The latest pre-releases of YAF 3.x are listed below.
See also the latest YAF 2.x (stable)
releases and all YAF
releases.
Downloads
(SHA256=2c8b52ec9cb447f29897cc17e0d271b87cb940f515abdf6814b4c8dac5a7b468)
Changelog
- Enhanced the deep packet inspection capabilities for SSH connections to include negotiated algorithms and HASSH hash.
- Added the JA3 hash to the DPI for TLS connections.
- Made several changes to the yafDPIRules.conf file for applabels written as C plugins: Allow the user to disable the export of arbitrary DPI elements and SMTP headers. Allow a protocol to be specified. Moved the regex definitions from C to yafDPIRules.conf.
- Increased the maximum payload that YAF may capture for performing DPI.
- Fixed a potential bug in the Shannon entropy calculation that may cause small differences in calculated values.
Downloads
(SHA256=f2d388ecd53d9c48686f92c1dc816fa0d3fe570f5b6e4a6cbfdc191a4acaeadf)
Changelog
- Merged the configuration files yafApplabelRules.conf and yafDPIRules.conf into a single file written in Lua. Previous versions of those files will not work with this version of yaf.
- Changed Deep Packet Inspection (DPI) support to be compiled into yaf when requested by configure; it is no longer a plug-in. Run configure with --enable-dpi to enable the capability; run yaf with --dpi to use it. Specifying --dpi enables application labeling; it is no longer necessary to explicitly specify --applabel when enabling DPI.
- Changed yaf to export metadata about information elements and templates by default: both as compile-time and run-time options. To disable on an invocation, run yaf with the --no-element-metadata and/or --no-template-metadata switches. To disable support entirely, pass --disable-metadata-export to configure. (Note that super_mediator-2.0.0 works best with template metadata enabled.)
- Updated yaf to use the enhanced template metadata available in libfixbuf-3.0.0. This allows yaf to declare that it only uses some templates within sub-records (that is, within a subTemplateList or subTemplateMultiList). The metadata also describes the information element yaf uses in its basicLists.
- Added the yaf command line option --payload-applabel-select to enable exporting payload data for only selected appLabel values.
- Updated the regular expressions used for application-labeling.
- Changed numerous aspects of the DPI data.
- Updated, rearranged, and fixed bugs in SMTP DPI.
- Added fields for more DNSSEC values and fixed other bugs in DNS DPI.
- Renamed the configure option --enable-p0fprinter to --with-p0f.
- Renamed the configure option --enable-ndpi to --with-ndpi.
- Fixed bugs in POP3 DPI.
- Removed support for the Spread toolkit.
- Removed support for the popt options parser.
- Updated fixbuf requirement to libfixbuf-3.0.0.