|
|
|
|
Changelog for silk-rwflowpack-3.14.0-2.fc21.x86_64.rpm :
Thu Nov 17 13:00:00 2016 Lawrence Rogers 3.14.0-1/2
* Release 3.14.0-1/2 IPset changes Add a new file format, record-version=5, for IPsets containing IPv6 addresses that should be more compact than record-version=4. Unless the default file format is changed at configure time, the new format must be explicitly requested using --record-version switch or via the SILK_IPSET_RECORD_VERSION environment variable. Fix a bug when working with IPsets that contain IPv6 addresses and have more than 44,739,242 internal nodes. The bug may cause the tool to crash or to loop endlessly. Reduce how quickly memory grows when building an IPset that contains IPv6 addresses. Perform additional integrity checks when reading an IPset file from disk. rwsetbuild Fix a bug introduced in SiLK-3.11.0 that may occur when computing the intersection or difference of an IPv4 IPset with an IPv6 IPset that is in record-version=4 format. Addresses in the ::ffff:0:0/96 netblock of the IPv6 IPset were ignored when the IPset contained clusters of addresses less then ::ffff:0:0. rwsetcat Allow computing the count of IP addresses in an IPset without loading the IPset into memory. rwbag Fix a bug when creating a bag whose key is attributes that causes the bag to appear to have duplicate keys. rwfileinfo Rename the title of the compression field. The title was changed unintentionally in SiLK 3.12.2 and caused iSiLK to fail. rwstats, rwuniq Do not limit the maximum hash table size to a 32-bit value on a 64-bit platform. flowcap, rwflowpack In the sensor.conf file, add support for a quirk to handle NetFlow v9 records generated by a SonicWall device where the router up-time is reported in seconds instead of milliseconds. Building Add a configure switch, --enable-ipset-compatibility, that allows changing the default IPset file format written by SiLK. The argument is the version of SiLK with which IPsets are to be compatible. The IPset file format changes at 3.7.0 and 3.14.0.
Thu Sep 29 14:00:00 2016 Lawrence Rogers 3.13.0-1/2
* Release 3.13.0-1/2 Change across all tools Add support for compressing files with \"Snappy\" compression when the Snappy library and header are found during configuration. Add support for the SILK_COMPRESSION_METHOD environment variable that provides a default value for the --compression-method switch. rwcount Do not limit the maximum array size to a 32-bit value on 64-bit platforms. rwsettool Add a --symmetric-difference switch to compute the set of IP addresses that occur in only one of two input IPsets. rwfileinfo Disable printing of the record count when the file\'s compression method is not available. rwfilter, rwfglob Fix a file-selection bug where a --start-date specified in epoch seconds that fell on a day boundary would return files for that entire day instead of for that single hour. PySiLK Fix memory leaks. Fix a bug in the silk.site.repository_iter() where an epoch-based start-date value that fell on a day boundary would return files for that entire day instead of for that single hour. rwsender Change the log messages that are written when scanning the incoming and processing directories.
Thu Jun 23 14:00:00 2016 Lawrence Rogers 3.12.2-1/2
* Release 3.12.2-1/2 rwgeoip2ccmap Restore support for binary input that was removed in SiLK 3.12.0. rwbagcat Sort the output using the value of each key\'s counter when the --sort-counters switch is given. rwbag Copy the invocation history and the notes from the source files to the output file(s). rwbagtool When inverting a bag, set the key-type of the output to the counter-type of the input. Previously it was set to custom. rwfileinfo Add a --help-fields switch. Expand the description of rwfileinfo\'s output on the manual page. rwfilter, rwfglob, rwsiteinfo Fix an unexpected fatal error that would occur when the silk.conf file contained a class that did not contain any types. Check the validity of the silk.conf file and report such errors. rwipfix2silk Write additional log messages when --log-destination is specified. rwpdu2silk Write additional log messages when --log-destination is specified. rwflowpack Change when record counts are reported in the log file: Report the number of records written to each output file only when the files are flushed. Fix a bug processing the reverse side a YAF bi-flow that stored the egressInterface in both the input and output fields. Fix a bug processing a bi-flow record that reversed the vlan interfaces on the forward record. flowcap Fix a bug when processing the reverse side a YAF bi-flow that stored the egressInterface in both the input and output fields. Fix a bug processing a bi-flow record that reversed the vlan interfaces on the forward record. rwflowappend Add locking of incremental files to prevent multiple rwflowappend invocations from processing the same file.
