git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
softflowd
1
0
Fork 0
Files
Tree: 53e313b96d
Branches Tags
softflowd
/
ChangeLog

ChangeLog 10 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283 
  1. 20100504
    2. 

  2.  - (djm) Swap nf9 last/first switched. They were reversed in the struct
    3. 

  3.    vs our template flowset. Patch from stephen AT sfnelson.org.
    4. 

  4.    https://bugzilla.mindrot.org/show_bug.cgi?id=1760
    5. 

  5. 

  6. 20091001
    7. 

  7.  - (djm) Lots of manpage tweaks from Tamas TEVESZ, ice AT extreme.hu
    8. 

  8.  - (djm) Support manual specification of an interface index to be used
    9. 

  9.    as the input and output interface of all flows generated. Patch from
    10. 

  10.    kempf AT rpi.edu
    11. 

  11.  - (djm) One more manpage tweak from Tamas TEVESZ.
    12. 

  12.  - (djm) Display softflowd start time in "softflowctl statistics" display.
    13. 

  13.    Suggestion from Tamas TEVESZ.
    14. 

  14. 

  15. 20080515
    16. 

  16.  - (djm) Fix typo in manpage for PID file location; patch from
    17. 

  17.     ice AT extreme.hu
    18. 

  18.  - (djm) Make privsep directory compile-time configurable; patch from
    19. 

  19.     ice AT extreme.hu
    20. 

  20. 

  21. 20070901
    22. 

  22.  - (djm) Implement a very simple freelist allocator for flows and expiry
    23. 

  23.    events
    24. 

  24. 

  25. 20070831
    26. 

  26.  - (djm) Move max_flows into struct FLOWTRACK
    27. 

  27. 

  28. 20070726
    29. 

  29.  - (djm) Add flow_get/flow_put and expiry_get/expiry_put functions to 
    30. 

  30.    allocate and deallocate flows and expiry events, instead of calling
    31. 

  31.    malloc/free directly. Right now these functions just call malloc/free
    32. 

  32.    anyway, but they will soon be used to implemented pooled flow/expiry
    33. 

  33.    allocations.
    34. 

  34. 

  35. 20070725
    36. 

  36.  - (djm) KNF
    37. 

  37.  - (djm) Correctly exit from mainloop on signal - patch from Florian Weimer
    38. 

  38.  - (djm) openlog with LOG_NDELAY so socket is connected before privdrop - 
    39. 

  39.    patch from Florian Weimer
    40. 

  40. 

  41. 20061102
    42. 

  42.  - (djm) Document -v option and close Ed in manpage; from Nino Jogun
    43. 

  43.    nino80 AT gmail.com
    44. 

  44. 

  45. 20061101
    46. 

  46.  - (djm) Collect licenses into LICENSE file
    47. 

  47.  - (djm) malloc(x*y) -> calloc(x, y)
    48. 

  48.  - (djm) Sync sys-tree.h
    49. 

  49.  - (djm) Release 0.9.8
    50. 

  50. 

  51. 20060315
    52. 

  52.  - (djm) Add "send-template" softflowctl command to resend a NetFlow 9
    53. 

  53.    template record immediately
    54. 

  54. 

  55. 20060315
    56. 

  56.  - (djm) Fix DLT_RAW support, from jhanna AT shaw.ca 
    57. 

  57.  - (djm) Support ${DESTDIR} in Makefile install target, from
    58. 

  58.    ssnodgra AT pheran.com
    59. 

  59.  - (djm) Encode ICMP type and code into port numbers (apparently this is
    60. 

  60.    what Cisco exporters do), patch from ssnodgra AT pheran.com slightly
    61. 

  61.    tweaked by me
    62. 

  62.  - (djm) Crank version number to 0.9.8
    63. 

  63.  - (djm) Add RPM packaging files from ssnodgra AT pheran.com
    64. 

  64. 

  65. 20060214
    66. 

  66.  - (djm) Add missing getopt() bit for flowtrack mode
    67. 

  67. 

  68. 20060211
    69. 

  69.  - (djm) Add option to ignore port and protocol information from flows,
    70. 

  70.    allowing flows from the same IP addresses to be automatically
    71. 

  71.    coalesced
    72. 

