Package changes:
Use PKG_OPTIONS_GROUP framework
Add package option 'python' to support the new python scripts flow-rpt2rrd,
flow-log2rrd and flow-rptfmt.
Changes since last packaged version (0.67):
* 5-11-2005 flow-tools 0.68 released.
* added flow-rpt2rrd - post process flow-report into RRD's.
* added flow-log2rrd - post process logs from
* added flow-rptfmt - post process flow-report into readable and HTML.
* ftstat.c s/psizr256/psize256/ - uebelacker@tuhh.de
* rec_v5->engine_id not set properly in ftdecode.c
- baldwinL@mynetwatchman.com
* --enable-lfs set flags for large file support - alexbrennen@gmail.com
* Added CryptoPAn support to flow-xlate
req by Abilene
* mailing list archive is available at mail-archive.com
req by spork@bway.net
* flow-cat.c: progress debug output - weinhold@berbee.com
* portability: gcc no longer supports goto label which label is at the
end of a compound statement - Andreas Jochens <aj@andaco.de>
* flow-stat.c: protect from divize by zero - should only happen on invalid
flows - - Espen.Breivik@uninett.no
* flow-filter.c: exaddr filter - Espen.Breivik@uninett.no
* ftxlate.c: tag-mask eval_tag_mask() not using correct offsets
- Cougar <cougar@random.ee> & kgraham@valueclick.com
* flow-send: default tx_delay to 0 like flow-fanout - rjd@merit.edu
* flow-export: debug should be global - dwatanab@uci.edu
* flow-report: path will accept spaces, ie |flow-rpt2rrd -p rrd -k 25
* flow-report: records is in rec1
* flow-fanout: did not set address family for receive fd - noted by
fingers@fingers.co.za
* docs: add FILES section to man pages
* flow-report: -hh to list available reports
* flow-report, flow-tag, flow-xlate, flow-nfilter. Run-time variable
expansion of the form @VAR or @{VAR:default} for config files.
* flow-receive: dropped inline tagging and nfilter support
Package changes: bl3ify, record build options, remove obsolete
AUTOMAKE_POST_PATTERNS, support new PostgreSQL feature.
Changes since last packaged version:
* 12-4-2003 flow-tools 0.67 released.
* flow-export: pgsql support from wyu@ateneo.edu
* docs: flow-report: Added description of reports.
* ftlib: ftfil.c - match_end_time() broken - noted by
"Joe Loiacono" <jloiacon@csc.com>
* ftlib: fttag.c - better syntax checking for or-src/dst and set-src/dst
* ftlib: ftlib.h FT_TAG_TYPE_MATCH_NEXTHOP duplicated - flow-tag crash
with next-hop type noted by Maxim Grigoriev <maxim@fnal.gov>
* ftlib: ftstat.c - broken ip-destination-address-source-count. patch from
"Shigeki Taniguchi" <staniguchi@csc.com>
* flow-fanout: filters not loaded - noted by RAR@syssrc.com
* ftlib: missing function prototypes for ftstat_*, rename bind to binding
to prevent shadowing bind(). patch from Bill Fumerola <billf@mu.org>
* flow-fanout, flow-capture. Process SIGTERM like SIGQUIT so flow-tools
will work better under daemontools - req by
Bernhard Weisshuhn <bkw@weisshuhn.de>
* docs: flow-nfilter and flow-cat TIME/DATE parsing section.
* flow-dscan: drp->flags not updated when loading saved state - patch from
Jon Snyder <jon@pdx.edu>
* flow-dscan: allow concurrent -w and -W, patch from
Dan Thorson <dan.thorson@seagate.com>
* docs: flow-print -f24 - noted by
noted by Christian Bauer <Christian.Bauer@NEFkom.de>
* dist: tag.sym and tag.cfg example files reversed - noted by
* ftlib: ftlib.h - FT_TAG_SET and FT_TAG_OR are broken - patch from
Valtteri Vuorikoski <vuori@geo0-hel-fi.magenta.net>
* ftlib: ftrec.c - add 1005to5 translation - patch from
Valtteri Vuorikoski <vuori@geo0-hel-fi.magenta.net>
* flow-stat -f0 will try to divide by 0 with an empty flow file
- noted by Mike Hunter <mhunter@ack.Berkeley.EDU>
* flow-capture: -u preserve unherited umask - patch from
Everton da Silva Marques <everton@lab.ipaccess.diveo.net.br>
* flow-receive: remove -m and -A.