Thu May 5 14:00:00 2016 Lawrence Rogers 3.12.1-1/2
* Release 3.12.1-1/2 rwbagcat Fix a bug where the pager was not invoked when displaying keys as IPs or integers. rwflowpack, flowcap Make substantial changes to the handling of IPFIX and NetFlow v9 records to decrease per-record processing time.
Thu Mar 31 14:00:00 2016 Lawrence Rogers 3.12.0-1/2
* Release 3.12.0-1/2 rwbag Add a new switch --bag-file that replaces the numerous bag creation switches that previously existed. Deprecate the previous bag creation switches. Expand the list of keys that rwbag supports (e.g., start-time, sensor, TCP flags). Add support for creating a bag that contains country codes. Add support for creating a bag whose key is derived from a prefix map that maps either IP-addresses or protocol-port pairs. Add a header to the Bag file that stores the command line used to create the file. rwbagcat POTENTIAL INCOMPATIBILITY. Display a key whose type represents a time using a human-readable timestamp. Using --key-format=epoch displays the integer value. POTENTIAL INCOMPATIBILITY. Display a key whose type represents a SiLK sensor using the the sensor name. Using --key-format=decimal displays the integer value. POTENTIAL INCOMPATIBILITY. Display a key whose type represents TCP flags using the standard FSRPAUEC letters. Using --key-format=decimal displays the integer value. POTENTIAL INCOMPATIBILITY. Display a key whose type represents SiLK attributes using the standard TCFS letters. Use --key-format=decimal to display the integer value. Display a key whose type represents a country code using the two letter abbreviation. Require a prefix map to be specified via the --pmap-file switch when attempting to display a key whose type represents a mapping from a prefix map. Require the type of the prefix map to match the key-type specified in the Bag. Allow the --key-format switch to accept time-formatting and timezone arguments when printing a key that represents a time. Exit with an error when a time-format is used on a Bag whose key-type is neither a time nor \'custom\'. POTENTIAL INCOMPATIBILITY. Exit with an error when a --key-format for an IP address is used on a Bag whose key-type is neither an IP address nor \'custom\'. POTENTIAL INCOMPATIBILITY. Exit with an error when the --network-structure switch is used on a Bag whose key-type is neither an IP address nor \'custom\'. POTENTIAL INCOMPATIBILITY. Exit with an error when the --mask-ips switch is using on a Bag whose key-type is neither an IP address nor \'custom\'. rwbagbuild Add support for creating a bag that contains country codes. Add support for creating a bag whose key is derived from a prefix map that maps either IP-addresses or protocol-port pairs. When mapping from a protocol-port pair to a prefix map value, allow the delimiter between the protocol and port to be different than that between the port and the counter. Add a header to the Bag file that stores the command line used to create the file. rwgeoip2ccmap Use the first line of input to determine whether to create an IPv4 or IPv6 country code map. Add a header to the Bag file that stores the command line used to create the file. Modify the tool to more closely follow other SiLK tools. POTENTIAL INCOMPATIBILITY. Do not read the binary form of the Legacy GeoIP country code map. Only accept the comma separated value form. rwstats Allow the --count switch to accept an argument of 0 which indicates that it should print all bins. Allow the --percentage switch to accept a floating point value. rwsort Do not limit the maximum sort-buffer size to a 32-bit value on 64-bit platforms. rwdedupe Do not limit the maximum sort-buffer size to a 32-bit value on 64-bit platforms. rwcombine Do not limit the maximum sort-buffer size to a 32-bit value on 64-bit platforms. rwpmapbuild Add a header to the prefix map file that stores the command line used to create the file. rwsilk2ipfix Use multiple IPFIX templates when converting SiLK flow records. Add a --single-template switch to mimic the previous behavior. rwbagtool Fix an issue where the --compression-method switch was not applied to the IPset created by --coverset. rwflowpack, flowcap Fix a call to abort() that would occur when processing IPFIX records and a byte-count or packet-count of zero occurred in an unexpected place. Fix a bug that prevented creating a TCP IPFIX listener and a UDP IPFIX listener on the same port number. rwsender Attempt to resend any file that is not transferred unless the file is explicitly rejected by the rwreceiver. Add the --send-attempts switch that allows setting the number of attempts that are made to transfer a file. If sending a file fails and another attempt is to be made, append the file\'s name onto the back of the send queue. Allow setting of the --send-attempts switch from the configuration file and system initialization script. Fix a memory leak that may occur when rwsender is processing a file for an rwreceiver and their network connection ends. Support partial reads of a message header when GnuTLS is used. Log the GnuTLS error message that causes a connection to close. rwreceiver Support partial reads of a message header when GnuTLS is used. Log the GnuTLS error message that causes a connection to close. Building Fix several \"make check\" failures on OS X when System Integrity Protection is enabled. Remove use of pthread_atfork that preventing compilation on some systems.