  72. 

  73. 20060126
    74. 

  74.  - (djm) Correctly expire quiescent flows when they hit maximum_lifetime; 
    75. 

  75.    bug noticed and patch tested by andreas.brillisauer AT hetzner.de
    76. 

  76. 

  77. 20051206
    78. 

  78.  - (djm) Make sure installation directories exist, spotted by
    79. 

  79.    alshu AT tut.by
    80. 

  80. 

  81. 20051118
    82. 

  82.  - (djm) Some extra paranoia and verbosity on malloc failures
    83. 

  83.  - (djm) Support Linux "cooked socket" datalink type, from Tony Lewis 
    84. 

  84.    gnutered AT yahoo.com.au
    85. 

  85. 

  86. 20051001
    87. 

  87.  - (djm) Fix typo, from rbreathe AT brookes.ac.uk
    88. 

  88. 

  89. 20050505
    90. 

  90.  - (djm) Fix time printing bug in debug mode
    91. 

  91.  - (djm) Fix reversed NetFlow v.9 first_switched and last_switched times
    92. 

  92. 

  93. 20050505
    94. 

  94.  - (djm) Fix bug in sequence number generation. Reported by 
    95. 

  95.    b.ghita AT jack.see.plymouth.ac.uk and mwlucas AT blackhelicopters.org
    96. 

  96.  - (djm) Report pcap stats in statistics display
    97. 

  97. 

  98. 20050114
    99. 

  99.  - (djm) Release 0.9.7
    100. 

  100. 

  101. 20050110
    102. 

  102.  - (djm) Fix endianness problem in NetFlow v.9 port number export. Found and 
    103. 

  103.    fixed by paolo.lucente AT ic.cnr.it
    104. 

  104.  - (djm) Add option to set hoplimit/TTL in support of multicast export support
    105. 

  105.  - (djm) Document multicast export
    106. 

  106. 

  107. 20041109
    108. 

  108.  - (djm) Test for struct ip6_ext in autoconf and define a replacement if 
    109. 

  109.    missing, some systems lack it
    110. 

  110. 

  111. 20040930
    112. 

  112.  - (djm) Increase caplen a little for IPv6
    113. 

  113.  - (djm) Remove unused debugging code from NetFlow v.9 support
    114. 

  114.  - (djm) Add a timeout to cluster expiry expiry events, so we get more flows 
    115. 

  115.     per packet. Default is to check for expiries every 60s
    116. 

  116.  - (djm) Allow timouts to be disabled (by setting them to 0)
    117. 

  117.  - (djm) Include IP_PROTOCOL_VERSION field in NetFlow v.9 packets
    118. 

  118.  - (djm) Don't bother tracking IPv6 flows if NetFlow export version 
    119. 

  119.    doesn't support it
    120. 

  120.  - (djm) Don't crank up pcap snaplen unless we are interested in IPv6 either
    121. 

  121.  - (djm) Unbreak v6 flow export
    122. 

  122.  - (djm) Unbreak compilation on non-OpenBSD
    123. 

  123.  - (djm) Update README with recent changes (NetFlow v.9, v6 flows)
    124. 

  124.  - (djm) Release 0.9.6
    125. 

  125. 

  126. 20040929
    127. 

  127.  - (djm) Improve IPv6 code: track flowlables bidirectionally (but don't key on 
    128. 

  128.    them for now), print addresses:port tuples unambiguously and apply correct 
    129. 

  129.    timeout for ICMPv6 flows
    130. 

  130.  - (djm) Remove NetFlow v.1 types from NetFlow v.5 code
    131. 

  131.  - (djm) NetFlow v.9 support
    132. 

  132.  
    133. 

  133. 20040913
    134. 

  134.  - (djm) Split out netflow send functions into separate files
    135. 

  135.  - (djm) Switch to a table of netflow exporter functions in preparation for 
    136. 

  136.    additional export protocols
    137. 

  137.  - (djm) Collect netflow export target information together in a struct, in 
    138. 

  138.    preparation for more export protocols and support for multiple export targets
    139. 

  139.  - (djm) Optimise the datalink_check function, by caching the last datalink type
    140. 

  140.    used.
    141. 

  141. 

  142. 20040909
    143. 

