Revisions of pmacct
buildservice-autocommit
accepted
request 1056788
from
Martin Hauke (mnhauke)
(revision 108)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 1056783
from
Dirk Mueller (dirkmueller)
(revision 107)
- update to 1.7.8: + Introduced support for eBPF for all daemons: if SO_REUSEPORT is supported by the OS and eBPF support is compiled in, this allows to load a custom load-balancer. To load-share, daemons have to be part of the same cluster_name and each be configured with a distinct cluster_id. + Introduced support for listening on VRF interfaces on Linux for all daemons. The feature can be enabled via nfacctd_interface, bgp_daemon_interface and equivalent knobs. Many thanks to Marcel Menzel ( @WRMSRwasTaken ) for this contribution. + pre_tag_map: introduced limited tagging / labelling support for BGP (pmbgpd), BMP (pmbmpd), Streaming Telemetry (pmtelemetryd) daemons. ip, set_tag, set_label keys being currently supported. + pre_tag_map: defined a new pre_tag_label_encode_as_map config knob to encode the output 'label' value as a map for JSON and Apache Avro encodings, ie. in JSON "label": { "key1": "value1", "key2": "value2" }. For keys and values to be correctly mapped, the '%' delimiter is used when composing a pre_tag_map, ie. "set_label=key1%value1,key2%value2 ip=0.0.0.0/0". Thanks to Salvatore Cuzzilla ( @scuzzilla ) for this contribution. + pre_tag_map: introduced support for IP prefixes for src_net and dst_net keys for indexed maps (maps_index set to true). Indexing being an hash map, this feature currently tests data against all defined IP prefix lenghts in the map for a match (first defined matching prefix wins). + pre_tag_map: introduced two new 'is_nsel', 'is_nel' keys to check for the presence of firewallEvent field (233) and natEvent field (230) in NetFlow/IPFIX respectively in order to infer whether data is NSEL / NEL. If set to 'true' this does match NSEL / NEL data, if set to 'false' it does match
Dirk Stoecker (dstoecker)
accepted
request 930544
from
Martin Hauke (mnhauke)
(revision 106)
- Update to version 1.7.7 + BGP, BMP, Streaming Telemetry daemons: introduced parallelization of dump events via a configurable amount of workers where the unit of parallelization is the exporter (BGP, BMP, telemetry exporter), ie. in a scenario where there are 4 workers and 4 exporters each worker is assigned one exporter data to dump. + pmtelemetryd: added support for draft-ietf-netconf-udp-notif: a UDP-based notification mechanism to collect data from networking devices. A shim header is proposed to facilitate the data streaming directly from the publishing process on network processor of line cards to receivers. The objective is a lightweight approach to enable higher frequency and less performance impact on publisher and receiver process compared to already established notification mechanisms. + BGP, BMP, Streaming Telemetry daemons: now correctly honouring the supplied Kafka partition key for BGP, BMP and Telemetry msg logs and dump events. + BGP, BMP daemons: a new "rd_origin" field is added to output log/ dump to specify the source of Route Distinguisher information (ie. flow vs BGP vs BMP). + pre_tag_map: added ability to tag new NetFlow/IPFIX and sFlow sample_type types: "flow-ipv4", "flow-ipv6", "flow-mpls-ipv4" and "flow-mpls-ipv6". Also added a new "is_bi_flow" true/false key to tag (or exclude) NSEL bidirectional flows. Added as well a new "is_multicast" true/false config key to tag (or exclude) IPv4/IPv6 multicast destinations. + maps_index: enables indexing of maps to increase lookup speeds on large maps and/or sustained lookup rates. The feature has been remplemented using stream-lined structures from libcdada. This is a major work that helps preventing the unpredictable behaviours
Martin Hauke (mnhauke)
accepted
request 926723
from
Johannes Segitz (jsegitz)
(revision 105)
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
buildservice-autocommit
accepted
request 879913
from
Martin Hauke (mnhauke)
(revision 104)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 878956
from
Martin Hauke (mnhauke)
(revision 103)
- Update to versino 1.7.6 + BGP daemon: added suppport for Accumulated IGP Metric Attribute (AIGP) and Label-Index TLV of Prefix-SID Attribute. + BGP daemon: added SO_KEEPALIVE TCP socket option (ie. to keep the sessions alive via a firewall / NAT kind of device). + BGP daemon: if comparing source TCP ports among BGP peers is being enabled (config directive tmp_bgp_lookup_compare_ports), print also BGP Router-ID as distinguisher as part of log/dump output. + BMP daemon: added support for HAProxy Proxy Protocol Header in the first BMP message in order to determine the original sender IP address and port. The new bmp_daemon_parse_proxy_header config directive enables the feature. + BMP daemon: improved support and brought implementation on par with the latest drafting efforts at IETF wrt draft-cppy-grow-bmp- path-marking-tlv, draft-xu-grow-bmp-route-policy-attr-trace, draft-ietf-grow-bmp-tlv and draft-lucente-grow-bmp-tlv-ebit. + BMP daemon: added 'bgp_agent_map' equivalent feature for BMP. + nfacctd, nfprobe plugin: added support for collection and export of NetFlow/IPFIX data over Datagram Transport Layer Security (in short DTLS). The feature depends on the GnuTLS library. + nfacctd: added support for deprecated NetFlow v9 IE #104 (layer2packetSectionData) as it is implemented for NetFlow-lite on Cisco devices. Reused code from IPFIX IE #315. + nfacctd: added support for MPLS VPN RD IE #90. This comes in two flavours both found across vendor implementations: 1) IE present in flow data and 2) IE present in Options data as a lookup from IE #234 (ingressVRFID) and #235 (egressVRFID). + nfacctd: added a new timestamp_export aggregation primitive to record the timestamp being carried in the header of NetFlow/IPFIX
