ChangeLog - nfdump (upstream/1.5.7)

Tree @upstream/1.5.7 (Download .tar.gz)

ChangeLog @upstream/1.5.7 — raw · history · blame

2008-02-22
- Add icmp type/code decoding
- Add proper icmp v9 decoding
- Fix memory leaks in -e auto expire mode in nfcapd.
- Fix somee potential dead locks with file locking, when expiring
- Fix multicast bug in nfreplay
- Add hostname lookup for IP addresses in filter.

2007-10-15	stable-1.5.6
- Fix odd CISCO behaviour for ICMP type/code in src port.
- Add fast LZO1X-1 compression option (-z) for output file.
- Add lists for port in syntax -> port in [ 135 137 445]
- Add lists for AS syntax -> as in [ 1024 1025 ]
- Bug fix in filter for syntax 'src as and dst as' 

2007-08-24  stable-1.5.5
- Fix nfprofile bug, nfprofile crashes when last opts line is not valid for 
  some reason.
- Fix potential hand for nfexpire, on empty flow directories.

2007-08-08  snapshot-20070808
- Idents may contain '-' in name.
- Fixed install bugs in Makefile.in and configure.in
- Installs now cleanly on Solaris
- Handle 4byte interface numbers in v9. Quick fix: 4bytes reduced to 2bytes.
- Fix aggregation bug in statistics.
- ftok(3) C library call replaced by more reliable own implementation. 
  Did result in error messages like "Another collector is already running" 
- Fix minor bugs iin file range selction -R.
- Add recursive behaviour for -R <directory>
- New option -i can canche Ident descriptor in data files.

2007-03-12  snapshot-20070312
- Bug fix release of 20070306

2007-03-06  snapshot-20070306
- Fix bug in flist.c. Resulted in a coredump when using sub dirs and -R . ( all files )
- Fix minor bug in nfcapd.c. 
- Extend nfprofile for alerting system of nfsen - special version of profiles
- Extend nfprofile for shadow profiles.

2007-08-10  snapshot-20070110
- Fix some compiler warnings, when compiled on a 64bit LINUX
- Fixes an sflow bug: IP address was printed in wrong direction. ( lower bits first )
- Add new IP addr taging option -T for easy parsing for nfsen lookups
- Add new IP list for massive address filtering:
  syntax: ip in [ 12345 23456 3456 ....]
- Change nfprofile for channel based profiling. This breaks with old nfprofile 
  functionality.
- Remove space from ICMP type/code when followed by an IP address

2006-07-21	snapshot-20060809
- Make nfexpire ready for profile expiration
- Fix bug in nfrpofile. sub dir hierarchy not handled correctly.

2006-07-21	snapshot-20060721
- Add -N option for plain number output in summary line

2006-07-21	snapshot-20060721
- Do recursive file selection when a directory is given by -R

2006-06-14	snapshot-20060621
- Add srcas/dstas/proto aggregation.
  Note: This changes the default aggregation behaviour, but gives more flexibility
- Add tos to element statistics list

2006-06-14	snapshot-20060614
- Add additional stat line at the end of output
- Add new binary nfexpire. Manages data expiry on time and/or size based limits
  Includes new bookkeeping records in nfcapd.  See nfexpire(1)
- Add ICMP type/code decoding in flow listing instead of dst port
- Add packet repeater in nfcpad/sfcapd. In addition, incoming UDP packets can 
  be directly forwarded to another IP address/Port. See new option -R
- Add sub directory hierarchies: Files can be stored into various sub dir levels
  based on different time formats. see new option -S
- Some minor bug fixes.
- Code cleanup in nfcapd. better daemonize code and communication with launcher.

2006-04-xx	v.1.5.1
			Fix bug in nfdump.c: Writing anonymized flows to file did not work corretly
			stdin input format now compatible with file format, therefore
			'nfdump < file' works again as it did in nfdump 1.4.
			Fix bug in nfcapd.c: Error handling not correct when receiving a non
			recognized netflow packet. Resulted in an endless loop
2006-03-27	snapshot 1.5-20060327
			Make all element statistics -s transport layer protocol
			independant by default. Add :p to stat name ( e.g. srcip:p ) to
			enable transport layer dependant statistics on request.
2006-03-20	snapshot 1.5-20060320
            Fix bug in filter engine: 'not flags xyz' produces wrong results
			when more than a single flag is specified.
			Minor man page fixes.

2006-03-06	v1.5
			Fix bug nfcapd. Laucher signaled too early. File not yet properly
			closed.
2006-02-14	v1.5-beta-5
			Add srcas, dstas, input and output interfaces in aggregated
			output. 
			Fix IPv6 bug in filter: accept 1234:: address.
			rename nfcapd.curent tmp file to nfcapd.curren.<pid>. Poorly
			configured nfcapd processes may mess up themselves otherwise.
2006-02-02	v1.5-beta-4
			Fix netflow v5 dPkts <-> dOctets collector bug.
			Update pipe format to include more information
			Allow AS number 0 in filter syntax.
			Add some more boundary checking - netflow exporters aren't bug free either - sigh ..
2006-01-11	v1.5-beta-3
			Fix isnumber incompatibility in grammer.y
			Add 'if' statistics
2006-01-10	v1.5-beta-2
nf_common.c	Fix bug in format parser.
			Extended 'proto <protocol>' syntax to support all protocols
			Change time format in summary line to ISO format
2005-12-20	v1.5-beta-1
*.*			A lot of internal changes, not mentioned here. :(

nfdump		Add subnet aggregation for option -A
			A new syntax e.g. srcip4/24, dstip6/64 is supported for subnet wise aggregation.
			example: traffic of a whole subnet -A srcip4/24 -s srcip/bytes

nfdump		Add more stat element option. -s <stat> now supports:
			srcip, dstip, ip, srcport, dstport, port, srcas, dstas, as, inif, outif, proto

nfdump		Add -z. Suppress writing flows to data files. Only stat information is written.
nfprofile	Used only be nfsen for upcoming shadow profiles. If you don't understand this
			simply ignore it.