* flow-capture: remove -m and -A, functionality is now in xlate -x -X.
* flow-xlate: - config file based now.
* docs: flow-report: note which fields are sortable and what the key
field is.
* flow-capture: accept()'s 3rd arg should be casted to socklen_t*, noted
by Alistair.McGlinchy@marks-and-spencer.com
* docs: flow-nfilter, port is 0..65535 not 0..255 - noted by
Mike Hunter <mhunter@ack.Berkeley.EDU>
* ftlib: ftlib.h - set-{dst,src} and or-{dst,src} constants not correct -
patch from Valtteri Vuorikoski <vuori@geo0-hel-fi.magenta.net>
* ftlib: ftchash.c - ftchash_sort() should not try to sort 0 entry table -
noted by "Shane D." <shane.dawalt@wright.edu>
* flow-import: missing !HAVE_STRSEP compatability - patch from
Alistair.McGlinchy@marks-and-spencer.com
* ftlib: ftstat.c - output path not parsed correctly with leading whitespace
-- noted by Maxim Grigoriev <maxim@fnal.gov>
* ftlib: fttag.c - src->source dst->destination
* ftlib: fttag.c - ip-address, exporter, interface tag actions, requested by
Tim Irwin <tim@arch.bellsouth.net>
* ftlib: ftsym.c - ftsym_new() should handle null filename - noted by
Celso Alves Vieira <celso@telemar.com.br>
* flow-dscan: buf len 64, not 54 - Anil Madhavapeddy <anil@recoil.org>
NOTE: The names of the default configuration files has changed. They
now end in `.cfg' or `.sym'.
Approved by MAINTAINER.
Changes since last packaged version:
* 4-3-2003 flow-tools-0.66 released
* reapply flow-fanout linux patch, also infected flow-send
* 4-3-2003 flow-tools-0.65 released
* flow-send, flow-fanout: -s source IP address spoofing.
* build: builddir != srcdir problems - noted by jos@catnook.com
* build: All default config files installed by default.
* build: config files end in .cfg, symbol files end in .sym. Note this changes
the names of the default configuration files.
* ftlib: ftfil.c - random sample filter - reqested by
Edward Balas <ebalas@iu.edu>
* ftlib: ftstat.c - ip-destination-address-source-count missing count - noted
by Christian Cinetto <cinetto@garr.it>
* build: example tags file installed by default.
* ftlib: ftstat.c - broken ip-source-address/ip-destination-port - noted
by Gerhard.Haindl@t-systems.at
* ftlib: ftstat.c - broken ip-destination-address/destination-as - noted
by carsten.strahler@lambdanet.net
* remove bin scripts (mostly historical OSU stuff)
* upgrade to automake 1.7.3 and autoconf 2.57
* docs: flow-report.sgml missing
ip-source/destination-address/ip-protocol/ip-tos/ip-source/destination-port
noted by shane.dawalt@wright.edu
* flow-fanout: will not compile under linux - patch from
alex.shepard@gettyimages.com
* ftlib: ftstat.c - use FMT_SYM_LEN instead of hard coded 32 byte length.
increase len to 64 bytes.
* ftlib: fmt.c - fmt_uint*s() did not properly null terminate when symbol
strlen >= max - noted by jed@onenet.net
* 2-23-2003 flow-tools-0.64 released
* flow-fanout, flow-capture, flow-receive: add startup= to STAT: line
* docs: flow-fanout - missing -f -F - noted by RAR@syssrc.com
* flow-split: consuming too many resources, noted by fin@finseth.com
* ftlib: ftstat.c - rec2: in summary-detail report missing time_real field
- noted by shane.dawalt@wright.edu
* build: strouq() -> strtoull(). Check if strtoul() is really strtoull() -
noted by shane.dawalt@wright.edu
* ftlib: ftstat.c - protect potential divide by 0 errors - noted by
shane.dawalt@wright.edu
* flow-split: stag not initialized - patch from fin@finseth.com
* build: ftlib.h should not require ftconfig.h - noted by jan@kneschke.de
* build: lib/ftconfig.h does not belong in dist - noted by jos@catnook.com
* ftlib: ftlib.h - FT_SO_RCV_BUFSIZE default to 4MB
* ftlib: suppport.c - bigsockbuf() - more agressive reduction on large
buffers. Report size.
