SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for yaf-3.0.0.alpha1-1.el7.x86_64.rpm :
Mon Feb 28 13:00:00 2022 Lawrence R. Rogers 3.0.0.alpha1-1

* Release 3.0.0.alpha1-1

Merged the configuration files yafApplabelRules.conf and yafDPIRules.conf into a single
file written in Lua. Previous versions of those files will not work with this version of yaf.
Changed Deep Packet Inspection (DPI) support to be compiled into yaf when requested
by configure; it is no longer a plug-in. Run configure with --enable-dpi to enable the
capability; run yaf with --dpi to use it. Specifying --dpi enables application labeling;
it is no longer necessary to explicitly specify --applabel when enabling DPI.
Changed yaf to export metadata about information elements and templates by default:
both as compile-time and run-time options. To disable on an invocation, run yaf with
the --no-element-metadata and/or --no-template-metadata switches. To disable support
entirely, pass --disable-metadata-export to configure. (Note that super_mediator-2.0.0
works best with template metadata enabled.)
Updated yaf to use the enhanced template metadata available in libfixbuf-3.0.0. This
allows yaf to declare that it only uses some templates within sub-records (that is,
within a subTemplateList or subTemplateMultiList). The metadata also describes the
information element yaf uses in its basicLists.
Added the yaf command line option --payload-applabel-select to enable exporting payload data for only selected appLabel values.
Updated the regular expressions used for application-labeling.
Changed numerous aspects of the DPI data.
Updated, rearranged, and fixed bugs in SMTP DPI.
Added fields for more DNSSEC values and fixed other bugs in DNS DPI.
Renamed the configure option --enable-p0fprinter to --with-p0f.
Renamed the configure option --enable-ndpi to --with-ndpi.
Fixed bugs in POP3 DPI.
Removed support for the Spread toolkit.
Removed support for the popt options parser.
Updated fixbuf requirement to libfixbuf-3.0.0.

Thu Oct 14 14:00:00 2021 Lawrence R. Rogers 2.12.2-1

* Release 2.12.2-1
Added new protocols to the yafAppLabelRules.conf file and updated several regular expressions.
Changed the regexes used by the SMTP DPI plugin and improved capture when multiple messages appear in a single SMTP session.
Fixed a crash in the SMTP DPI plugin when reading uniflow records.
Updated the POP3 DPI plugin.
Updated yafzcbalance to be compatibile with PF_Ring-8.

Tue Aug 17 14:00:00 2021 Lawrence R. Rogers 2.12.1-2

* Release 2.12.1-2
New version of libpfring with patch from NetSA.

Tue Dec 22 13:00:00 2020 Lawrence R. Rogers 2.12.1-1

* Release 2.12.1-1
Changed the templates and IEs used for SMTP DPI. The new templates use different IDs than those used by previous releases of YAF.
super_mediator-1.8.0 or later is required to read this format. Currently there is no version of Analysis Pipeline that reads the SMTP DPI.
First public release of YAF 2.12.x.

Fri Nov 20 13:00:00 2020 Lawrence R. Rogers 2.11.2-1

* Release 2.11.2-1
Fixed bugs in NTP and DNS deep packet inspection.
Fixed a compilation error when building with metadata export enabled.
Fixed possible compilation errors when building with nDPI support.
Fixed compilation errors when building with newer versions of PF_Ring.

Fri Mar 27 13:00:00 2020 Lawrence R. Rogers 2.11.0-4

* Release 2.11.0-4
Aded PF_Ring support for CentOS/RHEL 8.

Fri Aug 30 14:00:00 2019 Lawrence R. Rogers 2.11.0-3

* Release 2.11.0-3
Rebuilt for libfixbuf-2.4.0.

Fri Apr 19 14:00:00 2019 Lawrence R. Rogers 2.11.0-2

* Release 2.11.0-2
Rebuilt for libfixbuf-2.3.1.

Mon Mar 18 13:00:00 2019 Lawrence R. Rogers 2.11.0-1

* Release 2.11.0-1
Support for FixBuf 2.3.0 added, and is now required.
Added support for nDPI 2.0.
CERT Info Model support added.
More strict DNS applabel.
Initial NTP Mode 7 applabel supprt.
Improved POSIX compliance for init script.
Removed ipfixDump; it is now distributed with libfixbuf.
DNS DPI free segfault fix.
New YAF stats and tombstone format.

Tue Dec 4 13:00:00 2018 Lawrence R. Rogers 2.10.0-3

* Release 2.10.0-3
Rebuilt for libfixbuf-2.2.0.

