SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for yaf-devel-2.9.1-1.fc22.i686.rpm :
Thu Nov 2 13:00:00 2017 Lawrence Rogers 2.9.1-1

* Release 2.9.1-1
Fixed bug that could corrupt flow emitted to standard output

Mon Oct 23 14:00:00 2017 Lawrence Rogers 2.9.0-1

* Release 2.9.0-1
nDPI library suppport added
Added NTP applabel
Added RFC5610 template metadata (name and description) record output.
Add option --no-vlan-in-key to drop VLAN ID from hash calculation
Minor Bug Fixes

Sun Oct 22 14:00:00 2017 Lawrence Rogers 2.8.4-3

* Release 2.8.4-3
Build with new version of pfring

Fri Jan 20 13:00:00 2017 Lawrence Rogers 2.8.4-2

* Release 2.8.4-2
Build with option --with-pfring

Thu Apr 14 14:00:00 2016 Lawrence Rogers 2.8.4-1

* Release 2.8.4-1
2.8.4
Fix incompatibility with older versions of libpcap introduced in 2.8.3
2.8.3
Important bug fix for versions 2.8.x. Fixes a bug in decoding specific TCP Options headers.

Tue Apr 5 14:00:00 2016 Lawrence Rogers 2.8.2-1

* Release 2.8.2-1
Fix application labeling bug introduced in 2.8.0 which incorrectly labels particular REGEX labels
Other Bug Fixes

Thu Feb 4 13:00:00 2016 Lawrence Rogers 2.8.1-1

* Release 2.8.1-1
Fix compile error when configured with --disable-payload
Force buffer emit with IPFIX Options record when inactive

Tue Dec 22 13:00:00 2015 Lawrence Rogers 2.8.0-1

* Release 2.8.0-1
Remove support for fixbuf releases prior to libfixbuf-1.7.0
PF_RING support
PF_RING ZC (Zero Copy) support
Add support for gzip\'d PCAP files
Add support for decoding MPTCP headers and exporting MPTCP information
Add LUA configuration file for yaf startup
New SSL Server Name field export from TLS/SSL Client Hello
New option for exporting entire X.509 Certificate
Add Fragment flag to flowAttributes to signify that a flow contained fragmented packets
DHCP fingerprinting plugin now exports basic list of options by default
ipfixDump prints number of records for each template
Bug Fix for labeling DNS over TCP
Bug Fix for reverseFlowDeltaMilliseconds field
Bug Fix for collecting X.509 Certificates through a proxy
More detailed information about ignored packets on termination/SIGUSR1

Tue Oct 20 14:00:00 2015 Lawrence Rogers 2.7.1-3

* Release 2.7.1-3
New release built with libfixbuf 1.7.1.

Tue Jul 7 14:00:00 2015 Lawrence Rogers 2.7.1-2

* Release 2.7.1-2
New release built with libfixbuf 1.7.0

Tue Jan 27 13:00:00 2015 Lawrence Rogers 2.7.1-1

* Release 2.7.1-1
Fix a bug with --flow-stats in particular configurations

Wed Jan 7 13:00:00 2015 Lawrence Rogers 2.7.0-1

* Release 2.7.0-1
New Gh0st RAT Application Label
New NetBIOS Datagram Service Application Label
yafMeta2Pcap can now accept IPFIX input
getFlowKeyHash now exports IPFIX
Support for indexing PCAPNG files
New YAF option --no-output to produce no IPFIX output
New YAF options --hash and --stime to search for a single flow with the given hash and start time
DNS DPI now exports query section of resource record for all responses with nonzero RCODE
Faster searching of pcap-meta files
Implement SAME_SIZE flag for TCP flows
Minor Bug Fixes

