- Drop not longer needed patches (fixed upstream)
* ndpi-fix-build.patch
* reproducible.patch
- Update to version 3.0
New Features
* nDPI now reports the protocol ASAP even when specific fields
have not yet been dissected because such packets have not yet
been observed. This is important for inline applications that
can immediately act on traffic. Applications that need full
dissection need to call the new API function
ndpi_extra_dissection_possible() to check if metadata dissection
has been completely performed or if there is more to read before
declaring it completed.
* TLS (formerly identified as SSL in nDPI v2.x) is now dissected
more deeply, certificate validity is extracted as well
certificate SHA-1.
* nDPIreader can now export data in CSV format with option -C
* Implemented Sequence of Packet Length and Time (SPLT) and Byte
Distribution (BD) as specified by Cisco Joy
(https://github.com/cisco/joy). This allows malware activities
on encrypted TLS streams.
* Available as library and in ndpiReader with option -J
* Promoted usage of protocol categories rather than protocol
identifiers in order to classify protocols. This allows
application protocols to be clustered in families and thus better
managed by users/developers rather than using hundred of
protocols unknown to most of the people.
* Added Inter-Arrival Time (IAT) calculation used to detect
protocol misbehaviour (e.g. slow-DoS detection)
* Added data analysis features for computign metrics such as