* ftlib: ftmask.c - flow-mask: rn_deladdr(): failed. Missing masklen
set - noted by nik.hinson@assurance-dynamics.com
* ftlib: ftfil.c - invert option to filter-definition req by mhyde@escape.ca
* ftlib: shadowed variable names - fumerola@yahoo-inc.com
* flow-cat: exit status 1 if no streams processed - req by
mhunter@ack.Berkeley.EDU
* ftlib: ftstat.c - bucket_dump_1(): loop typo noted by
nik.hinson@assurance-dynamics.com
* flow-capture: reload tags and filters with SIGHUP
* flow-import: format4 wire format.
* ftlib: ftstat.c - tag mask option should not require local tagging - noted
by clay@bloomcounty.org
* flow-*: catch extra command line args - noted by rcarrara@augustmail.com
* ftlib: fttag.c - fix ToS tagging, add ANY tagging.
Note: include files installed in $PREFIX/include/flow-tools,
examples configuration files and scripts installed in
$PREFIX/share/examples/flow-tools, configuration files are expected in
$PKG_SYSCONFDIR/flow-tools.
* 12-12-2002 flow-tools-0.63 released
* ftlib: ftstat.c - More informative error message when invalid field -
patch from wyu@ateneo.edu
* docs: flow-capture - hosts.allow requires flow-capture-client, not
flow-capture - noted by stewart@net.ohio-state.edu
* flow-capture: TCP client port should be same as UDP netflow port - noted
by stewart@net.ohio-state.edu
* ftlib: ftfil.c: moved primitive initialization code to
parse_primitive_type() to avoid state loss when 'default'
or 'mask' keyword used before a permit/deny.
* ftlib: ftfil.c: tos, marked_tos, tcp_flags mask applied to flow not
to a copy - noted by nik.hinson@assurance-dynamics.com
* flow-export -f4 wire format - requested by mikeh@ncsa.uiuc.edu
* docs: flow-print.sgml - document column headers.
* flow-report / ftstat.c - added runtime variable binding and output
path substitution support, ie run with -v ROUTER=NYCM and use
output path '/report/@ROUTER/report-out'
* ftlib: ftvar.c - variable binding functions.
* ftlib: ftstat.c - summary-detail report will produce core if no flows
are processed - noted by rjd@merit.edu
* docs: not all targets included in distribution - noted by
Jeje <jeje@jeje.org>
* ftlib: ftio.c byte order of output not always in synch with flags -
noted by mikeh@ncsa.uiuc.edu
* docs: flow-filter port correction - mhunter@ack.Berkeley.EDU
* ftlib: ftstat.c names option works with IP addresses -- DNS lookups.
req by nik.hinson@assurance-dynamics.com
* ftlib: ftstat.c: min_pps,max_pps,min_bps,max_bps calculations,
reduce memory and CPU footprint if *ps calculations are not selected.
req by nik.hinson@assurance-dynamics.com
* ftlib: ftstat.c: linear-interpolated-flows-octets-packets,first,last,
duration,ip-source-address/source-tag,ip-source-address/destination-tag,
ip-destination-address/source-tag,ip-destination-address/destination-tag,
ip-source/destination-address/source/destination-tag,
ip-source/destination-address/ip-protocol/ip-tos reports.
req by nik.hinson@assurance-dynamics.com
* ftlib: ftstat.c: new fields, index,first,last
req by nik.hinson@assurance-dynamics.com
* ftlib: ftstat.c: integrated mask eval
req by nik.hinson@assurance-dynamics.com
* flow-mask: new - replace mask length based on prefix.
req by nik.hinson@assurance-dynamics.com
* ftlib: fttag.c: tag on tcp-src-port, tcp-dst-port, tcp-port, udp-src-port,
udp-dst-port, udp-port, tos.
req by nik.hinson@assurance-dynamics.com
* ftlib: fttag.c: rework to use jump tables to support more match types
w/o performance impact.
* flow-stat: -f32 did not have symbol lookups enabled, noted by
Michael Redinger <Michael.Redinger@uibk.ac.at
* docs: flow-tag man page example does not work - noted by
Michael.Redinger@uibk.ac.at
* flow-fanout: -V does not work, noted by gritzko@dcn.ru
* 10-15-2002 flow-tools-0.62 released
* ftlib: ftstat.c: fcount displayed (flows counted in pps and bbs calcs)
* build: localstatedir no longer hardcoded to /var/ft. man and html pages
have localstatedir substitution.
* ftlib: ftstat.c: multiple output per report, output to a pipe,
source/destination address format, source/destination address count
report.
