cbiedl
/
softflowd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238
							20061101
 - (djm) Collect licenses into LICENSE file
 - (djm) malloc(x*y) -> calloc(x, y)
 - (djm) Sync sys-tree.h
 - (djm) Release 0.9.8

20060315
 - (djm) Add "send-template" softflowctl command to resend a NetFlow 9
   template record immediately

20060315
 - (djm) Fix DLT_RAW support, from jhanna AT shaw.ca 
 - (djm) Support ${DESTDIR} in Makefile install target, from
   ssnodgra AT pheran.com
 - (djm) Encode ICMP type and code into port numbers (apparently this is
   what Cisco exporters do), patch from ssnodgra AT pheran.com slightly
   tweaked by me
 - (djm) Crank version number to 0.9.8
 - (djm) Add RPM packaging files from ssnodgra AT pheran.com

20060214
 - (djm) Add missing getopt() bit for flowtrack mode

20060211
 - (djm) Add option to ignore port and protocol information from flows,
   allowing flows from the same IP addresses to be automatically
   coalesced

20060126
 - (djm) Correctly expire quiescent flows when they hit maximum_lifetime; 
   bug noticed and patch tested by andreas.brillisauer AT hetzner.de

20051206
 - (djm) Make sure installation directories exist, spotted by
   alshu AT tut.by

20051118
 - (djm) Some extra paranoia and verbosity on malloc failures
 - (djm) Support Linux "cooked socket" datalink type, from Tony Lewis 
   gnutered AT yahoo.com.au

20051001
 - (djm) Fix typo, from rbreathe AT brookes.ac.uk

20050505
 - (djm) Fix time printing bug in debug mode
 - (djm) Fix reversed NetFlow v.9 first_switched and last_switched times

20050505
 - (djm) Fix bug in sequence number generation. Reported by 
   b.ghita AT jack.see.plymouth.ac.uk and mwlucas AT blackhelicopters.org
 - (djm) Report pcap stats in statistics display

20050114
 - (djm) Release 0.9.7

20050110
 - (djm) Fix endianness problem in NetFlow v.9 port number export. Found and 
   fixed by paolo.lucente AT ic.cnr.it
 - (djm) Add option to set hoplimit/TTL in support of multicast export support
 - (djm) Document multicast export

20041109
 - (djm) Test for struct ip6_ext in autoconf and define a replacement if 
   missing, some systems lack it

20040930
 - (djm) Increase caplen a little for IPv6
 - (djm) Remove unused debugging code from NetFlow v.9 support
 - (djm) Add a timeout to cluster expiry expiry events, so we get more flows 
    per packet. Default is to check for expiries every 60s
 - (djm) Allow timouts to be disabled (by setting them to 0)
 - (djm) Include IP_PROTOCOL_VERSION field in NetFlow v.9 packets
 - (djm) Don't bother tracking IPv6 flows if NetFlow export version 
   doesn't support it
 - (djm) Don't crank up pcap snaplen unless we are interested in IPv6 either
 - (djm) Unbreak v6 flow export
 - (djm) Unbreak compilation on non-OpenBSD
 - (djm) Update README with recent changes (NetFlow v.9, v6 flows)
 - (djm) Release 0.9.6

20040929
 - (djm) Improve IPv6 code: track flowlables bidirectionally (but don't key on 
   them for now), print addresses:port tuples unambiguously and apply correct 
   timeout for ICMPv6 flows
 - (djm) Remove NetFlow v.1 types from NetFlow v.5 code
 - (djm) NetFlow v.9 support
 
20040913
 - (djm) Split out netflow send functions into separate files
 - (djm) Switch to a table of netflow exporter functions in preparation for 
   additional export protocols
 - (djm) Collect netflow export target information together in a struct, in 
   preparation for more export protocols and support for multiple export targets
 - (djm) Optimise the datalink_check function, by caching the last datalink type
   used.

20040909
 - (djm) Implement IPv6 flow tracking. Currently no export functionality.
 - (djm) Portability fixes for Linux, add closefrom()
 - (djm) Use strlcat/strlcpy instead of strn* functions
 - (djm) Comment out dump_packet (uncomment when debugging)

20040909
 - (djm) inline is unnecessary
 - (djm) Rework datalink processing, in preparation of IPv6 support
 - (djm) Next step in preparation of IPv6 support: make flow structure and
   lookup function support both IPv4 and IPv6 addresses (v6 addrs aren't yet
   used)
 - (djm) Another step on the road: factor out transport-layer protocol parsing
   from IPv4 parsing code
 - (djm) Be more careful about putting flows into canonical format
 - (djm) Prepare for IPv6 packet to flow conversion routine

20040901
 - (djm) Fix a tiny, stupid bug that prevents flow export
 - (djm) Release version 0.9.2

