by Lawrence R. Rogers (2023-07-18):
* Release 3.0.0.alpha3-1
Changed DNS deep packet inspection to produce names and text records with escape codes for special characters (non-ASCII, non-printable, special whitespace, and label-internal dots in names).
Made DNS deep packet inspection more strict about parsing malformed DNS Resource Records across RR boundaries within the packet.
Enhanced the --time and --etime options of yafMeta2Pcap to accept a human-readable timestamp in addition to milliseconds.
Changed the destination of --version output to the standard output.
Changed yaf to only export the fingerprint-related elements (firstPacketBanner, etc) when the --fpexport option is given. (Requires YAF to be built with --enable-fpexporter.)
Changed yaf to only export the p0f-related elements (osName, etc) when the --p0fprint option is given. (Requires YAF to be built with --with-p0f.)
Fixed a crash in YAF that occurs when it is built with GLib 2.75.3 or newer.
by Lawrence R. Rogers (2022-02-28):
* Release 3.0.0.alpha1-1
Merged the configuration files yafApplabelRules.conf and yafDPIRules.conf into a single
file written in Lua. Previous versions of those files will not work with this version of yaf.
Changed Deep Packet Inspection (DPI) support to be compiled into yaf when requested
by configure; it is no longer a plug-in. Run configure with --enable-dpi to enable the
capability; run yaf with --dpi to use it. Specifying --dpi enables application labeling;
it is no longer necessary to explicitly specify --applabel when enabling DPI.
Changed yaf to export metadata about information elements and templates by default:
both as compile-time and run-time options. To disable on an invocation, run yaf with
the --no-element-metadata and/or --no-template-metadata switches. To disable support
entirely, pass --disable-metadata-export to configure. (Note that super_mediator-2.0.0
works best with template metadata enabled.)
Updated yaf to use the enhanced template metadata available in libfixbuf-3.0.0. This
allows yaf to declare that it only uses some templates within sub-records (that is,
within a subTemplateList or subTemplateMultiList). The metadata also describes the
information element yaf uses in its basicLists.
Added the yaf command line option --payload-applabel-select to enable exporting payload data for only selected appLabel values.
Updated the regular expressions used for application-labeling.
Changed numerous aspects of the DPI data.
Updated, rearranged, and fixed bugs in SMTP DPI.
Added fields for more DNSSEC values and fixed other bugs in DNS DPI.
Renamed the configure option --enable-p0fprinter to --with-p0f.
Renamed the configure option --enable-ndpi to --with-ndpi.
Fixed bugs in POP3 DPI.
Removed support for the Spread toolkit.
Removed support for the popt options parser.
Updated fixbuf requirement to libfixbuf-3.0.0.