  143.  - (djm) Implement IPv6 flow tracking. Currently no export functionality.
    144. 

  144.  - (djm) Portability fixes for Linux, add closefrom()
    145. 

  145.  - (djm) Use strlcat/strlcpy instead of strn* functions
    146. 

  146.  - (djm) Comment out dump_packet (uncomment when debugging)
    147. 

  147. 

  148. 20040909
    149. 

  149.  - (djm) inline is unnecessary
    150. 

  150.  - (djm) Rework datalink processing, in preparation of IPv6 support
    151. 

  151.  - (djm) Next step in preparation of IPv6 support: make flow structure and
    152. 

  152.    lookup function support both IPv4 and IPv6 addresses (v6 addrs aren't yet
    153. 

  153.    used)
    154. 

  154.  - (djm) Another step on the road: factor out transport-layer protocol parsing
    155. 

  155.    from IPv4 parsing code
    156. 

  156.  - (djm) Be more careful about putting flows into canonical format
    157. 

  157.  - (djm) Prepare for IPv6 packet to flow conversion routine
    158. 

  158. 

  159. 20040901
    160. 

  160.  - (djm) Fix a tiny, stupid bug that prevents flow export
    161. 

  161.  - (djm) Release version 0.9.2
    162. 

  162. 

  163. 20040827
    164. 

  164.  - (djm) NetFlow v.5 supports 30 flows per packet
    165. 

  165.  - (djm) Use struct sockaddr in arguments (not sockaddr_storage), properly 
    166. 

  166.    check length
    167. 

  167.  - (djm) Mention NetFlow v.5 support in manpage
    168. 

  168.  - (djm) Release version 0.9.1
    169. 

  169. 

  170. 20040716
    171. 

  171.  - (djm) Fix collector.pl when no address family specified on commandline
    172. 

  172.    spotted by pgennai AT netstarnetworks.com
    173. 

  173. 

  174. 20040710
    175. 

  175.  - (djm) Tidy up code: remove some debugging gunk, kill a global
    176. 

  176.  - (djm) Add support for NetFlow v.5 export format to softflowd
    177. 

  177.  - (djm) Add support for NetFlow v.5 export format to collector.pl
    178. 

  178. 

  179. 20040430
    180. 

  180.  - (djm) Release version 0.9
    181. 

  181. 

  182. 20040417
    183. 

  183.  - (djm) Fix invalid packet bug
    184. 

  184. 

  185. 20040417
    186. 

  186.  - (djm) Eliminate periodic expiry scans, wait in poll() only until the next 
    187. 

  187.    scheduled expiry event
    188. 

  188.  - (djm) Separate timeout for ICMP traffic, generic timeout is too long
    189. 

  189. 

  190. 20040416
    191. 

  191.  - (djm) A bunch of changes necessary to support building on Solaris 9 (though
    192. 

  192.    the resultant binary doesn't seem to work properly):
    193. 

  193.         - Use getaddrinfo instead of inet_aton to parse host/port for export
    194. 

  194.         - Use setreuid if setresuid isn't around (ditto for gid)
    195. 

  195.         - Add replacement daemon() function from OpenBSD
    196. 

  196.         - Provide our own logit() function, because Solaris syslog() doesn't 
    197. 

  197.           support LOG_PERROR
    198. 

  198.         - A heap of configure and common.h additions and fixes
    199. 

  199.  - (djm) Fix busted preprocessor
    200. 

  200.  - (djm) Support "[host]:port" syntax to specify numeric IPv6 export target
    201. 

  201.  - (djm) Fix connect() for IPv6 export targets
    202. 

  202.  - (djm) IPv6 listen support for collector.pl
    203. 

  203.  - (djm) Allow v4 operation of collector.pl if v6 modules aren't present
    204. 

  204.  - (djm) More flow export fixes
    205. 

  205.  - (djm) Tidy manpage and mention v6 export syntax
    206. 

  206.  - (djm) Unbreak Solaris, pass socklen around instead of using sa_len
    207. 

  207.  - (djm) Unbreak "make install"
    208. 

  208. 

  209. 20040415
    210. 

  210.  - (djm) Clear socket errors before UDP send; from pfflowd
    211. 

