New Features
- Completely reworked and extended QUIC dissector
- Added flow risk concept to move nDPI towards result interpretation
- Added ndpi_dpi2json() API call
- Added DGA risk for names that look like a DGA
- Added HyperLogLog cardinality estimator API calls
- Added ndpi_bin_XXX API calls to handle bin handling
- Fully fuzzy tested code that has greatly improved reliability and robustness
New Supported Protocols and Services
- QUIC
- SMBv1
- WebSocket
- TLS: added ESNI support
- SOAP
- DNScrypt
Improvements
- Python CFFI bindings
- Various TLS extensions and fixes including extendede metadata support
- Added various pcap files for testing corner cases in protocols
- Various improvements in JSON/Binary data serialization
- CiscoVPN
- H323
- MDNS
- MySQL 8
- IEC 60870-5-104
- DoH/DoT dissection improvements
- Office365 renamed to Microsoft365
- Major protocol dissection improvement in particular with unknwon traffic
- Improvement in Telegram v6 protocol support
- HTTP improvements to detect file download/upload and binary files
- BitTorrent and WhatsApp dissection improvement
- Spotify
- Added detection of malformed packets
- Fuzzy testing support has been greatly improved
- SSH code cleanup
Fixes
- Fixed various memory leaks and race conditions in protocol decoding
- NATS, CAPWAP dissector
- Removed HyperScan support that greatly simplified the code
- ARM platform fixes on memory alignment
- Wireshark extcap support
- DPDK support
- OpenWRT, OpenBSD support
- MINGW compiler support
MISC
- Created demo app for nDPI newcomers
- Removed obsolete pplive and pando protocols