20040827
 - (djm) NetFlow v.5 supports 30 flows per packet
 - (djm) Use struct sockaddr in arguments (not sockaddr_storage), properly 
   check length
 - (djm) Mention NetFlow v.5 support in manpage
 - (djm) Release version 0.9.1

20040716
 - (djm) Fix collector.pl when no address family specified on commandline
   spotted by pgennai AT netstarnetworks.com

20040710
 - (djm) Tidy up code: remove some debugging gunk, kill a global
 - (djm) Add support for NetFlow v.5 export format to softflowd
 - (djm) Add support for NetFlow v.5 export format to collector.pl

20040430
 - (djm) Release version 0.9

20040417
 - (djm) Fix invalid packet bug

20040417
 - (djm) Eliminate periodic expiry scans, wait in poll() only until the next 
   scheduled expiry event
 - (djm) Separate timeout for ICMP traffic, generic timeout is too long

20040416
 - (djm) A bunch of changes necessary to support building on Solaris 9 (though
   the resultant binary doesn't seem to work properly):
        - Use getaddrinfo instead of inet_aton to parse host/port for export
        - Use setreuid if setresuid isn't around (ditto for gid)
        - Add replacement daemon() function from OpenBSD
        - Provide our own logit() function, because Solaris syslog() doesn't 
          support LOG_PERROR
        - A heap of configure and common.h additions and fixes
 - (djm) Fix busted preprocessor
 - (djm) Support "[host]:port" syntax to specify numeric IPv6 export target
 - (djm) Fix connect() for IPv6 export targets
 - (djm) IPv6 listen support for collector.pl
 - (djm) Allow v4 operation of collector.pl if v6 modules aren't present
 - (djm) More flow export fixes
 - (djm) Tidy manpage and mention v6 export syntax
 - (djm) Unbreak Solaris, pass socklen around instead of using sa_len
 - (djm) Unbreak "make install"

20040415
 - (djm) Clear socket errors before UDP send; from pfflowd
 - (djm) Print flow start and finish times in collector.pl
 - (djm) Linux needs grp.h for setgroups()
 - (djm) Never endprotoent()
 - (djm) Use autoconf to detect various things; in preparation of more 
   portability
 - (djm) Detect int and define standard int types in configure

20031111
 - (djm) Remove -Werror from CFLAGS, it causes problems in released software

20031109
 - (djm) Give compile-time choice over flow and expiry event tree type
   default is splay tree for flows and red-black tree for expiry events
   (limited benchmarking indicates that this is the fastest)
 - (djm) Lock the BPF device to prevent changes should the unpriv child
   be compromised (only OpenBSD supports this ioctl for now)

20031001
 - (djm) Realloc audit
 - (djm) Chroot to /var/empty and drop privileges on daemonisation
 - (djm) More things TODO

20030620
 - (djm) Fixup collector timestamp printing
 - (djm) Rework TODO, add section on planned fragment handling
 - (djm) Add "strip" target to Makefile
 - (djm) Add "help" keyword to recognised softflowctl responses
 - (djm) Fix fragment handling bug: we would try to look into fragmented
   payload on later fragments. This could cause random tcp/udp  port numbers
   to be recorded.
 - (djm) Fix malicious fragment handling bug: deliberately tiny fragments 
   (e.g. http://citeseer.nj.nec.com/ptacek98insertion.html) would be ignored
   and would not create flow entries.
 - (djm) Count fragments that we have seen
 - (djm) Release version 0.8.1

20030307
 - (djm) Add basic perl netflow collector

20021110
 - (djm) Refactor, dramatically shrink mainloop

20021105
 - (djm) Don't exit on failure to lookup net/mask. From Alejandro Roman 
   <aroman@uyr.com.ar>

20021031
 - (djm) Add some examples to the manpage

20021030
 - (djm) New user-friendly time specification code from OpenSSH/Kevin Steves
 - (djm) Always use local sys-tree.h (for older OpenBSD's)

20021029
 - (djm) Multiple fixes and improvements from Octavian Cerna <tavy@ylabs.com>
    - softflowd.c (connsock): Fix arguments to `connect': addr is a pointer, 
	not a structure.
      (flow_update_expiry): Properly compute the flow lifetime.
      (send_netflow_v1): Count the leftover packet.
	Send flow_start, flow_finish and uptime_ms as Cisco equipment 
	does: milliseconds since system boot.
      (timeval_sub_ms): New function.
      (main): Changed POLL_WAIT to be (EXPIRY_WAIT/2) as stated in the 
	comment above `poll': twice per recheck.
	`poll' takes the last argument in milliseconds.
	Initialize system_boot_time as the time at the start of capture
	(fixme: how does this affect reading from capture files?)

20021024
 - (djm) Release softflowd-0.7.1

$Id: ChangeLog,v 1.87 2006/11/02 06:36:16 djm Exp $