Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pmacct

buildservice-autocommit accepted request 1056788 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 108) 
baserev update by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) accepted request 1056783 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 107) 
- update to 1.7.8:
  + Introduced support for eBPF for all daemons: if SO_REUSEPORT is
    supported by the OS and eBPF support is compiled in, this allows
    to load a custom load-balancer. To load-share, daemons have to
    be part of the same cluster_name and each be configured with a
    distinct cluster_id.
  + Introduced support for listening on VRF interfaces on Linux for
    all daemons. The feature can be enabled via nfacctd_interface,
    bgp_daemon_interface and equivalent knobs. Many thanks to
    Marcel Menzel ( @WRMSRwasTaken ) for this contribution.
  + pre_tag_map: introduced limited tagging / labelling support for
    BGP (pmbgpd), BMP (pmbmpd), Streaming Telemetry (pmtelemetryd)
    daemons. ip, set_tag, set_label keys being currently supported.
  + pre_tag_map: defined a new pre_tag_label_encode_as_map config
    knob to encode the output 'label' value as a map for JSON and
    Apache Avro encodings, ie. in JSON "label": { "key1": "value1",
    "key2": "value2" }. For keys and values to be correctly mapped,
    the '%' delimiter is used when composing a pre_tag_map, ie.
    "set_label=key1%value1,key2%value2 ip=0.0.0.0/0". Thanks to
    Salvatore Cuzzilla ( @scuzzilla ) for this contribution.
  + pre_tag_map: introduced support for IP prefixes for src_net
    and dst_net keys for indexed maps (maps_index set to true).
    Indexing being an hash map, this feature currently tests data
    against all defined IP prefix lenghts in the map for a match
    (first defined matching prefix wins).
  + pre_tag_map: introduced two new 'is_nsel', 'is_nel' keys to
    check for the presence of firewallEvent field (233) and
    natEvent field (230) in NetFlow/IPFIX respectively in order
    to infer whether data is NSEL / NEL. If set to 'true' this
    does match NSEL / NEL data, if set to 'false' it does match
Dirk Stoecker's avatar Dirk Stoecker (dstoecker) accepted request 930544 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 106) 
- Update to version 1.7.7
  + BGP, BMP, Streaming Telemetry daemons: introduced parallelization
    of dump events via a configurable amount of workers where the unit
    of parallelization is the exporter (BGP, BMP, telemetry exporter),
    ie. in a scenario where there are 4 workers and 4 exporters each
    worker is assigned one exporter data to dump.
  + pmtelemetryd: added support for draft-ietf-netconf-udp-notif:
    a UDP-based notification mechanism to collect data from networking
    devices. A shim header is proposed to facilitate the data streaming
    directly from the publishing process on network processor of line
    cards to receivers. The objective is a lightweight approach to
    enable higher frequency and less performance impact on publisher
    and receiver process compared to already established notification
    mechanisms.
  + BGP, BMP, Streaming Telemetry daemons: now correctly honouring the
    supplied Kafka partition key for BGP, BMP and Telemetry msg logs
    and dump events.
  + BGP, BMP daemons: a new "rd_origin" field is added to output log/
    dump to specify the source of Route Distinguisher information (ie.
    flow vs BGP vs BMP).
  + pre_tag_map: added ability to tag new NetFlow/IPFIX and sFlow
    sample_type types: "flow-ipv4", "flow-ipv6", "flow-mpls-ipv4" and
    "flow-mpls-ipv6". Also added a new "is_bi_flow" true/false key to
    tag (or exclude) NSEL bidirectional flows. Added as well a new
    "is_multicast" true/false config key to tag (or exclude) IPv4/IPv6
    multicast destinations.
  + maps_index: enables indexing of maps to increase lookup speeds on
    large maps and/or sustained lookup rates. The feature has been
    remplemented using stream-lined structures from libcdada. This is
    a major work that helps preventing the unpredictable behaviours
Martin Hauke's avatar Martin Hauke (mnhauke) accepted request 926723 from Johannes Segitz's avatar Johannes Segitz (jsegitz) (revision 105) 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
buildservice-autocommit accepted request 879913 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 104) 
baserev update by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) accepted request 878956 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 103) 
- Update to versino 1.7.6
  + BGP daemon: added suppport for Accumulated IGP Metric Attribute
    (AIGP) and Label-Index TLV of Prefix-SID Attribute.
  + BGP daemon: added SO_KEEPALIVE TCP socket option (ie. to keep the
    sessions alive via a firewall / NAT kind of device).
  + BGP daemon: if comparing source TCP ports among BGP peers is
    being enabled (config directive tmp_bgp_lookup_compare_ports),
    print also BGP Router-ID as distinguisher as part of log/dump
    output.
  + BMP daemon: added support for HAProxy Proxy Protocol Header in
    the first BMP message in order to determine the original sender
    IP address and port. The new bmp_daemon_parse_proxy_header config
    directive enables the feature.
  + BMP daemon: improved support and brought implementation on par
    with the latest drafting efforts at IETF wrt draft-cppy-grow-bmp-
    path-marking-tlv, draft-xu-grow-bmp-route-policy-attr-trace,
    draft-ietf-grow-bmp-tlv and draft-lucente-grow-bmp-tlv-ebit.