  211.  - (djm) Print flow start and finish times in collector.pl
    212. 

  212.  - (djm) Linux needs grp.h for setgroups()
    213. 

  213.  - (djm) Never endprotoent()
    214. 

  214.  - (djm) Use autoconf to detect various things; in preparation of more 
    215. 

  215.    portability
    216. 

  216.  - (djm) Detect int and define standard int types in configure
    217. 

  217. 

  218. 20031111
    219. 

  219.  - (djm) Remove -Werror from CFLAGS, it causes problems in released software
    220. 

  220. 

  221. 20031109
    222. 

  222.  - (djm) Give compile-time choice over flow and expiry event tree type
    223. 

  223.    default is splay tree for flows and red-black tree for expiry events
    224. 

  224.    (limited benchmarking indicates that this is the fastest)
    225. 

  225.  - (djm) Lock the BPF device to prevent changes should the unpriv child
    226. 

  226.    be compromised (only OpenBSD supports this ioctl for now)
    227. 

  227. 

  228. 20031001
    229. 

  229.  - (djm) Realloc audit
    230. 

  230.  - (djm) Chroot to /var/empty and drop privileges on daemonisation
    231. 

  231.  - (djm) More things TODO
    232. 

  232. 

  233. 20030620
    234. 

  234.  - (djm) Fixup collector timestamp printing
    235. 

  235.  - (djm) Rework TODO, add section on planned fragment handling
    236. 

  236.  - (djm) Add "strip" target to Makefile
    237. 

  237.  - (djm) Add "help" keyword to recognised softflowctl responses
    238. 

  238.  - (djm) Fix fragment handling bug: we would try to look into fragmented
    239. 

  239.    payload on later fragments. This could cause random tcp/udp  port numbers
    240. 

  240.    to be recorded.
    241. 

  241.  - (djm) Fix malicious fragment handling bug: deliberately tiny fragments 
    242. 

  242.    (e.g. http://citeseer.nj.nec.com/ptacek98insertion.html) would be ignored
    243. 

  243.    and would not create flow entries.
    244. 

  244.  - (djm) Count fragments that we have seen
    245. 

  245.  - (djm) Release version 0.8.1
    246. 

  246. 

  247. 20030307
    248. 

  248.  - (djm) Add basic perl netflow collector
    249. 

  249. 

  250. 20021110
    251. 

  251.  - (djm) Refactor, dramatically shrink mainloop
    252. 

  252. 

  253. 20021105
    254. 

  254.  - (djm) Don't exit on failure to lookup net/mask. From Alejandro Roman 
    255. 

  255.    <aroman@uyr.com.ar>
    256. 

  256. 

  257. 20021031
    258. 

  258.  - (djm) Add some examples to the manpage
    259. 

  259. 

  260. 20021030
    261. 

  261.  - (djm) New user-friendly time specification code from OpenSSH/Kevin Steves
    262. 

  262.  - (djm) Always use local sys-tree.h (for older OpenBSD's)
    263. 

  263. 

  264. 20021029
    265. 

  265.  - (djm) Multiple fixes and improvements from Octavian Cerna <tavy@ylabs.com>
    266. 

  266.     - softflowd.c (connsock): Fix arguments to `connect': addr is a pointer, 
    267. 

  267. 	not a structure.
    268. 

  268.       (flow_update_expiry): Properly compute the flow lifetime.
    269. 

  269.       (send_netflow_v1): Count the leftover packet.
    270. 

  270. 	Send flow_start, flow_finish and uptime_ms as Cisco equipment 
    271. 

  271. 	does: milliseconds since system boot.
    272. 

  272.       (timeval_sub_ms): New function.
    273. 

  273.       (main): Changed POLL_WAIT to be (EXPIRY_WAIT/2) as stated in the 
    274. 

  274. 	comment above `poll': twice per recheck.
    275. 

  275. 	`poll' takes the last argument in milliseconds.
    276. 

  276. 	Initialize system_boot_time as the time at the start of capture
    277. 

  277. 	(fixme: how does this affect reading from capture files?)
    278. 

  278. 

  279. 20021024
    280. 

  280.  - (djm) Release softflowd-0.7.1
    281. 

  281. 

  282. $Id$
    283. 

  283.