nfdump		Add -q option to suppress header as well as stat information at the bottom
nfprofile	for easier post processing with external programms.

nf_common.c	Output format processsing rewritting for more flexibility. Besides standard
nfdump.c	output formats line, long extended etc., user defined output formats are now 
			possible and can even be compiled into nfdump for easy access. See -o fmt:<format>
			and nfdump.c around line 100.

*.*			Integrate netflow v9 into nfdump. Only a subset of v9 is stored into
			the data files, basically everything needed for nfdump to work as it did before.
			This also includes IPv6 support for any nfdump options. CryptoPAN extended
			to work with IPv6. IPv6 condensed output format for better readability.
			Output formats available in long and condensed mode: e.g. line -> line6
			extended -> extended6

*.*			Replace binary data file format. Old format not flexible enough for
			upcoming netflow v9/sflow data. *.stat files are gone. The same 
			information is now available under nfdump -I
			New format about 5% larger in size, but faster for reading and writing.
			speed gain eaten up by more complex processing - sigh ..
			compat14 mode enables transparent reading of old style format.
			nffile.[ch] now handles all data file stuff.

nfreplay	Multicast enabled:
			Add -j <join group>. Joins the specified multicast group ( v4 or v6 )
			sending flows to this group.

nfreplay	IPv6 enabled:
			Add option -4 and -6 to force a specific protocol, otherwise
			protocol is automatically selected according the hostname to send flows to.
			Add -K key, to send data anonymized, using CryptoPAn

nfcapd		Multicast enabled:
			Add -j <join group>. Joins the specified multicast group ( v4 or v6 )
			for listening.

nfcapd		IPv6 enabled:
			Add option -4 and -6 for IPv4 and IPv6. By default, listen on IPv4.
			Option -b <host/IP> to bind for a specific host/IP address automatically
			selects appropriate protocol.

nfnet.c		All functions to setup network sockets for listening/sending are 
			put into this file.

2005-08-22 v1.4
- nfreplay:  Bug fix sending flows.
- nfdump:    Add CryptoPAn code to anonymize IP addresses. New option -K
- nfdump:    Change time format in output to ISO 8601 compatible: e.g. 1981-04-05 14:30:30.100
- nfdump:    Add scaling factor k,m,g to number in filter syntax: e.g. bytes > 1m
- nfdump:    Create new output format extended with additional fields pps, bps and bpp
- nfdump:    Rename output format extended to raw
- nfdump:    More than one single flow element statistic ( -s ) is now possible
- nfdump:    Add user defined sort order in flow element statistic
- nfdump:    Flow element statistic can be ordered by more than one order in the same run
- nfdump:    Add pps, bps and bpp fields in flow element statistics
- nfdump:    Add more symbolic protocols ESP, AH, GRP and RVSP to filter syntax
- nfdump:    Add duration, pps, bps and bpp to filter syntax
- nfdump:    Make nfdump miliseconds aware. Older versions skipped msecs.
  Binary nfdump file format changed due to this.
  output formats changed, due to this.
- nfdump:    Add interface in/out if <num> syntax to filter
- nfcapd:    Add flow_sequence check. Reports missing flows now.
- nfcapd:    Report statistics to syslog LOG_INFO when data file is rotated.
- ft2nfdump: Add ft2nfdump to read netflow data from flow-tools

2005-04-21 v1.3
- Add option -A for more flexible aggregation.
- Correct spelling errors :(

2005-03-04 v1.2.1
Bug fix release
- nfcapd: launcher subprocess may hang on Linux 2.6.x kernels.
  Cleaned up interrupt handling. 
- nfcapd: fix include order of socket.h and types.h in order to
  compile cleanly under FreeBSD 4.x
- nfcapd: clean up syslog logging.
- nfdump: Multiple sources ( -M ) and sort flows ( -m ) with 
  -c <limit> did not list the correct flows.
- nfprofile: Profiling with multiple sources may produce incorrect
  profiles. 

2004-12-20 v1.2
- nfcapd handles transparent v5 and v7 flows. v7 gets converted into v5
- nfcapd can execute any command at the end of interval. New option -x
- nfdump Extended filter syntax for flags, to, bytes and packets
- Rearrange output formats in nfdump: new switch -o, remove switch -E
  output formats: 'line', 'long', 'extended' and 'pipe'
- More flexible statistic handling in nfdump: cleanup ugly -s -s -s
  syntax. Replaced by -s <stat> option. New statistics for Port and AS.

2004-09-20 v 1.1
First public Version.