Releases: pavel-odintsov/fastnetmon
Releases · pavel-odintsov/fastnetmon
FastNetMon Community 1.2.8 Hong Kong
Security fixes:
- CVE-2024-56072 Fixed DoS vulnerability in sFlow v5 plugin which caused crash of FastNetMon with specially crafted packet. Reported by Evgeny Shtanov aka @Klavishnik
- CVE-2024-56073 Fixed FPE / division by zero vulnerability in Netflow v9 logic when length of template is zero. Reported by Evgeny Shtanov aka @Klavishnik
Changes:
- Added Clickhouse support for exporting metrics
- Integrated fuzzing support by @Klavishnik
- Introduced per protocol total traffic counters
- Migrated IPv6 announces to use our logic to craft BGP IPv6 Unicast announces
- Migrated IPv4 announces to use our logic to craft BGP IPv4 Unicast announces
- Multiple improvements for sFlow v5 plugin
- Introduced detailed attack reporting logic
- Multi flow support for inline monitoring services and IPFIX 315
To install / upgrade please use:
wget https://install.fastnetmon.com/installer -Oinstaller
sudo chmod +x installer
sudo ./installer -install_community_edition
FastNetMon Community 1.2.7 Alanya
Changes:
- Migrated away from IPv4 only inet_addr in sFlow logic. Adds IPv6 support for sFlow plugin
- Added logic to export per network IPv6 traffic to InfluxDB
- Huge amount of improvements to improve IPFIX standard support and support for multiple vendor specific capabilities
- Added logic to strip 1, 2 or 3 nested vlans for packet parser
- Enabled attack details dumps for IPv6
- Added logic to load IPv6 prefixes from whitelist file
- Added logic to exclude some traffic from processing using JSON encoded BGP Flow Spec rules in JSON format in file /etc/whitelist_rules one rule per line
- Added Ubuntu 24.04 LTS support
- Deprecated CentOS 7, Debian 9, 10, Ubuntu 16.04 and Ubuntu 18.04
FastNetMon Community 1.2.6 Seattle
Changes:
- Switched to C++ 20
- Unified IPv4 and IPv6 host counters to use high efficient hash based counters to store per host traffic
- Introduced Terms and Conditions and updated Privacy Policy documents
- Added support for bi-directional flows used by Cisco ASA
- Added dozens of new fields for IPFIX
- Full refactoring of Netflow plugin
- Enabled process_outgoing_traffic and process_incoming_traffic configuration options for IPv6 traffic.
- Added instance ID reporting to analytics report to distinguish different instances behind NAT
- Reworked packet parser to avoid data modification in buffer during parsing process
- Unified InfluxDB host traffic export logic with templates
- Added complete BGP Unicast IPv4 and IPv6 implementation for native BGP operations
To install / upgrade please use:
wget https://install.fastnetmon.com/installer -Oinstaller
sudo chmod +x installer
sudo ./installer -install_community_edition
FastNetMon Community 1.2.5 Antalya
Changes:
- Official ARM64 support for Debian, Ubuntu and RedHat platforms and official binary builds
- Automated installation for Grafana and InfluxDB with dozens of pre-defined dashboards
- Disabled PID logic by default, no need to use --disable_pid_logic Can be enabled explicitly using --pid_logic
- GoBGP upgrade to 3.12
- Ability to compile FastNetMon for Windows Server platforms
- log4cpp upgrade to 1.1.4
- New set of performance metrics for AF_PACKET
- New binary dependency caching logic to speed up CI builds
To install / upgrade please use:
wget https://install.fastnetmon.com/installer -Oinstaller
sudo chmod +x installer
sudo ./installer -install_community_edition
FastNetMon Community 1.2.4 San Francisco
New features:
- Native Prometheus support
- Option to send all traffic in JSON format to Kafka
- Option to send all traffic in Protobuf format to Kafka
Bugfixes:
- Reworked speed reporting calculation to monotonic time to address crashes during time adjustments
New platforms support:
- Added Debian 12 (future release) support
Improvements:
- Migrated to stand alone libbpf 1.0.1 from in kernel version
- Added emojis to README, yay
- Added option for build system to store binary versions of libraries on S3 to reduce build time
- Added option to verify checksums for all dependencies to detect any alteration attempts
- Added absl, zlib, c-ares, re2 as dependencies for gRPC
- Switched gRPC to use cmake based build
- Added help command for fastnetmon_api_client
- Reworked Boost install process to use b2 install instead of building stage in place
- Switched cmake to use system libraries by default for build procedure to offer better developer experience
- Removed dependency on libatomic1 as it's not required on x86_64 platforms
- Added XDP microcode to use with FastNetMon
- Added rdkafka and cppkafka as optional dependencies
- Complete redesign of speed counters for IPv4 prefixes and IPv6 hosts and networks
For install or upgrade please use our official installer tool.