Thu Jul 19 14:00:00 2018 Lawrence R. Rogers 2.10.0-2

* Release 2.10.0-2
Rebuilt for libfixbuf-2.1.0.

Mon Apr 30 14:00:00 2018 Lawrence R. Rogers 2.10.0-1

* Release 2.10.0-1
Support for FixBuf 2.0.0 added, and is now required.
Derive information elements from included XML files.
Various reporting/output bug fixes for ipfixDump.
Support for tombstone records added.

Thu Dec 21 13:00:00 2017 Lawrence R. Rogers 2.9.3-1

* Release 2.9.3-1
Fixed configure-time dependency for libndpi to limit use of v1.8.0 and greater.
init script now gives YAF more time to shut down gracefully.

Wed Nov 8 13:00:00 2017 Lawrence R. Rogers 2.9.2-1

* Release 2.9.2-1
Fixed configure-time bug when using libfixbuf 1.7.1 (or earlier) and p0fprinter

Thu Nov 2 13:00:00 2017 Lawrence R. Rogers 2.9.1-1

* Release 2.9.1-1
Fixed bug that could corrupt flow emitted to standard output

Mon Oct 23 14:00:00 2017 Lawrence R. Rogers 2.9.0-1

* Release 2.9.0-1
nDPI library suppport added
Added NTP applabel
Added RFC5610 template metadata (name and description) record output.
Add option --no-vlan-in-key to drop VLAN ID from hash calculation
Minor Bug Fixes

Sun Oct 22 14:00:00 2017 Lawrence R. Rogers 2.8.4-3

* Release 2.8.4-3
Build with new version of pfring

Fri Jan 20 13:00:00 2017 Lawrence R. Rogers 2.8.4-2

* Release 2.8.4-2
Build with option --with-pfring

Thu Apr 14 14:00:00 2016 Lawrence R. Rogers 2.8.4-1

* Release 2.8.4-1
2.8.4
Fix incompatibility with older versions of libpcap introduced in 2.8.3
2.8.3
Important bug fix for versions 2.8.x. Fixes a bug in decoding specific TCP Options headers.

Tue Apr 5 14:00:00 2016 Lawrence R. Rogers 2.8.2-1

* Release 2.8.2-1
Fix application labeling bug introduced in 2.8.0 which incorrectly labels particular REGEX labels
Other Bug Fixes

Thu Feb 4 13:00:00 2016 Lawrence R. Rogers 2.8.1-1

* Release 2.8.1-1
Fix compile error when configured with --disable-payload
Force buffer emit with IPFIX Options record when inactive

Tue Dec 22 13:00:00 2015 Lawrence R. Rogers 2.8.0-1

* Release 2.8.0-1
Remove support for fixbuf releases prior to libfixbuf-1.7.0
PF_RING support
PF_RING ZC (Zero Copy) support
Add support for gzip\'d PCAP files
Add support for decoding MPTCP headers and exporting MPTCP information
Add LUA configuration file for yaf startup
New SSL Server Name field export from TLS/SSL Client Hello
New option for exporting entire X.509 Certificate
Add Fragment flag to flowAttributes to signify that a flow contained fragmented packets
DHCP fingerprinting plugin now exports basic list of options by default
ipfixDump prints number of records for each template
Bug Fix for labeling DNS over TCP
Bug Fix for reverseFlowDeltaMilliseconds field
Bug Fix for collecting X.509 Certificates through a proxy
More detailed information about ignored packets on termination/SIGUSR1

Tue Oct 20 14:00:00 2015 Lawrence R. Rogers 2.7.1-3

* Release 2.7.1-3
New release built with libfixbuf 1.7.1.

Tue Jul 7 14:00:00 2015 Lawrence R. Rogers 2.7.1-2

* Release 2.7.1-2
New release built with libfixbuf 1.7.0

Tue Jan 27 13:00:00 2015 Lawrence R. Rogers 2.7.1-1

* Release 2.7.1-1
Fix a bug with --flow-stats in particular configurations

Wed Jan 7 13:00:00 2015 Lawrence R. Rogers 2.7.0-1

* Release 2.7.0-1
New Gh0st RAT Application Label
New NetBIOS Datagram Service Application Label
yafMeta2Pcap can now accept IPFIX input
getFlowKeyHash now exports IPFIX
Support for indexing PCAPNG files
New YAF option --no-output to produce no IPFIX output
New YAF options --hash and --stime to search for a single flow with the given hash and start time
DNS DPI now exports query section of resource record for all responses with nonzero RCODE
Faster searching of pcap-meta files
Implement SAME_SIZE flag for TCP flows
Minor Bug Fixes