Thu Oct 8 14:00:00 2015 Lawrence Rogers 3.11.0.1-1/2
* Release 3.11.0.1-1/2 3.11.0.1 Fix linking issue on Ubuntu when PySiLK support is enabled. 3.11.0 Allow rwsiteinfo to report on date ranges of files in a SiLK repository. Provide a way to set the default textual timestamp format and timezone from the environment. Provide a way to set the default textual IP format from the environment. Compile the PySiLK plug-in into the tools that can use it. Remove support for fixbuf releases prior to libfixbuf-1.6.0. Make additional changes and bug fixes.
Mon Jul 6 14:00:00 2015 Lawrence Rogers 3.10.2-3/4
* Release 3.10.2-3/4 Rebuild for libfixbuf-1.7.0.
Thu May 21 14:00:00 2015 Lawrence Rogers 3.10.2-1/2
* Release 3.10.2-1/2 Remove support for fixbuf releases prior to libfixbuf-1.4.0. Fix several bugs related to IPv6 addresses.
Thu Feb 26 13:00:00 2015 Lawrence Rogers 3.10.1-1/2
* Release 3.10.1-1/2 rwstats and rwuniq Change how rwstats and rwuniq use temporary files when distinct counts are being computed to fix the issue where the tool would sometimes exit with \"Error merging values from temporary file\". Use compression when writing to temporary files. rwsort, rwcombine, and rwdedupe Use compression when writing to temporary files. rwappend Fix a bug that could cause rwappend to remove /dev/null when run as root. flowcap Allow accept-from-host in sensor.conf to take multiple arguments. rwflowpack Allow accept-from-host in sensor.conf to take multiple arguments. Fix a potential crash when using --input-mode=respool and rwflowpack runs out of file descriptors. Building Fix a bug in the \"Requires:\" line of the generated silk.spec file when multiple optional dependencies are not available. Do not install rwscanquery when configure fails to find Perl\'s DBI module.
Thu Dec 18 13:00:00 2014 Lawrence Rogers 3.10.0-1/2
* Release 3.10.0-1/2 Important bug fixes in rwfilter and rwsetmember. rwflowpack can categorize flow records using an IPset. Several changes to logging in rwflowpack and flowcap, including a new default value. Additional changes and bug fixes.
Wed Dec 10 13:00:00 2014 Lawrence Rogers 3.9.0-9/10
* Release 3.9.0-9/10 Rebuild for libfixbuf-1.6.2.
Wed Oct 15 14:00:00 2014 Lawrence Rogers 3.9.0-7/8
* Release 3.9.0-7/8 Rebuild for libfixbuf-1.6.1.
Wed Oct 8 14:00:00 2014 Lawrence Rogers 3.9.0-5/6
* Release 3.9.0-5/6 Removed Obsoletes clause.
Mon Sep 29 14:00:00 2014 Lawrence Rogers 3.9.0-3/4
* Release 3.9.0-3/4 Rebuild for libfixbuf-1.6.0.
Thu Sep 25 14:00:00 2014 Lawrence Rogers 3.9.0-1
* Release 3.9.0-1 New tool rwcombine creates a single flow record from multiple records that represent a single, long-lived session. Several enhancements to rwmatch. Support for collecting sFlow v5 records (uses libfixbuf-1.6.0). Additional enhancements and bug fixes.
