Changes - j0ke.net Open Build Service

Changes of Revision 14

[-] [+]	Changed	pmacct.spec
@@ -1,6 +1,6 @@ Summary: Promiscuous mode IP Accounting package Name: pmacct -Version: 0.11.6 +Version: 0.12.1 Release: 1 License: GPL Group: Productivity/Networking/Diagnostic @@ -43,8 +43,8 @@ #%patch %build -export CFLAGS="%{optflags}" -export AM_CFLAGS="%{optflags}" +export CFLAGS="$RPM_OPT_FLAGS" +export AM_CFLAGS="$RPM_OPT_FLAGS" PMACCT_BASE_CONFIG=" --prefix=%{_prefix} --bindir=%{_bindir} @@ -53,6 +53,9 @@ --enable-64bit --enable-mysql --enable-pgsql + --enable-ipv6 + --enable-ulog + --enable-threads %if %{?suse_version:1}0 %if %suse_version > 920 --enable-sqlite3 @@ -113,6 +116,101 @@ %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/pmacct/sfacctd.conf %changelog +* Thu Apr 08 2010 Carsten Schoene <cs@linux-administrator.com> - 0.12.1-1 +- update to release 0.12.1 + + Input/output interfaces (SNMP indexes) have now been implemented + natively; it's therefore not required anymore to pass through the + (Pre-)tag infrastructure. As a result two aggregation primitives + are being introduced: 'in_iface' and 'out_iface'. + + Support for source/destination IP prefix masks is introduced via + two new aggregation primitives: src_mask and dst_mask. These are + populated as defined by the [nf\|sf\|pm\|u]acctd_net directive: + NetFlow/sFlow protocols, BGP, Network files (networks_file) or + static (networks_mask) being valid data sources. + + A generic tunnel inspection infrastructure has been developed to + benefit both pmacctd and uacctd daemons. Handlers are defined via + configuration file. Once enabled daemons will account basing upon + tunnelled headers rather than the envelope. Currently the only + supported tunnel protocol is GTP, the GPRS tunnelling protocol + (which can be configured as: "tunnel_0: gtp, <UDP port>"). Up to + 8 different tunnel stacks and up to 4 tunnel layers per stack are + supported. First matching stack, first matching layer wins. + + uacctd: support for the MAC layer has been added for the Netlink/ + ULOG Linux packet capturing framework. + + 'nfprobe_source_ip' feature introduced: it allows to select the + IPv4/IPv6 address to be used to export NetFlow datagrams to the + collector. + + nfprobe, sfprobe: network masks are now exported via NetFlow and + sFlow. 'pmacctd_net' and its equivalent directives define how to + populate src_mask and dst_mask values. + ! cleanup, nfprobe/sfprobe: data source for 'src_as' and 'dst_as' + primitives is now expected to be always explicitely defined (in + line with how 'src_net' and 'dst_net' primitives work). See the + UPGRADE doc for the (limited) backward compatibility impact. + ! Updated SQL documentation: sql/README.iface guides on 'in_iface' + and 'out_iface' primitives; sql/README.mask guides on 'src_mask' + and 'dst_mask' primitives; sql/README.is_symmetric guides on + 'is_symmetric' primitive. + ! fix, nfacctd.h: source and destination network masks were twisted + in the NetFlow v5 export structure definition. Affected releases + are: 0.12.0rc4 and 0.12.0. + ! fix, nfprobe_plugin.c: l2_to_flowrec() was missing some variable + declaration when the package was configured for compilation with + --disable-l2. Thanks to Brent Van Dussen for reporting the issue. + ! fix, bgp.c: bgp_attr_munge_as4path() return code was not defined + for some cases. This was causing some BGP messages to be marked + as malformed. + ! fix, sfprobe: a dummy MAC layer was created whenever this was not + included as part of the captured packet. This behaviour has been + changed and header protocol is now set to 11 (IPv4) or 12 (IPv6) + accordingly. Thanks to Neil McKee for pointing the issue. + ! workaround, building sub-system: PF_RING enabled libpcap was not + recognized due to missing of pcap_dispatch(). This is now fixed. + +* Wed Feb 17 2010 Carsten Schoene <cs@linux-administrator.com> - 0.12.0-1 +- update to release 0.12.0 + + 'is_symmetric' aggregation primitive has been implemented: aimed + at easing detection of asymmetric traffic. It's based on rule + definitions supplied in a 'bgp_is_symmetric_map' map, reloadable + at runtime. + + A new 'bgp_daemon_allow_file' configuration directive allows to + specify IP addresses that can establish a BGP session with the + collector's BGP thread. Many thanks to Erik van der Burg for + contributing the idea. + + 'nfacctd_ext_sampling_rate' and 'sfacctd_ext_sampling_rate' are + introduced: they flag the daemon that captured traffic is being + sampled. Useful to tackle corner cases, ie. the sampling rate + reported by the NetFlow/sFlow agent is missing or incorrect. + + The 'bgp_follow_nexthop' feature has been extended so that extra + IPv4/IPv6 prefixes can be supplied. Up to 32 IP prefixes are now + supported and a warning message is generated whenever a supplied + string fails parsing. + + Pre-Tagging: implemented 'src_local_pref' and 'src_comms' keys. + These allow tagging based on source IP prefix local_pref (sourced + from either a map or BGP, ie. 'bgp_src_local_pref_type: map', + 'bgp_src_local_pref_type: bgp') and standard BGP communities. + + Pre-Tagging: 'src_peer_as' key was extended in order to match on + BGP-sourced data (bgp_peer_src_as_type: bgp). + + Pre-Tagging: introduced 'comms' key to tag basing on up to 16 + standard BGP communities attached to the destination IP prefix. + The lookup is done against the BGP RIB of the exporting router. + Comparisons can be done in either match-any or match-all fashion; + xidDocumentation and examples updated. + ! fix, util.c: load_allow_file(), empty allow file was granting a + connection to everybody being confused with a 'no map' condition. + Now this case is properly recognized and correctly translates in + a reject all clause. + ! fix, sql_common.c: log of NetFlow micro-flows to a SQL database + (nfacctd_sql_log directive) was not correctly getting committed + to the backend, when sql_history was disabled. + ! fix, mysql\|pgsql\|sqlite_plugin.c: 'flows' aggregation primitive + was not suitable to mix-and-match with BGP related primitives + (ie. peer_dst_as, etc.) due to an incorrect check. Many thanks + to Zenon Mousmoulas for the bug report. + ! fix, pretag_handlers.c: tagging against NetFlow v9 4-bytes in/out + interfaces was not working properly. Thanks to Zenon Mousmoulas + for reporting the issue. + * Wed Apr 08 2009 Carsten Schoene <cs@linux-administrator.com> - 0.11.6-1 - update to release 0.11.6 - This release introduces support for tag ranges
	Added	pmacct-0.12.0.tar.bz2 ^
	Added	pmacct-0.12.1.tar.bz2 ^