FastNetMon Community 1.2.3 London
New capabilities:
- Added new AF_XDP plugin for high efficient XDP based traffic capture
- Added IPv6 support for sFlow plugin
- Added configuration option logging_level to control log level between info and debug
Changes:
- Switched systemd unit files to use simple daemon type and disabled our own forking logic
- Reworked very error prone and complicated to use and maintain json-c to modern nlohmann/json
- Reworked IPv4 per network counters to completely new unified counters logic
- Removed ExaBGP backed Flow Spec implementation due to API compatibility issues
- We deprecated configuration field notify_script_pass_details and enabled it by default. You need to read stdin attack information for both ban and attack_details actions
- Reduced number of packets for attack confirmation from 50 to 20 as 50 is too much for sampled protocols
- Complete migration to new high efficient native C++ network packet parser which has full support of IPv6 and GRE tunnelling
- Reworked total traffic counters to use unified class total_speed_counters_t
- Switched HTTPS client to use TLS instead of outdated SSL
- Add logic to export usage statistics with goal to learn more about customer platforms and most popular features in FastNetMon. It can be disabled using configuration option:
disable_usage_report = on
- Breaking change in logging configuration, we replaced our snowflake 'logging:' prefix by standard 'logging_'
- Added logic to catch stacktrace in case of segmentation fault
- Added logic to restart FastNetMon in case of failures using systemd capability:
Restart=on-failure
- Improved statistics for AF_PACKET
- Addressed race condition in API logic for unban and ban operations
Dependencies:
- Removed dependency on json-c
- Upgrade OpenSSL to 1.1.1q
- Upgrade Boost to 1.80
- Added dependency on libelf (AF_XDP plugin)
- Added dependency on libbpf (AF_XDP plugin)
FastNetMon Community 1.2.2 Whitstable
New platforms:
- Added support for RHEL 9, Alma Linux 9, Rocky Linux 9
- We're part of Fedora Upstream (Rawhide, 35, 36)
- Added upstream support for Homebrew and MacOS builds
- Deprecated Ubuntu 14.04. The last version which supports Ubuntu 14.04 is 1.2.1.
- We're back in Debian upstream
Changes:
- Upgrade our custom gcc compiler to latest version available: 12.1.0
- Switched FastNetMon to C++ 20
- Reworked convert_timeval_to_date to std::put_time to avoid low level snprintf manipulations
- Reworked Patricia code to be more C++ compliant
- Added logic to log only to console to use native systemd logging facilities with flag --log_to_console
- Added new flag disable_pid_logic which disables PID writing and checking logic. It's legacy for init based distros and we do not need it for modern distributions
- Added explicit error if we cannot create socket for AF_PACKET
- Debian upstream build system was moved to Debian Salsa
- Moved all FastNetMon Community files to /opt/fastnetmon-community
- Upgrade GoBGP to 2.27
- Moved all binaries to /opt/fastnetmon-community/app/bin
- Upgrade Boost 1.74 to 1.78
- Upgrade json-c to 0.13.1 20180305
- Added logic to fix set_boost_process_name compilation on Apple platforms
- Ported libsflow to our unified endian-less conversion library
To install / upgrade please use:
wget https://install.fastnetmon.com/installer -Oinstaller
sudo chmod +x installer
sudo ./installer -install_community_edition
FastNetMon Community 1.2.1 Edinburgh
Changes
- Added configuration options to control how often we export traffic to InfluxDB: influxdb_push_period
- Added configuration option to control how often we export traffic to Graphite: graphite_push_period = 1
- Added GoBGP 2.17 as part of our binary package
- Added experimental logic for Netflow v9 Lite
- Add support for Discord notifications via script contributed by amit17
- Deprecated and removed DPI logic as we focus only on L3 and L4 protocols
- Deprecated CentOS 6 for new versions, last support which supports it will be 1.2.0
- Deprecated Debian 8 for new versions, last support which supports it will be 1.2.0
- Added support for Debian 11 and Ubuntu 22.04
- Deprecated PF_RING plugin for new versions. We switched to AF_PACKET which is completely open source and works way better
- Switched fastnetmon_client to use sort by mbits by default for consistency between editions
- Deprecated Netmap support for all new Linux releases. It may be enabled manually on FreeBSD which has native support for it
- Improved code style and reformatted code with clang-format
- Replaced unsafe call of printw by format-less addstr
- Added logic to build bindings files for capnp during build process. Addresses issue with inability to build on platforms with different version of capnp installed
- Switched to C++ 17 by default to use latest development in language
- Upgrade log4cpp to 1.1.3 to address C++ 17 compatibility
- Added official Docker image powered by GitHub's Docker registry
- Performance optimisations for sFlow logic
- Implemented logic to parse IPv4 samples for sFlow plugin. Some agents such as hsflowd use this kind of encoding
- Created our security policy
- Added logic to search Protobuf gRPC compiler plugin using find_program
- Moved NO_DEFAULT_PATH to variable and added configuration option to control it. It's very useful for upstream builds
- Disabled RPATH alterations when DO_NOT_USE_SYSTEM_LIBRARIES_FOR_BUILD is not set
- Extended LimitNOFILE to 65535 as we may have pretty large number of active attack notification
- Removing bundled Netmap header files as they cause issues with compatibility when Netmap driver has different version.
- Upgrade {fmt} to 8.0.0 to address issue with build on Debian bullseye
- Updated Fedora spec to prepare upstreaming
To install / upgrade please use:
wget https://install.fastnetmon.com/installer -Oinstaller
sudo chmod +x installer
sudo ./installer -install_community_edition
FastNetMon Community 1.2.0 Bath
- Native InfluxDB support
- IPFIX sampling support
- Netflow v9 plugin reliability improvements (infinite loop prevention logic)
- Netflow / IPFIX plugin performance optimisations
Before using InfluxDB you need to create database using influx tool:
# create database fastnetmon
Then configure it in /etc/fastnetmon.conf:
# InfluxDB
influxdb = on
influxdb_host = 127.0.0.1
influxdb_port = 8086
influxdb_database = fastnetmon
# InfluxDB auth
influxdb_auth = off
influxdb_user = fastnetmon
influxdb_password = secure
FastNetMon Community 1.1.9 Maidstone
- Added option sflow_read_packet_length_from_ip_header to use packet length from header instead of sFlow field
- Added logic to ban / unban IPv6 hosts manually via API and fastnetmon_api_client
- Added logic to announce / withdraw announces about IPv6 hosts