Thu Jul 31 14:00:00 2014 Lawrence Rogers 3.8.3-1
* Release 3.8.3-1 rwstats and rwuniq Fix a bug when --fields contained \"dPort\" followed by \"icmpTypeCode\" that caused the \"dPort\" field to display as 0. Additional changes and bug fixes
Thu Apr 24 14:00:00 2014 Lawrence Rogers 3.8.2-1
* Release 3.8.2-1 Add multiple thread support to rwflowappend. Support logging of IPFIX and NetFlow v9 templates received by rwflowpack and flowcap. Revision 1 - without IPA Revision 2 - with IPA
Mon Mar 17 13:00:00 2014 Lawrence Rogers 3.8.1-2
* Release 3.8.1-2 Took the time to make the build process cleaner so that it does not try to use programs that aren\'t installed.
Thu Jan 30 13:00:00 2014 Lawrence Rogers 3.8.1-1
* Release 3.8.1-1 See http://tools.netsa.cert.org/silk/releasenotes.html#release-3.8.1 for the changes in this release.
Thu Nov 21 13:00:00 2013 Lawrence Rogers 3.8.0-1
* Release 3.8.0-1 Allow rwpmaplookup to print the range that contains the key Improve handling of records from some devices that export NetFlow v9 Add support for libfixbuf-1.4.0 and remove support for releases prior to libfixbuf-1.2.0
Sun Aug 18 14:00:00 2013 Lawrence Rogers 3.7.2-1
* Release 3.7.2-1 PySiLK changes Add IPSet.is_ipv6() and IPSet.convert() methods. Fix a bug when saving an IPv6-IPset that contains only IPv4 addresses. IPset bug fixes Fix bugs when computing the union or intersection of an IPv4-IPset and an IPv6-IPset that contains only IPv4 addresses. rwfilter bug fixes Fix a spurious warning when loading an IPset. Fix a memory issue during shutdown when an argument to one of the -- *cidr switches (--scidr, --dcidr, etc) is mistyped. rwflowpack, flowcap bug fixes Fix a bug where the daemon failed to read TCP flags contained in a SubTemplateMultiList when reading IPFIX data over the network. Fix a memory leak when receiving IPFIX data containing a SubTemplateList or a SubTemplateMultiList.
Thu May 30 14:00:00 2013 Lawrence Rogers 3.7.1-1
* Release 3.7.1-1 rwpmaplookup enhancement Add --ipset-files switch that supports using IPsets to query prefix maps. rwdedupe bug fix Fix a crash that would occur when using --xargs with an empty list of files. rwsort bug fix Create a valid SiLK Flow file when using --xargs with an empty list of files. rwcut bug fix Print the title line when using --xargs with an empty list of files. rwrecgenerator bug fix Fix a bug when using --sensor-prefix-map that would set either the source or destination address to a random value. Building Fix a small issue in the silk.spec file when the dist RPM macro was not defined.
Thu May 30 14:00:00 2013 Lawrence Rogers 3.7.0-1
* Release 3.7.0-1 Add a new IPset file format which requires less disk space. Add new --ip-format switch to control how IPs are displayed. Add new --any-index and --any-cc switches to rwfilter. Add manual pages for rwflowpack\'s packing-logic plug-ins. Change how rwflowpack and flowcap report out-of-sequence NetFlow V5 packets.
Tue Apr 23 14:00:00 2013 Lawrence Rogers 3.6.1-1
* Release 3.6.1-1 Fix a bug in rwflowpack that caused the --pack-interfaces switch to be ignored.
Thu Apr 11 14:00:00 2013 Lawrence Rogers 3.6.0-1
* Release 3.6.0-1 Use the smaller SiLK-2 IPset memory representation for IPsets that contain only IPv4 addresses. Change sending output-mode in rwflowpack. Add a new incremental-files output-mode to rwflowpack. Have rwflowpack and flowcap record lost NetFlowV9 packets (requires libfixbuf-1.3.0). Add ability for rwreceiver to monitor disk usage. Verify that the --post-command switch and similar switches do not contain any unrecognized . Many additional changes and bug fixes.
