VERSION.
0.12.0rc4
DESCRIPTION.
pmacct is a small set of passive network monitoring tools to
measure, account, classify, aggregate and export IPv4 and IPv6
traffic; a pluggable and flexible architecture allows to store
collected network data into memory tables or SQL (MySQL, SQLite,
PostgreSQL) databases and export them through NetFlow or sFlow
protocols to remote collectors. pmacct supports fully customizable
historical data breakdown, sampling, filtering and tagging and
triggers. Libpcap, Netlink/ULOG, sFlow v2/v4/v5 and NetFlow v1/
v5/v7/v8/v9 are supported, both unicast and multicast. Also, a
client program makes it easy to export data to tools like RRDtool,
GNUPlot, Net-SNMP, MRTG, and Cacti.
HOMEPAGE.
http://www.pmacct.net/
DOWNLOAD.
http://www.pmacct.net/pmacct-0.12.0rc4.tar.gz
CHANGELOG.
+ BGP-related source primitives are introduced, namely: src_as_path,
src_std_comm, src_ext_comm, src_local_pref and src_med. These add
to peer_src_as which was already implemented. All can be resolved
via reverse BGP lookups; peer_src_as, src_local_pref and src_med
can also be resolved via lookup maps which support checks like:
bgp_nexthop (RPF), peer_dst_as (RPF), input interface and source
MAC address. Many thanks to Zenon Mousmoulas and GRNET for their
fruitful cooperation.
+ Memory structures to store BGP-related primitives have been
optimized. Memory is now allocated only for primitives part of
the selected aggregation profile ('aggregate' config directive).
+ A new 'bgp_follow_nexthop' configuration directive is introduced
to follow the BGP next-hop up to the edge of the routing domain.
This is particularly aimed at networks not running MPLS, where
hop-by-hop routing is in place.
+ Lookup maps for BGP-related source primitives (bgp_src_med_map,
bgp_peer_src_as_map, bgp_src_local_pref_map): result of check(s)
can now be the keyword 'bgp', ie. 'id=bgp' which triggers a BGP
lookup. This is thought to handle exceptions to static mapping.
+ A new 'bgp_peer_as_skip_subas' configuration directive is being
introduced. When computing peer_src_as and peer_dst_as, returns
the first ASN which is not part of a BGP confederation; if only
confederated ASNs are on the AS-Path, the first one is returned
instead.
+ Pre-Tagging: support has been introduced for NetFlow v9 traffic
direction (ingress/egress).
+ Network masks part of NetFlow/sFlow export protocols can now be
used to compute src_net, dst_net and sum_net primitives. As a
result a set of directives [nfacctd|sfacctd|pmacctd|uacctd]_net
allows to globally select the method to resolve such primitives,
valid values being: netflow, sflow, file (networks_file), mask
(networks_mask) and bgp (bgp_daemon).
+ uacctd: introduced support for input/output interfaces, fetched
via NetLink/ULOG API; interfaces are available for Pre-Tagging,
and inclusion in NetFlow and sFlow exports. The implementation
is courtesy of Stig Thormodsrud.
+ nfprobe, sfprobe: new [nfprobe|sfprobe]_peer_as option to set
source/destination ASNs, part of the NetFlow and sFlow exports,
to the peer-AS rather than origin-AS. This feature depends on a
working BGP daemon thread setup.
! A few resource leaks were detected and fixed. Patch is courtesy
of Eric Sesterhenn.
! bgp/bgp.c: thread concurrency was detected upon daemon startup
under certain conditions. As a solution the BGP thread is being
granted a time advantage over the traffic collector thread.
! bgp/bgp.c: fixed a security issue which could have allowed a
malicious user to disrupt established working BGP sessions by
exploiting the implemented concept of BGP session replenishment;
this has been secured by a check against the session holdtime.
Many thanks to Erik van der Burg for spotting the issue.
! bgp/bgp.c: BGP listener socket now sets SO_REUSEADDR option for
quicker turn around times while stopping/starting the daemon.
! net_aggr.c: default route (0.0.0.0/0) was considered invalid;
this is now fixed.
NOTES.
Cheers,
Paolo
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists