-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathNEWS
152 lines (110 loc) · 5.57 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
2.5-stable-1
-Mostly just 2.5-beta-2 all over again
-Small change to utils.c rtn to fix compile error under windows.
2.5-beta-2
-This is the release where we changed the cmd line parameters
(again -( ).
-Unit tested on Win2K, Win98, linux, FreeBSD, Solaris
-Add support for libdnet-1.7. Since libdnet's API is cleaner,
lbio became simpler (good). But the "-i" parameter in windows
now is standard, and the -j parameter now refers to the
WinPcap device. Sorry about this change.
-There was an integer overflow problem that had to be dealt
with. At the same time, we decided to change --max-rate (-p)
parameter to assume input is in units of Kbits to avoid
dealing with large bandwidths expressed in bytes. Keep
internal totals in KByte units. Set an upper limit on max-rate
to avoid integer overflows during calculations. Upper limit is
currently 1 GByte/sec = 8 Gbits/sec. Sorry if this change
causes inconvenience.
-Corrected problem with timer pop so that bandwidth usage will
be reported. Certain OSs were not working properly.
2.5-beta-1
- Unit tested on Win98, WinME, WinXP, linux, OpenBSD, Solaris
- Added debugging support. Has to be compiled into the pgm via
./configure --enable-debug. Then is controlled with cmd line
--debug parameter.
2.5-alpha-1
- Add support for automake, autoconf
- Make code depend on libdnet. Use libdnet defines throughout
the code.
- (dynamic firewall ports) If ports are firewalled (ie no
RST), then activity above a certain threshold will make a port
start to respond.
- The firewall code now checks the dest port on all incoming
TCP packets.
- Filter changed to make pgm will only hear packets *sent* to
the bogus MAC address instead of all packets.
- Responses will seem to come from the bogus virtual machine
instead of the actual MAC address of the labrea server.
- (arp sweeps) Pgm does an arp sweep of the capture subnet to
try to locate live machines. A new parameter was added to turn
this behaviour off if desired. For the arp sweep to happen,
the capture subnet must be a "reasonable" size. Arps are sent
out in batches of 80 at a time, at 1 - 2 minute intervals.
- Pgm now takes notes of replies to Arp WHO-HAS and will leave
these addresses alone (ie "new kid").
- The "new kids on the block" logic was converted to use an
array instead of a linked list. This should speed up the pgm
and simplify the logic at the expense of storage. The "new
kids" culling logic was moved into the timer signal handler
code so that the new kid list is run at regular intervals
but not at each arp.
- The persistent connection logic was changed (newthisminute)
so that the decision is made based on b/w and not just
number of connections.
- Test mode now logs on sysout. Test mode will not fork a
child.
- Pgm accepts long options at invocation (ie
"--my-option"). Usage function was modified to show the long
options.
- Pgm will attempt to parse all input before bailing out.
- Pcap_dispatch is used instead of Pcap_loop. This makes the
pgm more efficient but less responsive to signals on certain
operating systems.
- "-m" parameter is still supported but "-n" can understand a
CIDR format IP address (ie xxx.xxx.xxx.xxx/nn)
- Catastrophic execution error messages go to std
error. (warnx)
- Old style config files are no longer supported.
- "PMN" directive added to config file to force a port to be
monitored.
- IPI config statement was changed to be in CIDR notation
(xx.xx.xx.xx/nn). The IP ignore list is now a linked list of
libdnet addr structures.
- Pgm logic was restructured. Globals were mostly moved into
static structures. Enums were used instead of defines. Some
#ifdefs were replaced by conditional statements. Message
strings were moved back into the main code. Externs and
gotos were eliminated. queue.h support was used for linked
lists.
- Signal handling was changed to set a flag only. Signal
processing logic is driven by this flag off the mainline
loop.
- Logging to syslog starts after the pgm's initialisation is
completed.
- Added utility print function to centralize all messages and
logging.
- bget functions used for dynamic memory allocation. Runs
faster than native support on some operating systems.
*** Windows-specific ***
- Windows version was developed on Cygwin / Mingw. Autoconf
support was added for Windows.
- Syslog support for Windows Event file as well as logging to
a remote syslog daemon now works. If remote syslog doesn't
work, then fails over to local event log. On Win98 / WinME,
an attempt to log to the non-existent local event log causes
an error message.
- Remote syslog code (which was shamelessly borrowed from
snort) was modified to open the socket (with possible
accompanying DNS search) once at pgm startup, instead of for
each new message.
- A new parameter "-j" was added to select the WinPcap
driver. The libdnet intf rtns support "-i" as is the case
under Unix. The libdnet rtns are used to determine interface
Mac and IP addresses.
- A new parameter "-D" allows the user to obtain a display of
all the libdnet and WinPcap devices. The display also shows
the default devices.
- On Windows, by default logging is to stdout, not syslog.
## $Id: NEWS,v 1.4 2003/10/30 19:44:30 lorgor Exp $