123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243 |
- 20100504
- - (djm) Swap nf9 last/first switched. They were reversed in the struct
- vs our template flowset. Patch from stephen AT sfnelson.org.
- https://bugzilla.mindrot.org/show_bug.cgi?id=1760
- 20061101
- - (djm) Collect licenses into LICENSE file
- - (djm) malloc(x*y) -> calloc(x, y)
- - (djm) Sync sys-tree.h
- - (djm) Release 0.9.8
- 20060315
- - (djm) Add "send-template" softflowctl command to resend a NetFlow 9
- template record immediately
- 20060315
- - (djm) Fix DLT_RAW support, from jhanna AT shaw.ca
- - (djm) Support ${DESTDIR} in Makefile install target, from
- ssnodgra AT pheran.com
- - (djm) Encode ICMP type and code into port numbers (apparently this is
- what Cisco exporters do), patch from ssnodgra AT pheran.com slightly
- tweaked by me
- - (djm) Crank version number to 0.9.8
- - (djm) Add RPM packaging files from ssnodgra AT pheran.com
- 20060214
- - (djm) Add missing getopt() bit for flowtrack mode
- 20060211
- - (djm) Add option to ignore port and protocol information from flows,
- allowing flows from the same IP addresses to be automatically
- coalesced
- 20060126
- - (djm) Correctly expire quiescent flows when they hit maximum_lifetime;
- bug noticed and patch tested by andreas.brillisauer AT hetzner.de
- 20051206
- - (djm) Make sure installation directories exist, spotted by
- alshu AT tut.by
- 20051118
- - (djm) Some extra paranoia and verbosity on malloc failures
- - (djm) Support Linux "cooked socket" datalink type, from Tony Lewis
- gnutered AT yahoo.com.au
- 20051001
- - (djm) Fix typo, from rbreathe AT brookes.ac.uk
- 20050505
- - (djm) Fix time printing bug in debug mode
- - (djm) Fix reversed NetFlow v.9 first_switched and last_switched times
- 20050505
- - (djm) Fix bug in sequence number generation. Reported by
- b.ghita AT jack.see.plymouth.ac.uk and mwlucas AT blackhelicopters.org
- - (djm) Report pcap stats in statistics display
- 20050114
- - (djm) Release 0.9.7
- 20050110
- - (djm) Fix endianness problem in NetFlow v.9 port number export. Found and
- fixed by paolo.lucente AT ic.cnr.it
- - (djm) Add option to set hoplimit/TTL in support of multicast export support
- - (djm) Document multicast export
- 20041109
- - (djm) Test for struct ip6_ext in autoconf and define a replacement if
- missing, some systems lack it
- 20040930
- - (djm) Increase caplen a little for IPv6
- - (djm) Remove unused debugging code from NetFlow v.9 support
- - (djm) Add a timeout to cluster expiry expiry events, so we get more flows
- per packet. Default is to check for expiries every 60s
- - (djm) Allow timouts to be disabled (by setting them to 0)
- - (djm) Include IP_PROTOCOL_VERSION field in NetFlow v.9 packets
- - (djm) Don't bother tracking IPv6 flows if NetFlow export version
- doesn't support it
- - (djm) Don't crank up pcap snaplen unless we are interested in IPv6 either
- - (djm) Unbreak v6 flow export
- - (djm) Unbreak compilation on non-OpenBSD
- - (djm) Update README with recent changes (NetFlow v.9, v6 flows)
- - (djm) Release 0.9.6
- 20040929
- - (djm) Improve IPv6 code: track flowlables bidirectionally (but don't key on
- them for now), print addresses:port tuples unambiguously and apply correct
- timeout for ICMPv6 flows
- - (djm) Remove NetFlow v.1 types from NetFlow v.5 code
- - (djm) NetFlow v.9 support
-
- 20040913
- - (djm) Split out netflow send functions into separate files
- - (djm) Switch to a table of netflow exporter functions in preparation for
- additional export protocols
- - (djm) Collect netflow export target information together in a struct, in
- preparation for more export protocols and support for multiple export targets
- - (djm) Optimise the datalink_check function, by caching the last datalink type
- used.
- 20040909
- - (djm) Implement IPv6 flow tracking. Currently no export functionality.
