Firegex 3.2.1

• Parsing websocket extentions from server response

Full Changelog: 3.2.0...3.2.1

Firegex 3.2.0

• HTTP compression fix (now supporting brotli, zstd, gzip, deflate)
• bug fix on stream parsing when upgrading protocol
• flags for type of upgrade (h2 and ws)
• websocket Frame decode implemented (with support to permessage-deflate extention)
• fixed multiple header key: now as mentionated in the RFC multiple header with the same field, are concatenated with a comma in a single value, but also leaving the possibility to check how it was encoded originally
• updated docs

Full Changelog: 3.1.0...3.2.0

Firegex 3.1.0

3.0.0 Fixing

• nfproxy: ipv6 invalid packet was risen due to an invalid payload size in the header (fixed)
• nfproxy: on invalid data on reserialize, double free was triggered
• API and DB: PK on nfproxy now is name + service_id (added service_id in the pyfilter model)
• API: added service_id reference at every pyfilter API
• nfproxy - fgex: when handling data types, now parsers can return a list of parsed values
• nfproxy - fgex: default rejecting connections on invalide parsing, added an option to customize this behaviour (documented in the docs)
• nfproxy - fgex: more checks on FGEX_ options (invalid values raise an exception on compiling)
• nfproxy - fgex: refactor of HTTP parser: now the same parser is used for all the stream and allows to parse correctly all the HTTP messages
• nfproxy - fgex: flush action don't destroy llhttp object but drops body first, and if necessary also all the other info
• tests: added tests for nfproxy

Full Changelog: 3.0.0...3.1.0

Firegex 3.0.0

What's Changed

• New feature: nfproxy by @domysh in #20

Full Changelog: 2.5.3...3.0.0

Firegex 2.5.3

What's Changed

• Fix metrics & add tests by @Minei3oat in #18

Full Changelog: 2.5.2...2.5.3

Firegex 2.5.2

• BUG: Sending to hyperscan the rebuilded flux instead of l4 data

What's Changed

• re-integrated automatic test execution by @domysh in #16

Full Changelog: 2.5.1...2.5.2

Firegex 2.5.1

What's Changed

• regex are now checked directly by hyperscan with error messages from the engine
• general minor fixes

Pull Requests

• Fix start.py and gh action for future nfproxy feature by @domysh in #14
• 2.5.1 Release by @domysh in #15

Full Changelog: 2.5.0...2.5.1

Firegex 2.5.0

What's Changed

• New multithreading system integrated in c++
  Now there is only 1 queue for each service: this thread analyze the packet, and hashing the ip and the port (the kernel with queue balance hash only the ips: this is bad in CTF context due to NAT using) choosing based on this the target thread that should handle the connection. This allows real-"multi threading" and have strong results on multiple connection when the load caused by filtering is not really fast
• fail-open: exposing the possibility to enable fail-open option of nfqueue on the graphic interface
• fixed unique constraint on firewall module
• more RESTful APIs
• Added the option to edit service settings on nfregex
• fedora base container
• start.py now can start different versions of firegex

Pull requests

• Releasing changes done for nfproxy influncing also nfregex and fixes -> 2.5.0 release by @domysh in #13

Full Changelog: 2.4.0...2.5.0

Firegex 2.4.0

• Removed regex proxy feature (already deprecated now deleted)
• Using vectorscan to match regexes
• Using lintins to follow TCP streams
• Matching with stream regex TCP streams (now can't bypass filters splitting TCP traffic)

What's Changed

• Implementing new cpp nfqueue with hyperscan an stream regex assembling TCP packets with libtis by @domysh in #12

Full Changelog: 2.3.3...2.4.0

Firegex 2.3.3

What's Changed

• Add prometheus metrics endpoint for nfregexes by @Minei3oat in #11

New Contributors

• @Minei3oat made their first contribution in #11

Full Changelog: 2.3.2...2.3.3