Mon Dec 8 13:00:00 2014 Lawrence R. Rogers 2.6.0-4

* Release 2.6.0-4
New release built with libfixbuf 1.6.2

Wed Oct 15 14:00:00 2014 Lawrence R. Rogers 2.6.0-3

* Release 2.6.0-3
New release built with libfixbuf 1.6.1

Tue Sep 30 14:00:00 2014 Lawrence R. Rogers 2.6.0-2

* Release 2.6.0-2
New release built with libfixbuf 1.6.0

Wed Sep 3 14:00:00 2014 Lawrence R. Rogers 2.6.0-1

* Release 2.6.0-1
Added a new tool, ipfixDump, to read and dump the contents of IPFIX files. Requires Fixbuf 1.4.0 or later.
Add LDAP application label
Filedaemon can now move files from one directory to another without passing to a child program
SSL/TLS DPI modification to capture SSL record version
Update CERT PEN Information Elements to use full information model if Fixbuf 1.4.0 or later is available
Fix for Modbus application label to reduce false positives
Bug Fix for TOS field when running with --uniflow
Bug Fix in RPM spec file
Bug Fix for labeling malformed DNS packets
Bug Fix for processing out of order packets with --force-read-all
Bug Fix for exporting reverse payload
Other minor bug fixes

Wed Aug 20 14:00:00 2014 Lawrence R. Rogers 2.5.0-3

* Release 2.5.0-3
New release built with libfixbuf 1.5.0. This release was rebuilt for CentOS 6 which was linked incorrectly
with the previous version of libfixbuf.

Fri Aug 8 14:00:00 2014 Lawrence R. Rogers 2.5.0-2

* Release 2.5.0-2
New release built with libfixbuf 1.5.0

Tue Mar 4 13:00:00 2014 Lawrence R. Rogers 2.5.0-1

* Release 2.5.0-1
Bug Fix for indexing rolling pcap files
Added MPLS flow hashing and label export
Add option for yafMeta2Pcap to take a list of pcap files
Non-IP flow data can be exported in MPLS mode
Added Napatech 3GD support
Added Netronome support
Added DNP3 application labeling and configurable DPI
Added Modbus application labeling and configurable DPI
Added Ethernet/IP application labeling and configurable DPI
YAF DPI plugin now exports RTP Payload Type
Added compile time option to enable local-time logging
New Bittorrent application label
Added Daemonizing capability within YAF
Added option to disable promiscuous mode on device
Added LDP application label for MPLS support
Added Juniper Ethernet (DLT_JUNIPER_ETHER) link layer support
getFlowKeyHash can now accept IPFIX input
Interface recording is now enabled by default for capture cards
Bug Fix for pcap-per-flow option
Type of Service Field now exported

Thu Jan 16 13:00:00 2014 Lawrence R. Rogers 2.4.0-3

* Release 2.4.0-3
Removed references to p0

Thu Dec 12 13:00:00 2013 Lawrence R. Rogers 2.4.0-2

* Release 2.4.0-2
New release linked with libfixbuf 1.4.0

Fri May 3 14:00:00 2013 Lawrence R. Rogers 2.4.0-1

* Release 2.4.0-1
New HTTP DPI Fields
Updated DPI Elements
Bug Fix to not replace yaf.conf on install
New application label: VMware server console
Added support to decode ERSPAN headers
Drop statistics are updated when statistics messages are exported
yafcollect bug fix
Other Bug Fixes

Tue Mar 12 13:00:00 2013 Lawrence R. Rogers 2.3.3-2

* Release 2.3.3-2
New release linked with libfixbuf 1.3.0

Wed Jan 30 13:00:00 2013 Lawrence R. Rogers 2.3.3-1

* Release 2.3.3-1
init.d script improvements
Allow yafmeta2pcap to accept multiple files
Report drop statistics on SigUsr1
Bug Fixes

Fri Sep 14 14:00:00 2012 Lawrence R. Rogers 2.3.2-2

* Release 2.3.2-2
Bug Fix to maintain compatibility with older versions of GLib and libpcap

Mon Sep 10 14:00:00 2012 Lawrence R. Rogers 2.3.1-1

* Release 2.3.1-1
DPI Improvements
Additional Pcap Export Option --index-pcap
Add option to manually set ingress/egress interface fields
Add tool to create pcap from pcap metafile
Bug Fixes

Tue Jun 26 14:00:00 2012 Lawrence R. Rogers 2.2.2-2

* Release 2.2.2-2
Rebuilt for libfixbuf-1.1.2

Fri Mar 30 14:00:00 2012 Lawrence R. Rogers 2.2.2-1

* Release 2.2.2-1
Bug Fix for Vlan Tagging

Thu Mar 29 14:00:00 2012 Lawrence R. Rogers 2.2.1-3

* Release 2.2.1-3
Enabled -enable-ltdl-install=no to avoid conflicts with other packages

