-
Notifications
You must be signed in to change notification settings - Fork 6
/
CHANGES
47 lines (42 loc) · 2.41 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
v1.04 els0r
- Initial GitHub release
v1.05 els0r
GOPROBE
- fixes of several memory leaks with regard to interface flapping
- switch to syslog entries via UDP packets
- improvements in the direction detection heuristic
- prevention from crashes when IP fragmentation is encountered
- restructuring of core goProbe code to allow for a more flexible handling of interface capture routines. Allows goProbe to capture on 200+ interfaces
- support for loading/reloading the configuration (w.r.t on which interfaces capturing is performed)
- upgrade of gopacket to version 1.1.9, go to 1.4 and libpcap to 1.5.3
GOQUERY
- support for time formats other than UNIX epoch
- list functionality to show from which interfaces flow data was stored
v2.0 lorenzb,els0r
GOPROBE
- improve concurrent capture architecture for >5x faster startup and shutdown
- support for up to 1024 interfaces
- new configuration file format allows specifying PCAP buffer size and BPF filter for each interface
- configuration can be live-reloaded
- record meta-data about capture in meta.json/summary.json files
- document database format
GOQUERY
- '-list' target is blazing fast and prints more relevant information
- new output format shows incoming and outgoing traffic side by side
- significantly improved query performance
- allow use of negation in conditions
- new 'net' attribute allows querying 'dnet' and 'snet' simultaneously
- new 'host' attribute allows querying 'sip' and 'dip' simultaneously
- 'src' is an alias for 'sip' and 'dst' is an alias for 'dip'
- Influx DB output format (use '-e influxdb')
- support for name resolution in conditions
- support for reverse DNS for output IPs
- query multiple interfaces by giving commma separated list of interfaces to -i
- query all interfaces for which there is data by specifying '-i ANY'
- add unit and system (i.e. output consistency) tests
- extensive bash completion with support for condition grammar, interface names, query types, ...
v2.1.0 fako1024,els0r
- code refresh from Open Systems (functionality additions to query tool)
- upgrade to libpcap 1.9.0 and gopacket 1.1.15
- remove layer 7 detection and all its dependencies (libprotoident, libtrace) - drastic improvements to compilation speed and system resource usage footprint
- static inclusion of precompiled lz4 library