- - (djm) Portability fixes for Linux, add closefrom()
- - (djm) Use strlcat/strlcpy instead of strn* functions
- - (djm) Comment out dump_packet (uncomment when debugging)
- 20040909
- - (djm) inline is unnecessary
- - (djm) Rework datalink processing, in preparation of IPv6 support
- - (djm) Next step in preparation of IPv6 support: make flow structure and
- lookup function support both IPv4 and IPv6 addresses (v6 addrs aren't yet
- used)
- - (djm) Another step on the road: factor out transport-layer protocol parsing
- from IPv4 parsing code
- - (djm) Be more careful about putting flows into canonical format
- - (djm) Prepare for IPv6 packet to flow conversion routine
- 20040901
- - (djm) Fix a tiny, stupid bug that prevents flow export
- - (djm) Release version 0.9.2
- 20040827
- - (djm) NetFlow v.5 supports 30 flows per packet
- - (djm) Use struct sockaddr in arguments (not sockaddr_storage), properly
- check length
- - (djm) Mention NetFlow v.5 support in manpage
- - (djm) Release version 0.9.1
- 20040716
- - (djm) Fix collector.pl when no address family specified on commandline
- spotted by pgennai AT netstarnetworks.com
- 20040710
- - (djm) Tidy up code: remove some debugging gunk, kill a global
- - (djm) Add support for NetFlow v.5 export format to softflowd
- - (djm) Add support for NetFlow v.5 export format to collector.pl
- 20040430
- - (djm) Release version 0.9
- 20040417
- - (djm) Fix invalid packet bug
- 20040417
- - (djm) Eliminate periodic expiry scans, wait in poll() only until the next
- scheduled expiry event
- - (djm) Separate timeout for ICMP traffic, generic timeout is too long
- 20040416
- - (djm) A bunch of changes necessary to support building on Solaris 9 (though
- the resultant binary doesn't seem to work properly):
- - Use getaddrinfo instead of inet_aton to parse host/port for export
- - Use setreuid if setresuid isn't around (ditto for gid)
- - Add replacement daemon() function from OpenBSD
- - Provide our own logit() function, because Solaris syslog() doesn't
- support LOG_PERROR
- - A heap of configure and common.h additions and fixes
- - (djm) Fix busted preprocessor
- - (djm) Support "[host]:port" syntax to specify numeric IPv6 export target
- - (djm) Fix connect() for IPv6 export targets
- - (djm) IPv6 listen support for collector.pl
- - (djm) Allow v4 operation of collector.pl if v6 modules aren't present
- - (djm) More flow export fixes
- - (djm) Tidy manpage and mention v6 export syntax
- - (djm) Unbreak Solaris, pass socklen around instead of using sa_len
- - (djm) Unbreak "make install"
- 20040415
- - (djm) Clear socket errors before UDP send; from pfflowd
- - (djm) Print flow start and finish times in collector.pl
- - (djm) Linux needs grp.h for setgroups()
- - (djm) Never endprotoent()
- - (djm) Use autoconf to detect various things; in preparation of more
- portability
- - (djm) Detect int and define standard int types in configure
- 20031111
- - (djm) Remove -Werror from CFLAGS, it causes problems in released software
- 20031109
- - (djm) Give compile-time choice over flow and expiry event tree type
- default is splay tree for flows and red-black tree for expiry events
- (limited benchmarking indicates that this is the fastest)
- - (djm) Lock the BPF device to prevent changes should the unpriv child
- be compromised (only OpenBSD supports this ioctl for now)
- 20031001
- - (djm) Realloc audit
- - (djm) Chroot to /var/empty and drop privileges on daemonisation
- - (djm) More things TODO
- 20030620
- - (djm) Fixup collector timestamp printing
- - (djm) Rework TODO, add section on planned fragment handling
- - (djm) Add "strip" target to Makefile
- - (djm) Add "help" keyword to recognised softflowctl responses
- - (djm) Fix fragment handling bug: we would try to look into fragmented
- payload on later fragments. This could cause random tcp/udp port numbers
- to be recorded.
- - (djm) Fix malicious fragment handling bug: deliberately tiny fragments
- (e.g. http://citeseer.nj.nec.com/ptacek98insertion.html) would be ignored
- and would not create flow entries.
- - (djm) Count fragments that we have seen
- - (djm) Release version 0.8.1
- 20030307
- - (djm) Add basic perl netflow collector
- 20021110
- - (djm) Refactor, dramatically shrink mainloop
- 20021105
- - (djm) Don't exit on failure to lookup net/mask. From Alejandro Roman
- <aroman@uyr.com.ar>
- 20021031
- - (djm) Add some examples to the manpage
- 20021030
- - (djm) New user-friendly time specification code from OpenSSH/Kevin Steves
- - (djm) Always use local sys-tree.h (for older OpenBSD's)
- 20021029
- - (djm) Multiple fixes and improvements from Octavian Cerna <tavy@ylabs.com>
- - softflowd.c (connsock): Fix arguments to `connect': addr is a pointer,
- not a structure.
- (flow_update_expiry): Properly compute the flow lifetime.
- (send_netflow_v1): Count the leftover packet.
- Send flow_start, flow_finish and uptime_ms as Cisco equipment
- does: milliseconds since system boot.
- (timeval_sub_ms): New function.
- (main): Changed POLL_WAIT to be (EXPIRY_WAIT/2) as stated in the
- comment above `poll': twice per recheck.
- `poll' takes the last argument in milliseconds.
- Initialize system_boot_time as the time at the start of capture
- (fixme: how does this affect reading from capture files?)
- 20021024
- - (djm) Release softflowd-0.7.1
- $Id: ChangeLog,v 1.87 2006/11/02 06:36:16 djm Exp $
|