* flow-import: -m allows ascii input. #:<fields> in ascii output
automatically parsed as -m option.
* flow-export: fix -m, -m now allows ascii input, ie -m unix_secs,dpkts,doctets
* ftlib: ftstat.c masked tag not restored if filter evaluated to DENY.
* ftlib: ftstat.c bucket record count in header not correct.
* ftlib: ftstat.c ip-address and ip-port to pick up flow-stat -f7 and -f11
style reports. noted by acidic@apricot.fruit.org
* flow-cat / flow-receive: Pay closer attention to FT_FIELD_CAP_START and
FT_FIELD_CAP_END so a bogus capture period is not displayed on
output from flow-receive > file. noted by ylee@net2phone.com
* flow-print: Missing leading 0's on msec formats, noted by
ertoz@cs.umn.edu
* ftlib: ftfil.c: use consistent naming with flow-report
* flow-fanout, flow-receive, flow-capture: handle interrupted recvmsg()
syscall which happens on some linux MP configurations.
* ftlib: ftfil.c - pps/bps not handled correctly - patch from jon@pdx.edu
* flow-print - format 24 from Christian.Bauer@NEFonline.de
* flow-import - Cisco NFC format from torppa@polykoira.megabaud.fi
* flow-capture - more informative err message on bind() failure - noted by
stewart@net.ohio-state.edu
* docs: flow-capture.sgml - no -o option - noted by stewart@net.ohio-state.edu
* flow-search - remove hard coded path, noted by stewart@net.ohio-state.edu
* ftlib: ftdecode.c - ftpdu_verify() can segv on invalid packets < 4 bytes
noted by Eric Stewart stewart@net.ohio-state.edu
* ftlib: ftfil.c - PERMIT/DENY reversed for many when default PERMIT --
noted by Gerhard.Haindl@t-systems.at
* ftlib: ftstat.c - tag mask before filter - noted by wyu@ateneo.edu
* 8-27-2002 flow-tools-0.61 released
* ftlib: strtoull.c - missing ULLONG_MAX - noted by papaleonardos.3@osu.edu
* build: --with-mysql allows path, ie --with-mysql=/usr/local
* ftlib: ftstat.c - don't require FT_XFIELD_SRC_MASK / FT_XFIELD_DST_MASK -
dynamically add the requirement when FT_STAT_OPT_PREFIX_* is set -
noted by mw@uk.yahoo-inc.com
* ftlib: ftio.c - more informative warning when trying to process non
flow-tools files.
* ftlib: ftfile.c - more informative warning when ignoring files.
* ftlib: fttag.c - parser requires 'type' for a match and 'term' in a
definition.
* ftlib: ftdecode.c - allow padded Cat 6K packets.
* flow-receive, flow-capture: no longer need ftio_set_xip() - noted by
mw@uk.yahoo-inc.com
* flow-tag, ftstat: allow retagging - noted by clay@opus.bloomcounty.org
* flow-cat: cleanup error message
* flow-export: len = 0, mysql typo
* ftlib: ftstat.c missed a few , - noted by nik.hinson@assurance-dynamics.com
* 8-15-2002 flow-tools-0.60 released
* flow-capture,flow-receive,flow-fanout: add filter option.
* flow-export: MySQL support based on patch from wyu@ateneo.edu
* ftlib: ftfil.c pps and bps filter.
* build: scripts in bin directory get installed
* build/ftlib: added BSD strtoull.c for DEC portability - noted by
shane.dawalt@wright.edu
* flow-report: future replacement for flow-stat
* ftlib: added ftstat.c - stats and report library
* ftlib: FT_RECGET_* macros
* docs: updated documentation.
* configs: updated asn.txt and asn symbol file
* ftlib: fmt.c - fmt_ipv4prefix() was not processing 0/0 correctly.
* ftlib: ftfil.c - fix memory leak with ftd->name and ftfil->name
* ftlib: ftfil.c - delay primitive resolution until file is parsed
-- a filter-definition can precede a filter-primitive
* ftlib: ftfil.c - time only primitive implemented. Req by wyu@ateneo.edu
Provided by Curt Sampson (cjs@netbsd.org)
Flow-tools is a set of utilties for collecting and storing NetFlow
data, and doing some limited analysis of it.
NetFlow is a Cisco-developed protocol for transferring network traffic
flow information (usually from a router or switch) to another system
that collects and stores this information. More information on NetFlow
is available at
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
seb
agc