[Flow-tools] flow-tools 0.68 released.

Wed May 11 12:27:01 EDT 2005

I'm finally starting to get caught up at work and have time for 
flow-tools
development again.  0.68 has new features and the patches I've digested
so far (still 5 months behind on the flow-tools mailing list).

New features:

   Updated variable substitution and included flow-rptfmt in the 
distribution
   which allows flow-report to be used easier from the command line.  The
   default stat.cfg allows flow-report to be used similar to the older
   flow-stat.

     % flow-cat . | flow-report -vTYPE=ip-protocol -vSORT=+octets -v\
       OPTIONS=+names -vFIELDS=-duration

#  ['/usr/local/netflow/bin/flow-rptfmt', '-f', 'ascii']
ip-protocol flows   octets      packets
tcp         1962045 25848369456 31686827
udp         315279  4644130206  7853648
gre         355     36646889    65755
icmp        68231   12011825    161405

    Prefix preserving IP address anonymization with CryptoPAn.  See
    http://www.cc.gatech.edu/computing/Telecomm/cryptopan/.  64
    rounds of AES per flow really slows things down, next snapshot
    will have a faster implementation.  Enable this by specifying
    --with-openssl to configure.  Tested with OpenSSL 0.9.7d and
    OpenSSL 0.9.7b.

    flow-rptfmt - format flow-report CSV output to ASCII and HTML.
    see http://www.splintered.net/sw/flow-tools/docs/flow-rptfmt.html

    flow-rpt2rrd - converts flow-report CSV output to RRD's.  If
    you're trying to do RRDtool with really large flow data sets
    this should be a lot lot faster than processing the flows in
    perl.  See 
http://www.splintered.net/sw/flow-tools/docs/flow-rpt2rrd.html
    You'll need to install http://sourceforge.net/projects/py-rrdtool/

    flow-log2rrd - converts STAT lines generated by flow-fanout
    and flow-capture to RRD's.

0.69 will have outstanding patches from the mailing list in the next
few weeks, NetFlow V9 support will be after that.

* 5-11-2005 flow-tools 0.68 released.

* added flow-rpt2rrd - post process flow-report into RRD's.

* added flow-log2rrd - post process logs from

* added flow-rptfmt - post process flow-report into readable and HTML.

* ftstat.c s/psizr256/psize256/ - uebelacker at tuhh.de

* rec_v5->engine_id not set properly in ftdecode.c
   - baldwinL at mynetwatchman.com

* --enable-lfs set flags for large file support - alexbrennen at gmail.com

* Added CryptoPAn support to flow-xlate
   req by Abilene

* mailing list archive is available at mail-archive.com
   req by spork at bway.net

* flow-cat.c: progress debug output - weinhold at berbee.com

* portability: gcc no longer supports goto label which label is at the
   end of a compound statement - Andreas Jochens <aj at andaco.de>

* flow-stat.c: protect from divize by zero - should only happen on 
invalid
   flows - - Espen.Breivik at uninett.no

* flow-filter.c: exaddr filter - Espen.Breivik at uninett.no

* ftxlate.c: tag-mask eval_tag_mask() not using correct offsets
   - Cougar <cougar at random.ee> & kgraham at valueclick.com

* flow-send: default tx_delay to 0 like flow-fanout - rjd at merit.edu

* flow-export: debug should be global - dwatanab at uci.edu

* flow-report: path will accept spaces, ie |flow-rpt2rrd -p rrd -k 25

* flow-report: records is in rec1

* flow-fanout: did not set address family for receive fd - noted by
   fingers at fingers.co.za

* docs: add FILES section to man pages

* flow-report: -hh to list available reports

* flow-report, flow-tag, flow-xlate, flow-nfilter.  Run-time variable
   expansion of the form @VAR or @{VAR:default} for config files.

* flow-receive: dropped inline tagging and nfilter support