Tue Mar 12 13:00:00 2013 Lawrence Rogers 3.5.1-2
* Release 3.5.1-2 New release linked with libfixbuf 1.3.0
Thu Dec 20 13:00:00 2012 Lawrence Rogers 3.5.1-1
* Release 3.5.1-1 Fix bug in the IPset library that made it impossible to store very large IPset files. Various changes to rwsiteinfo. Fix issue in rwreceiver that could cause it to close valid connections.
Thu Nov 1 13:00:00 2012 Lawrence Rogers 3.5.0-1
* Release 3.5.0-1 Add country code support for IPv6 addresses. Fix issue in rwreceiver that could cause it to close valid connections. Fix a bug on 32-bit platforms when reading files compressed with LZO that could cause memory corruption. Modify how rwflowappend determines the hourly file in which flow records are to be stored. Several additional bug fixes.
Thu Sep 27 14:00:00 2012 Lawrence Rogers 3.4.1-1
* Release 3.4.1-1 Add new --tail-recs switch to rwcut. Fix issue where receiving incorrect data from a previously rejected UDP client could case rwflowpack or flowcap to exit.
Thu Sep 13 14:00:00 2012 Lawrence Rogers 3.4.0-1
* Release 3.4.0-1 Modify how SiLK decodes the ICMP type and code stored in certain SiLK Flow records. Provide the new configure option --disable-silk3-ipsets which causes SiLK to use the IPset library as it existed in SiLK-2. When this switch is used, IPsets cannot store IPv6 addresses. Add support for libfixbuf-1.2.0, which allows multiple NetFlow v9 sources to connect to the same port. Add enhancements to rwsetcat, rwsetmember, rwscan. Fix bugs in rwuniq, rwstats, rwcut, rwipfix2silk.
Wed Aug 1 14:00:00 2012 Lawrence Rogers 3.3.4-1
* Release 3.3.4-1 * Fix bug where rwscanquery would attempt to write a file beginning and ending with a quote character. * Fix potentional issue in rwsender when attempting to exit after encountering an unexpected condition.
Thu Jul 19 14:00:00 2012 Lawrence Rogers 3.3.3-1
* Release 3.3.3-1 * Fix bug in log file locking and rotation.
Thu Jul 12 14:00:00 2012 Lawrence Rogers 3.3.2-1
* Release 3.3.2-1 * Fixes in the IPset and Bag tools.
Thu Jun 14 14:00:00 2012 Lawrence Rogers 3.3.0-1
* Release 3.3.0-1 * Critical fixes in rwuniq, rwstats, and the IPset tools. * Enhancements to rwscanquery * In flowcap, new log messages record the number of record processed for IPFIX probes and NetFlow v9 probes.
Thu Apr 26 14:00:00 2012 Lawrence Rogers 3.2.1-1
* Release 3.2.1-1 * Fix an issue when using multiple compressed IPsets in rwfilter on MPI. * Make rwflowpack and flowcap more robust with respect to error codes returned by libfixbuf. * Fix issues that prevented daemons from shutting down cleanly on some BSD OSes.
Tue Mar 20 13:00:00 2012 Lawrence Rogers 3.2.0-1
* Release 3.2.0-1 * Fix an issue when creating files on MPI where the compression was set to \"default\" or \"best\". * Additional bug fixes.
Wed Feb 15 13:00:00 2012 Lawrence Rogers 3.1.0-1
* Release 3.1.0-1 * rwflowappend uses advisory write locks to prevent multiple rwflowappend processes from each attempting to write to the same file. * Fix several issues in handling IPFIX. * Ignore IPFIX records that report a byte or packet count of zero.
Fri Sep 30 14:00:00 2011 Lawrence Rogers 3.0.0-1
* Release 3.0.0-1 * Support for IPv6 addresses in IPsets, Bags, and Prefix Maps. * New tools: rwsiteinfo, rwpmaplookup, rwpdu2silk * Improved IPFIX support, including allowing collection from multiple sources on a single TCP port. libfixbuf-1.0.0 is now required.
|
|
|