20100504 - (djm) Swap nf9 last/first switched. They were reversed in the struct vs our template flowset. Patch from stephen AT sfnelson.org. https://bugzilla.mindrot.org/show_bug.cgi?id=1760 20091001 - (djm) Lots of manpage tweaks from Tamas TEVESZ, ice AT extreme.hu - (djm) Support manual specification of an interface index to be used as the input and output interface of all flows generated. Patch from kempf AT rpi.edu - (djm) One more manpage tweak from Tamas TEVESZ. - (djm) Display softflowd start time in "softflowctl statistics" display. Suggestion from Tamas TEVESZ. 20080515 - (djm) Fix typo in manpage for PID file location; patch from ice AT extreme.hu - (djm) Make privsep directory compile-time configurable; patch from ice AT extreme.hu 20070901 - (djm) Implement a very simple freelist allocator for flows and expiry events 20070831 - (djm) Move max_flows into struct FLOWTRACK 20070726 - (djm) Add flow_get/flow_put and expiry_get/expiry_put functions to allocate and deallocate flows and expiry events, instead of calling malloc/free directly. Right now these functions just call malloc/free anyway, but they will soon be used to implemented pooled flow/expiry allocations. 20070725 - (djm) KNF - (djm) Correctly exit from mainloop on signal - patch from Florian Weimer - (djm) openlog with LOG_NDELAY so socket is connected before privdrop - patch from Florian Weimer 20061102 - (djm) Document -v option and close Ed in manpage; from Nino Jogun nino80 AT gmail.com 20061101 - (djm) Collect licenses into LICENSE file - (djm) malloc(x*y) -> calloc(x, y) - (djm) Sync sys-tree.h - (djm) Release 0.9.8 20060315 - (djm) Add "send-template" softflowctl command to resend a NetFlow 9 template record immediately 20060315 - (djm) Fix DLT_RAW support, from jhanna AT shaw.ca - (djm) Support ${DESTDIR} in Makefile install target, from ssnodgra AT pheran.com - (djm) Encode ICMP type and code into port numbers (apparently this is what Cisco exporters do), patch from ssnodgra AT pheran.com slightly tweaked by me - (djm) Crank version number to 0.9.8 - (djm) Add RPM packaging files from ssnodgra AT pheran.com 20060214 - (djm) Add missing getopt() bit for flowtrack mode 20060211 - (djm) Add option to ignore port and protocol information from flows, allowing flows from the same IP addresses to be automatically coalesced 20060126 - (djm) Correctly expire quiescent flows when they hit maximum_lifetime; bug noticed and patch tested by andreas.brillisauer AT hetzner.de 20051206 - (djm) Make sure installation directories exist, spotted by alshu AT tut.by 20051118 - (djm) Some extra paranoia and verbosity on malloc failures - (djm) Support Linux "cooked socket" datalink type, from Tony Lewis gnutered AT yahoo.com.au 20051001 - (djm) Fix typo, from rbreathe AT brookes.ac.uk 20050505 - (djm) Fix time printing bug in debug mode - (djm) Fix reversed NetFlow v.9 first_switched and last_switched times 20050505 - (djm) Fix bug in sequence number generation. Reported by b.ghita AT jack.see.plymouth.ac.uk and mwlucas AT blackhelicopters.org - (djm) Report pcap stats in statistics display 20050114 - (djm) Release 0.9.7 20050110 - (djm) Fix endianness problem in NetFlow v.9 port number export. Found and fixed by paolo.lucente AT ic.cnr.it - (djm) Add option to set hoplimit/TTL in support of multicast export support - (djm) Document multicast export 20041109 - (djm) Test for struct ip6_ext in autoconf and define a replacement if missing, some systems lack it 20040930 - (djm) Increase caplen a little for IPv6 - (djm) Remove unused debugging code from NetFlow v.9 support - (djm) Add a timeout to cluster expiry expiry events, so we get more flows per packet. Default is to check for expiries every 60s - (djm) Allow timouts to be disabled (by setting them to 0) - (djm) Include IP_PROTOCOL_VERSION field in NetFlow v.9 packets - (djm) Don't bother tracking IPv6 flows if NetFlow export version doesn't support it - (djm) Don't crank up pcap snaplen unless we are interested in IPv6 either - (djm) Unbreak v6 flow export - (djm) Unbreak compilation on non-OpenBSD - (djm) Update README with recent changes (NetFlow v.9, v6 flows) - (djm) Release 0.9.6 20040929 - (djm) Improve IPv6 code: track flowlables bidirectionally (but don't key on them for now), print addresses:port tuples unambiguously and apply correct timeout for ICMPv6 flows - (djm) Remove NetFlow v.1 types from NetFlow v.5 code - (djm) NetFlow v.9 support 20040913 - (djm) Split out netflow send functions into separate files - (djm) Switch to a table of netflow exporter functions in preparation for additional export protocols - (djm) Collect netflow export target information together in a struct, in preparation for more export protocols and support for multiple export targets - (djm) Optimise the datalink_check function, by caching the last datalink type used. 20040909 - (djm) Implement IPv6 flow tracking. Currently no export functionality. - (djm) Portability fixes for Linux, add closefrom() - (djm) Use