buildservice-autocommit
accepted
request 817802
from
Dirk Stoecker (dstoecker)
(revision 102)
baserev update by copy to link target
Dirk Stoecker (dstoecker)
accepted
request 817535
from
Martin Hauke (mnhauke)
(revision 101)
- Update to versino 1.7.5 * See /usr/share/doc/packages/pmacct/ChangeLog for all changes - Drop patch (addressed by upstream in 686495dd): * pmacct-fix-overflow.patch
buildservice-autocommit
accepted
request 813451
from
Lars Vogdt (lrupp)
(revision 100)
baserev update by copy to link target
Lars Vogdt (lrupp)
accepted
request 812351
from
Martin Hauke (mnhauke)
(revision 99)
- Set CFLAGS+=-fcommon
buildservice-autocommit
accepted
request 789671
from
Martin Hauke (mnhauke)
(revision 98)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 789664
from
Marcus Meissner (msmeissn)
(revision 97)
- pmacct-fix-overflow.patch: fixed bufferoverflow in sfacctd. - reenable _FORTIFY_SOURCE that showed that failure
buildservice-autocommit
accepted
request 776204
from
Martin Hauke (mnhauke)
(revision 96)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 772533
from
Martin Hauke (mnhauke)
(revision 95)
- Update to version 1.7.4p1 fix, pre_tag_map: a memory leak in pretag_entry_process() has been introduced in 1.7.4.
buildservice-autocommit
accepted
request 761347
from
Lars Vogdt (lrupp)
(revision 94)
baserev update by copy to link target
Lars Vogdt (lrupp)
accepted
request 760408
from
Martin Hauke (mnhauke)
(revision 93)
- Update to version 1.7.4 + Introduced support for the 'vxlan' VXLAN/VNI primitive in all traffic daemons + BMP daemon: added support for Peer Up message namespace for TLVs + sfprobe plugin: added support for IPv6 transport for sFlow export. See /usr/share/doc/packages/pmacct/ChangeLog for all changes
buildservice-autocommit
accepted
request 747206
from
Martin Hauke (mnhauke)
(revision 92)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 746397
from
Martin Hauke (mnhauke)
(revision 91)
- Do not longer build with support for the obsolete GeoIP The GeoIP-interface has been discontinued by Maxmind. See https://support.maxmind.com/geolite-legacy-discontinuation-notice/ for details. Without the database GeoIP is useless. pmacct is now build with support for libmaxminddb (GeoIPv2) that provides the same features but with a new supported interface.
buildservice-autocommit
accepted
request 705313
from
Lars Vogdt (lrupp)
(revision 90)
baserev update by copy to link target
Lars Vogdt (lrupp)
accepted
request 704836
from
Martin Hauke (mnhauke)
(revision 89)
- Update to version 1.7.3 + Introduced the RPKI daemon to build a ROA database and check prefixes validation status and coverages. Resource Public Key Infrastructure (RPKI) is a specialized public key infrastructure (PKI) framework designed to secure the Internet routing. RPKI uses certificates to allow Local Internet Registries (LIRs) to list the Internet number resources they hold. These attestations are called Route Origination Authorizations (ROAs). ROA information can be acquired in one of the two following ways: 1) importing it using the rpki_roas_file config directive from a file in the RIPE Validator format or 2) connecting to a RPKI RTR Cache for live ROA updates; the cache IP address/port being defined by the rpki_rtr_cache config directive (and a few more optional rpki_rtr_* directives are available and can be reviwed in the CONFIG-KEYS doc). The ROA fields will be populated with one of these five values: 'u' Unknown, 'v' Valid, 'i' Invalid no overlaps, 'V' Invalid with a covering Valid prefix, 'U' Invalid with a covering Unknown prefix. + Introducing pmgrpcd.py, written in Python, a daemon to handle gRPC- based Streaming Telemetry sessions and unmarshall GPB data. Code was mostly courtesy by Matthias Arnold ( @tbearma1 ). This is in addition (or feeding into) pmtelemetryd, written in C, a daemon to handle TCP/UDP-based Streaming Telemetry sessions with JSON-encoded data. + pmacctd, uacctd: added support for CFP (Cisco FabricPath) and Cisco Virtual Network Tag protocols. + print plugin: added 'custom' to print_output. This is to cover two main use-cases: 1) use JSON or Avro encodings but fix the format of the messages in a custom way and 2) use a different encoding than JSON or Avro. See also example in examples/custom and new directives print_output_custom_lib and print_output_custom_cfg_file. The patch
Displaying revisions 1 - 20 of 108