Mon Dec 8 13:00:00 2014 Lawrence Rogers 2.6.0-4

* Release 2.6.0-4
New release built with libfixbuf 1.6.2

Wed Oct 15 14:00:00 2014 Lawrence Rogers 2.6.0-3

* Release 2.6.0-3
New release built with libfixbuf 1.6.1

Tue Sep 30 14:00:00 2014 Lawrence Rogers 2.6.0-2

* Release 2.6.0-2
New release built with libfixbuf 1.6.0

Wed Sep 3 14:00:00 2014 Lawrence Rogers 2.6.0-1

* Release 2.6.0-1
Added a new tool, ipfixDump, to read and dump the contents of IPFIX files. Requires Fixbuf 1.4.0 or later.
Add LDAP application label
Filedaemon can now move files from one directory to another without passing to a child program
SSL/TLS DPI modification to capture SSL record version
Update CERT PEN Information Elements to use full information model if Fixbuf 1.4.0 or later is available
Fix for Modbus application label to reduce false positives
Bug Fix for TOS field when running with --uniflow
Bug Fix in RPM spec file
Bug Fix for labeling malformed DNS packets
Bug Fix for processing out of order packets with --force-read-all
Bug Fix for exporting reverse payload
Other minor bug fixes

Wed Aug 20 14:00:00 2014 Lawrence Rogers 2.5.0-3

* Release 2.5.0-3
New release built with libfixbuf 1.5.0. This release was rebuilt for CentOS 6 which was linked incorrectly
with the previous version of libfixbuf.

Fri Aug 8 14:00:00 2014 Lawrence Rogers 2.5.0-2

* Release 2.5.0-2
New release built with libfixbuf 1.5.0

Tue Mar 4 13:00:00 2014 Lawrence Rogers 2.5.0-1

* Release 2.5.0-1
Bug Fix for indexing rolling pcap files
Added MPLS flow hashing and label export
Add option for yafMeta2Pcap to take a list of pcap files
Non-IP flow data can be exported in MPLS mode
Added Napatech 3GD support
Added Netronome support
Added DNP3 application labeling and configurable DPI
Added Modbus application labeling and configurable DPI
Added Ethernet/IP application labeling and configurable DPI
YAF DPI plugin now exports RTP Payload Type
Added compile time option to enable local-time logging
New Bittorrent application label
Added Daemonizing capability within YAF
Added option to disable promiscuous mode on device
Added LDP application label for MPLS support
Added Juniper Ethernet (DLT_JUNIPER_ETHER) link layer support
getFlowKeyHash can now accept IPFIX input
Interface recording is now enabled by default for capture cards
Bug Fix for pcap-per-flow option
Type of Service Field now exported

Thu Jan 16 13:00:00 2014 Lawrence Rogers 2.4.0-3

* Release 2.4.0-3
Removed references to p0

Thu Dec 12 13:00:00 2013 Lawrence Rogers 2.4.0-2

* Release 2.4.0-2
New release linked with libfixbuf 1.4.0

Fri May 3 14:00:00 2013 Lawrence Rogers 2.4.0-1

* Release 2.4.0-1
New HTTP DPI Fields
Updated DPI Elements
Bug Fix to not replace yaf.conf on install
New application label: VMware server console
Added support to decode ERSPAN headers
Drop statistics are updated when statistics messages are exported
yafcollect bug fix
Other Bug Fixes

Tue Mar 12 13:00:00 2013 Lawrence Rogers 2.3.3-2

* Release 2.3.3-2
New release linked with libfixbuf 1.3.0

Wed Jan 30 13:00:00 2013 Lawrence Rogers 2.3.3-1

* Release 2.3.3-1
init.d script improvements
Allow yafmeta2pcap to accept multiple files
Report drop statistics on SigUsr1
Bug Fixes

Fri Sep 14 14:00:00 2012 Lawrence Rogers 2.3.2-2

* Release 2.3.2-2
Bug Fix to maintain compatibility with older versions of GLib and libpcap

Mon Sep 10 14:00:00 2012 Lawrence Rogers 2.3.1-1

* Release 2.3.1-1
DPI Improvements
Additional Pcap Export Option --index-pcap
Add option to manually set ingress/egress interface fields
Add tool to create pcap from pcap metafile
Bug Fixes

Tue Jun 26 14:00:00 2012 Lawrence Rogers 2.2.2-2

* Release 2.2.2-2
Rebuilt for libfixbuf-1.1.2

Fri Mar 30 14:00:00 2012 Lawrence Rogers 2.2.2-1

* Release 2.2.2-1
Bug Fix for Vlan Tagging

Thu Mar 29 14:00:00 2012 Lawrence Rogers 2.2.1-3

* Release 2.2.1-3
Enabled -enable-ltdl-install=no to avoid conflicts with other packages