  + BMP daemon: added 'bgp_agent_map' equivalent feature for BMP.
  + nfacctd, nfprobe plugin: added support for collection and export
    of NetFlow/IPFIX data over Datagram Transport Layer Security (in
    short DTLS). The feature depends on the GnuTLS library.
  + nfacctd: added support for deprecated NetFlow v9 IE #104
    (layer2packetSectionData) as it is implemented for NetFlow-lite
    on Cisco devices. Reused code from IPFIX IE #315.
  + nfacctd: added support for MPLS VPN RD IE #90. This comes in two
    flavours both found across vendor implementations: 1) IE present
    in flow data and 2) IE present in Options data as a lookup from
    IE #234 (ingressVRFID) and #235 (egressVRFID).
  + nfacctd: added a new timestamp_export aggregation primitive to
    record the timestamp being carried in the header of NetFlow/IPFIX
buildservice-autocommit accepted request 817802 from Dirk Stoecker's avatar Dirk Stoecker (dstoecker) (revision 102) 
baserev update by copy to link target
Dirk Stoecker's avatar Dirk Stoecker (dstoecker) accepted request 817535 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 101) 
- Update to versino 1.7.5
  * See /usr/share/doc/packages/pmacct/ChangeLog for all changes
- Drop patch (addressed by upstream in 686495dd):
  * pmacct-fix-overflow.patch
buildservice-autocommit accepted request 813451 from Lars Vogdt's avatar Lars Vogdt (lrupp) (revision 100) 
baserev update by copy to link target
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 812351 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 99) 
- Set CFLAGS+=-fcommon
buildservice-autocommit accepted request 789671 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 98) 
baserev update by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) accepted request 789664 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 97) 
- pmacct-fix-overflow.patch: fixed bufferoverflow in sfacctd.
- reenable _FORTIFY_SOURCE that showed that failure
buildservice-autocommit accepted request 776204 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 96) 
baserev update by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) accepted request 772533 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 95) 
- Update to version 1.7.4p1
  fix, pre_tag_map: a memory leak in pretag_entry_process() has been
  introduced in 1.7.4.
buildservice-autocommit accepted request 761347 from Lars Vogdt's avatar Lars Vogdt (lrupp) (revision 94) 
baserev update by copy to link target
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 760408 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 93) 
- Update to version 1.7.4
  + Introduced support for the 'vxlan' VXLAN/VNI primitive in all
    traffic daemons 
  + BMP daemon: added support for Peer Up message namespace for TLVs
  + sfprobe plugin: added support for IPv6 transport for sFlow export.  
  See /usr/share/doc/packages/pmacct/ChangeLog for all changes
buildservice-autocommit accepted request 747206 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 92) 
baserev update by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) accepted request 746397 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 91) 
- Do not longer build with support for the obsolete GeoIP
  The GeoIP-interface has been discontinued by Maxmind. See
  https://support.maxmind.com/geolite-legacy-discontinuation-notice/
  for details. Without the database GeoIP is useless.
  pmacct is now build with support for libmaxminddb (GeoIPv2) that
  provides the same features but with a new supported interface.
buildservice-autocommit accepted request 705313 from Lars Vogdt's avatar Lars Vogdt (lrupp) (revision 90) 
baserev update by copy to link target
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 704836 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 89) 
- Update to version 1.7.3
  + Introduced the RPKI daemon to build a ROA database and check prefixes
    validation status and coverages. Resource Public Key Infrastructure
    (RPKI) is a specialized public key infrastructure (PKI) framework
    designed to secure the Internet routing. RPKI uses certificates to
    allow Local Internet Registries (LIRs) to list the Internet number
    resources they hold. These attestations are called Route Origination
    Authorizations (ROAs). ROA information can be acquired in one of the
    two following ways: 1) importing it using the rpki_roas_file config
    directive from a file in the RIPE Validator format or 2) connecting
    to a RPKI RTR Cache for live ROA updates; the cache IP address/port
    being defined by the rpki_rtr_cache config directive (and a few more
    optional rpki_rtr_* directives are available and can be reviwed in
    the CONFIG-KEYS doc). The ROA fields will be populated with one of
    these five values: 'u' Unknown, 'v' Valid, 'i' Invalid no overlaps,
    'V' Invalid with a covering Valid prefix, 'U' Invalid with a covering
    Unknown prefix.
  + Introducing pmgrpcd.py, written in Python, a daemon to handle gRPC-
    based Streaming Telemetry sessions and unmarshall GPB data. Code
    was mostly courtesy by Matthias Arnold ( @tbearma1 ). This is in
    addition (or feeding into) pmtelemetryd, written in C, a daemon to
    handle TCP/UDP-based Streaming Telemetry sessions with JSON-encoded
    data.
  + pmacctd, uacctd: added support for CFP (Cisco FabricPath) and Cisco
    Virtual Network Tag protocols.
  + print plugin: added 'custom' to print_output. This is to cover two
    main use-cases: 1) use JSON or Avro encodings but fix the format of
    the messages in a custom way and 2) use a different encoding than
    JSON or Avro. See also example in examples/custom and new directives
    print_output_custom_lib and print_output_custom_cfg_file. The patch
Displaying revisions 1 - 20 of 108
openSUSE Build Service is sponsored by
Places