Thu Mar 29 14:00:00 2012 Lawrence R. Rogers 2.2.1-2

* Release 2.2.1-2
Enabled the following options:
- enable-applabel - enable the packet payload application label engine
- enable-p0fprinter - enable the p0f based OS finger printing capability
- enable-plugins - enable YAF to load plugin extensions

Thu Mar 8 13:00:00 2012 Lawrence R. Rogers 2.2.1-1

* Release 2.2.1-1
Bug Fixes

Sun Feb 19 13:00:00 2012 Lawrence R. Rogers 2.2.0-1

* Release 2.2.0-1
New Application Labels (MSNP, RTP, RTCP, Jabber)
Rolling Pcap output and pcap-per-flow option.
CERT p0f Fingerprints included.
New option to process out-of-sequence flows.
Several other bug fixes.

Tue Jan 3 13:00:00 2012 Lawrence R. Rogers 2.1.2-2

* Release 2.1.2-2
Rebuilt for libfixbuf-1.1.1

Fri Sep 23 14:00:00 2011 Lawrence R. Rogers 2.1.2-1

* Release 2.1.2-1
Added new --plugin-conf switch for adding a configuration file to a plugin
Added new --p0f-fingerprints switch to give location of p0f fingerprint files
Bug Fixes

Tue Sep 13 14:00:00 2011 Lawrence R. Rogers 2.1.1-2

* Release 2.1.1-2
Rebuilt for libfixbuf-1.0.2

Thu Aug 11 14:00:00 2011 Lawrence R. Rogers 2.1.1-1

* Release 2.1.1-1
Important bug fix for application labeling SSL plugin

Wed Jul 27 14:00:00 2011 Lawrence R. Rogers 2.1.0-1

* Release 2.1.0-1
New Information Element exported in every flow record, flowAttributes (CERT PEN 6871, IE 40).
YAF now checks if a flow has fixed-size packets and exports this flag using the new flowAttributes Information Element (see yaf)
Reset Application Label on UDP-uniflows for Deep Packet Inspection
Fixed yafscii invalid parameter bug that may have existed on certain platforms
Added VNC (RFB Protocol) application label
DPI Enhancements
FlowEndReason IPFIX field is now set to 31 for udp-uniflows
For Cygwin: Added support for getting the yaf config directory via the Windows Registry
Several other bug fixes

Mon Jun 13 14:00:00 2011 Lawrence R. Rogers 2.0.2.1

* Release 2.0.2-1
Improvements with Reassembly of TCP Fragments.
Bug Fix for DNS Deep Packet Inspection.
--no-frag switch now works.
Bug Fix for expiring flows that exceed the idle timeout when reading from a file.
Added the ability to configure YAF with WinPCAP.

Thu Apr 28 14:00:00 2011 Lawrence R. Rogers 2.0.1-1

* Release 2.0.1-1
Bug Fix for compile error with --enable-daginterface
Enhancement for SNMPv3 application labeler

Thu Apr 28 14:00:00 2011 Lawrence R. Rogers 2.0.0-1

* Release 2.0.0-1
This version requires libfixbuf-1.0.0 or greater.

Added Napatech Adapter Integration (requires libpcapexpress).
YAF now exports TCP, payload, finger printing, p0f, MAC, entropy, and DPI flow information within an IPFIX subTemplateMultiList data type.
Added the ability to export YAF capture statistics using IPFIX Options Templates.
The --stats or --no-stats were added to configure YAF stats output.
Added the ability to define Spread group types to use Spread as a manifold for flow export based on application, port, protocol, version, or vlan.
Added New Application Labels: DHCP, AIM, SOCKS, SMB, SNMP, NETBIOS.
Added a time-out buffer flush function.
Added SSL Certificate Capture.
Added DNS Resource Record Parsing.
Added Deep Packet Inspection for the MySQL protocol.
The --silk switch will maintain compatibility with SiLK by not nesting TCP information in the subTemplateMultiList data type.
Deep Packet Inspection elements are read from one configuration file.
Added the ability to create new DPI elements from configuration file.
Added UDP Export and Template Retransmission.
Many Bug fixes and other enhancements.

Thu Feb 3 13:00:00 2011 Lawrence R. Rogers 1.3.2-1

* Release 1.3.2-1
Bug fix for dnsplugin.c
Minor bug fix for fingerprint exporting.


  
ICM