Thu Mar 29 14:00:00 2012 Lawrence Rogers 2.2.1-2

* Release 2.2.1-2
Enabled the following options:
- enable-applabel - enable the packet payload application label engine
- enable-p0fprinter - enable the p0f based OS finger printing capability
- enable-plugins - enable YAF to load plugin extensions

Thu Mar 8 13:00:00 2012 Lawrence Rogers 2.2.1-1

* Release 2.2.1-1
Bug Fixes

Sun Feb 19 13:00:00 2012 Lawrence Rogers 2.2.0-1

* Release 2.2.0-1
New Application Labels (MSNP, RTP, RTCP, Jabber)
Rolling Pcap output and pcap-per-flow option.
CERT p0f Fingerprints included.
New option to process out-of-sequence flows.
Several other bug fixes.

Tue Jan 3 13:00:00 2012 Lawrence Rogers 2.1.2-2

* Release 2.1.2-2
Rebuilt for libfixbuf-1.1.1

Fri Sep 23 14:00:00 2011 Lawrence Rogers 2.1.2-1

* Release 2.1.2-1
Added new --plugin-conf switch for adding a configuration file to a plugin
Added new --p0f-fingerprints switch to give location of p0f fingerprint files
Bug Fixes

Tue Sep 13 14:00:00 2011 Lawrence Rogers 2.1.1-2

* Release 2.1.1-2
Rebuilt for libfixbuf-1.0.2

Thu Aug 11 14:00:00 2011 Lawrence Rogers 2.1.1-1

* Release 2.1.1-1
Important bug fix for application labeling SSL plugin

Wed Jul 27 14:00:00 2011 Lawrence Rogers 2.1.0-1

* Release 2.1.0-1
New Information Element exported in every flow record, flowAttributes (CERT PEN 6871, IE 40).
YAF now checks if a flow has fixed-size packets and exports this flag using the new flowAttributes Information Element (see yaf)
Reset Application Label on UDP-uniflows for Deep Packet Inspection
Fixed yafscii invalid parameter bug that may have existed on certain platforms
Added VNC (RFB Protocol) application label
DPI Enhancements
FlowEndReason IPFIX field is now set to 31 for udp-uniflows
For Cygwin: Added support for getting the yaf config directory via the Windows Registry
Several other bug fixes

Mon Jun 13 14:00:00 2011 Lawrence Rogers 2.0.2.1

* Release 2.0.2-1
Improvements with Reassembly of TCP Fragments.
Bug Fix for DNS Deep Packet Inspection.
--no-frag switch now works.
Bug Fix for expiring flows that exceed the idle timeout when reading from a file.
Added the ability to configure YAF with WinPCAP.

Thu Apr 28 14:00:00 2011 Lawrence Rogers 2.0.1-1

* Release 2.0.1-1
Bug Fix for compile error with --enable-daginterface
Enhancement for SNMPv3 application labeler

Thu Apr 28 14:00:00 2011 Lawrence Rogers 2.0.0-1

* Release 2.0.0-1
This version requires libfixbuf-1.0.0 or greater.

Added Napatech Adapter Integration (requires libpcapexpress).
YAF now exports TCP, payload, finger printing, p0f, MAC, entropy, and DPI flow information within an IPFIX subTemplateMultiList data type.
Added the ability to export YAF capture statistics using IPFIX Options Templates.
The --stats or --no-stats were added to configure YAF stats output.
Added the ability to define Spread group types to use Spread as a manifold for flow export based on application, port, protocol, version, or vlan.
Added New Application Labels: DHCP, AIM, SOCKS, SMB, SNMP, NETBIOS.
Added a time-out buffer flush function.
Added SSL Certificate Capture.
Added DNS Resource Record Parsing.
Added Deep Packet Inspection for the MySQL protocol.
The --silk switch will maintain compatibility with SiLK by not nesting TCP information in the subTemplateMultiList data type.
Deep Packet Inspection elements are read from one configuration file.
Added the ability to create new DPI elements from configuration file.
Added UDP Export and Template Retransmission.
Many Bug fixes and other enhancements.

Thu Feb 3 13:00:00 2011 Lawrence Rogers 1.3.2-1

* Release 1.3.2-1
Bug fix for dnsplugin.c
Minor bug fix for fingerprint exporting.


  
ICM