bugs in NTP and DNS deep packet inspection.
* Fixed a compilation error when building with metadata export
enabled.
* Fixed possible compilation errors when building with nDPI
support.
* Fixed compilation errors when building with newer versions of
PF_Ring.
-------------------------------------------------------------------
Wed Mar 20 21:19:50 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.11.0
* Support for FixBuf 2.3.0 added, and is now required.
* Added support for nDPI 2.0.
* CERT Info Model support added.
* More strict DNS applabel.
* Initial NTP Mode 7 applabel supprt.
* Improved POSIX compliance for init script.
* Removed ipfixDump; it is now distributed with libfixbuf.
* DNS DPI free segfault fix.
* New YAF stats and tombstone format.
-------------------------------------------------------------------
Tue May 8 12:41:00 UTC 2018 - mardnh@gmx.de
- Update to version 2.10.0
* Version bump
-------------------------------------------------------------------
Thu May 3 18:01:44 UTC 2018 - mardnh@gmx.de
- Update to version 2.9.4:
* Support for FixBuf 2.0.0 added, and is now required.
* Derive information elements from included XML files.
* Various reporting/output bug fixes for ipfixDump.
* Support for tombstone records added.
-------------------------------------------------------------------
Mon Dec 25 15:51:53 UTC 2017 - mardnh@gmx.de
- Update to version 2.9.3:
* Fixed configure-time dependency for libndpi to limit use of
v1.8.0 and greater.
init script now gives YAF more time to shut down gracefully.
-------------------------------------------------------------------
Thu Nov 9 10:08:44 UTC 2017 - mardnh@gmx.de
- update to version 2.9.2:
* Fixed configure-time bug when using libfixbuf 1.7.1
(or earlier) and p0fprinter
-------------------------------------------------------------------
Tue Nov 7 16:00:01 UTC 2017 - mardnh@gmx.de
- update to version 2.9.1:
* Fixed bug that could corrupt flow emitted to standard output
-------------------------------------------------------------------
Sun Oct 22 14:05:54 UTC 2017 - mardnh@gmx.de
- update to version 2.9.0:
* nDPI library suppport added
* Added NTP applabel
* Added RFC5610 template metadata (name and description) record output.
* Add option --no-vlan-in-key to drop VLAN ID from hash calculation
* Minor Bug Fixes
-------------------------------------------------------------------
Sat Jan 7 14:06:28 UTC 2017 - mardnh@gmx.de
- update to verison 2.8.4:
- Version 2.8.4: 2016-04-14
- Fix incompatibility with older versions of libpcap introduced in 2.8.3
- Version 2.8.3: 2016-04-12
- Important bug fix for versions 2.8.x.
Fixes a bug in decoding specific TCP Options headers.
- Version 2.8.2: 2016-04-05
- Fix application labeling bug introduced in 2.8.0 which incorrectly
labels particular REGEX labels
- Other Bug Fixes
- Version 2.8.1: 2016-02-04
- Fix compile error when configured with --disable-payload
- Force buffer emit with IPFIX Options record when inactive
- Version 2.8.0: 2015-12-22
- Remove support for fixbuf releases prior to libfixbuf-1.7.0
- PF_RING support
- PF_RING ZC (Zero Copy) support
- Add support for gzip'd PCAP files
- Add support for decoding MPTCP headers and exporting MPTCP information
- Add LUA configuration file for yaf startup
- New SSL Server Name field export from TLS/SSL Client Hello
- New option for exporting entire X.509 Certificate
- Add Fragment flag to flowAttributes to signify that a flow contained
fragmented packets
- DHCP fingerprinting plugin now exports basic list of options by default
- ipfixDump prints number of records for each template
- Bug Fix for labeling DNS over TCP
- Bug Fix for reverseFlowDeltaMilliseconds field
- Bug Fix for collecting X.509 Certificates through a proxy
- More detailed information about ignored packets on termination/SIGUSR1
-------------------------------------------------------------------
Fri Feb 20 18:00:40 UTC 2015 - mardnh@gmx.de
- update to version 2.7.1:
- Version 2.7.1: 2015-01-27
- Fix a bug with --flow-stats in particular configurations
- Version 2.7.0: 2015-01-07
- New Gh0st RAT Application Label
- New NetBIOS Datagram Service Application Label
- yafMeta2Pcap can now accept IPFIX input
- getFlowKeyHash now exports IPFIX
- Support for indexing PCAPNG files
- New YAF option --no-output to produce no IPFIX output
- New YAF options --hash and --stime to search for a single flow with the
given hash and start time
- DNS DPI now exports query section of resource record for all responses
with nonzero RCODE
- Faster searching of pcap-meta files
- Implement SAME_SIZE flag for TCP flows
- Minor Bug Fixes
-------------------------------------------------------------------
Sat Jan 3 13:28:47 UTC 2015 - mardnh@gmx.de
- compile with p0f and app-labeling support
-------------------------------------------------------------------
Tue Dec 30 23:15:27 UTC 2014 - mardnh@gmx.de
- initial package, version 2.6.0