strlcat/strlcpy instead of strn* functions - (djm) Comment out dump_packet (uncomment when debugging) 20040909 - (djm) inline is unnecessary - (djm) Rework datalink processing, in preparation of IPv6 support - (djm) Next step in preparation of IPv6 support: make flow structure and lookup function support both IPv4 and IPv6 addresses (v6 addrs aren't yet used) - (djm) Another step on the road: factor out transport-layer protocol parsing from IPv4 parsing code - (djm) Be more careful about putting flows into canonical format - (djm) Prepare for IPv6 packet to flow conversion routine 20040901 - (djm) Fix a tiny, stupid bug that prevents flow export - (djm) Release version 0.9.2 20040827 - (djm) NetFlow v.5 supports 30 flows per packet - (djm) Use struct sockaddr in arguments (not sockaddr_storage), properly check length - (djm) Mention NetFlow v.5 support in manpage - (djm) Release version 0.9.1 20040716 - (djm) Fix collector.pl when no address family specified on commandline spotted by pgennai AT netstarnetworks.com 20040710 - (djm) Tidy up code: remove some debugging gunk, kill a global - (djm) Add support for NetFlow v.5 export format to softflowd - (djm) Add support for NetFlow v.5 export format to collector.pl 20040430 - (djm) Release version 0.9 20040417 - (djm) Fix invalid packet bug 20040417 - (djm) Eliminate periodic expiry scans, wait in poll() only until the next scheduled expiry event - (djm) Separate timeout for ICMP traffic, generic timeout is too long 20040416 - (djm) A bunch of changes necessary to support building on Solaris 9 (though the resultant binary doesn't seem to work properly): - Use getaddrinfo instead of inet_aton to parse host/port for export - Use setreuid if setresuid isn't around (ditto for gid) - Add replacement daemon() function from OpenBSD - Provide our own logit() function, because Solaris syslog() doesn't support LOG_PERROR - A heap of configure and common.h additions and fixes - (djm) Fix busted preprocessor - (djm) Support "[host]:port" syntax to specify numeric IPv6 export target - (djm) Fix connect() for IPv6 export targets - (djm) IPv6 listen support for collector.pl - (djm) Allow v4 operation of collector.pl if v6 modules aren't present - (djm) More flow export fixes - (djm) Tidy manpage and mention v6 export syntax - (djm) Unbreak Solaris, pass socklen around instead of using sa_len - (djm) Unbreak "make install" 20040415 - (djm) Clear socket errors before UDP send; from pfflowd - (djm) Print flow start and finish times in collector.pl - (djm) Linux needs grp.h for setgroups() - (djm) Never endprotoent() - (djm) Use autoconf to detect various things; in preparation of more portability - (djm) Detect int and define standard int types in configure 20031111 - (djm) Remove -Werror from CFLAGS, it causes problems in released software 20031109 - (djm) Give compile-time choice over flow and expiry event tree type default is splay tree for flows and red-black tree for expiry events (limited benchmarking indicates that this is the fastest) - (djm) Lock the BPF device to prevent changes should the unpriv child be compromised (only OpenBSD supports this ioctl for now) 20031001 - (djm) Realloc audit - (djm) Chroot to /var/empty and drop privileges on daemonisation - (djm) More things TODO 20030620 - (djm) Fixup collector timestamp printing - (djm) Rework TODO, add section on planned fragment handling - (djm) Add "strip" target to Makefile - (djm) Add "help" keyword to recognised softflowctl responses - (djm) Fix fragment handling bug: we would try to look into fragmented payload on later fragments. This could cause random tcp/udp port numbers to be recorded. - (djm) Fix malicious fragment handling bug: deliberately tiny fragments (e.g. http://citeseer.nj.nec.com/ptacek98insertion.html) would be ignored and would not create flow entries. - (djm) Count fragments that we have seen - (djm) Release version 0.8.1 20030307 - (djm) Add basic perl netflow collector 20021110 - (djm) Refactor, dramatically shrink mainloop 20021105 - (djm) Don't exit on failure to lookup net/mask. From Alejandro Roman 20021031 - (djm) Add some examples to the manpage 20021030 - (djm) New user-friendly time specification code from OpenSSH/Kevin Steves - (djm) Always use local sys-tree.h (for older OpenBSD's) 20021029 - (djm) Multiple fixes and improvements from Octavian Cerna - softflowd.c (connsock): Fix arguments to `connect': addr is a pointer, not a structure. (flow_update_expiry): Properly compute the flow lifetime. (send_netflow_v1): Count the leftover packet. Send flow_start, flow_finish and uptime_ms as Cisco equipment does: milliseconds since system boot. (timeval_sub_ms): New function. (main): Changed POLL_WAIT to be (EXPIRY_WAIT/2) as stated in the comment above `poll': twice per recheck. `poll' takes the last argument in milliseconds. Initialize system_boot_time as the time at the start of capture (fixme: how does this affect reading from capture files?) 20021024 - (djm) Release softflowd-0.7.1 $Id$