Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: CoralReef 3.5.1 released to public
- From: Howell, Paul
- Date: Sat Dec 01 20:41:45 2001
-----Original Message-----
From: Ken Keys
To: coral-dev@caida.org
Cc: coral-info@caida.org; elfcore@caida.org; Joerg B. Micheel
Sent: 12/1/01 3:07 PM
Subject: CoralReef 3.5.1 released to public
CoralReef 3.5.1 is now available. Both public and member versions can
be
found at http://www.caida.org/tools/measurement/coralreef/.
CoralReef is a comprehensive software package from CAIDA for passive
monitoring of ATM, POS, and other network interfaces and reading
"crl", "tsh", pcap, and dagtools tracefiles. It includes FreeBSD
drivers for Apptel POINT (OC12 and OC3 ATM) and FORE FATM (OC3 ATM)
cards, the ability to work with drivers for WAND DAG (OC3 and OC12,
POS and ATM) cards on linux, programming APIs for C and perl, and
software applications for capture, analysis, and reporting of ATM,
IP, and TCP/UDP traffic.
Direct questions to coral-info@caida.org.
Differences between the last public version and this version include:
Version 3.5.1 (2001-11-30)
-------------
* Fixed definition of int8_t on platforms without int8_t natively and
where
unqualified "char" is unsigned.
* Fixed "make {clean,distclean,realclean}".
* Improved error messages.
* Fixed: when reading from a TSH file, packets with more than 4 bytes of
IP
options contained trailing garbage.
* Fixed crl_totsh: interface numbers were off by 1, and IP options were
incorrectly interpreted as IP payload.
Version 3.5.0 (members only: 2001-11-20)
-------------
general
* IPv6 support in APIs libcoral and CRL.pm, and applications crl_rate
and
crl_print_pkt.
* Supports NLANR TSH file format.
* Parses IEEE 802.1Q VLAN. crl_print_pkt prints VLAN details. VLAN ID
is
treated as a subinterface id by applications crl_rate and crl_flow,
function
coral_read_pkt(), etc. E-RIF is not supported. Filtering by vlan
requires
libpcap-0.6.2 (or later).
* Parses ARP for Ethernet and ATM. crl_print_pkt prints ARP details.
* Recognizes and partially parses ILMI, SNMP.
* Recognizes (but does not parse) IGMP, IEEE 802.1D, AppleTalk, AARP,
and IPX
protocols.
* On ATM interfaces, the default protocol for virtual channels 0:0
through 0:15
is UNKNOWN, and for 0:16 is ILMI (but the default for all other
virtual
channels is still ATM_RFC1483).
* CoralReef no longer initializes DAG devices, but expects them to be
already
initialized (using dagtools commands). This allows the user to have
full
control of initialization.
* Normalizing timestamps to the unix epoch (CORAL_OPT_NORMALIZE) is now
done
by default, but is not required unless interfaces have different
epochs.
Can be disabled in crl_* apps with -Cnorm=0 command line option.
* Packet applications (using coral_read_pkt()) print warnings about
packet
loss and other errors.
* Added -Cgzip option to set compression level or enable gzip on
filenames
without ".gz" (e.g., "-" for stdout); changed default compression
level
from 6 to 1 (fastest).
* New configuration commands to limit capture by packet, cell, or block
count.
(Programmers must call coral_set_api() to enable these commands in
their
own applications.)
* When a crl_* application encounters an error in a Coral source, it
exits
immediately with nonzero exit status, instead of just closing that
source
and continuing to read other sources (if any).
* Can automatically skip cells before an unexpected clock reset in the
first
block read from point and fatm interfaces.
* crl_* applications and libcoral recognize "~" home directory notation
in
all filenames.
* Can read and write non-regular files (e.g., /dev/fd/*, sockets, and
FIFOs)
as trace files.
* Correctly handles reading pcap files from /dev/fd/* on systems where
it's a
device (like FreeBSD).
* Iomode "first" overrides an earlier "user" on the command line (or
CORAL_RX_USER_ALL in the C API).
* Certain types of errors that were reported as EOF in earlier versions
are
now correctly reported as errors.
* Fixed automatic recognition of empty pcap files.
* Improved detection of Berkeley DB 1.85.
* Added several new applications to the example Applications port list.
* Fixed bugs when building SWIG applications with non-standard Perl
configurations.
applications
* Added crl_guess to identify unknown tracefile and subinterface
protocols.
* crl_print_pkt can skip low level protocols.
* crl_print_pkt: added -c option to print and verify IP checksums.
* crl_to_pcap: added options to cut by packet count or timestamp.
* crl_to_pcap has the option to discard link layer and write only raw
IP.
* crl_info: improved speed by several orders of magnitude for -d option
on
uncompressed regular .crl and .dag files.
* crl_flow: added -o and -O options to specify output file. -O is used
to create a new file every interval.
* crl_flow: doesn't print active flows every interval by default; added
-A
option to do that.
* crl_flow: fixed bug where active flows were not printed in intervals
that
had no expired flows.
* t2_report: Changed handling of USR1 signal to terminate program after
the processing of an interval.
* t2_report: Added configuration option to allow incremental interval
reads.
* t2_report: Removed several obsolete configuration options.
* t2_report: Made RRD graphs end at the interval time instead of real
time (to work with trace data)
* t2_report: Restructured RRD database layout to improve performance.
If you want to use a pre-3.5 t2_report RRD directory with version 3.5,
you will need to convert it; see
apps/traffic/Reporting/README.RRDtool.
* crl_rate uses 64 bit counters to avoid overflow.
* crl_rate: Added rows for totals over interfaces and subinterfaces;
added -D option to selectively display information for subinterfaces,
interfaces, and totals.
* crl_rate_layer2: Added interface information, a check for ATM
sources,
and cell loss statistics (per interface).
* crl_rate_layer2: Made time normalization the default, with -U option
to
override.
* crl_trace uses hostname and command line as the default tracefile
comment.
* Fixed bug in t2_report, where changing the protocols to be graphed
caused
the 'other' category to disappear.
* Changed t2_report++ to use CAIDA::Tables::AppInfo_Table. (MEMBERS
ONLY)
* Changed t2_report++ to use AppInfo_Table. (MEMBERS ONLY)
* Changed format of example Applications port list (removed quote marks)
* crl_flow: Removed startup message about CIDR length.
* crl_flow: Changed -b to -B for binary output.
* Removed t2_aggregate; use t2_convert and t2_top instead.
* Removed t2_IPMatrix and t2_Proto_Port; use t2_convert instead.
* t2_ASMatrix: Changed options from -b, -p, and -f to -Sb, -Sp, and
-Sf.
* Added t2_rate.
* Added spoolcat, a helper app for t2_report.
* Made parse_bgp_dump no longer require the string "sh ip bgp" in the
input
file for it to work correctly.
installation
* Fixed use of --with-libdirs to find libz.
C API (libcoral)
* Added coral_iface_to_pcapp_raw() to discard link layer when converting
packets to pcap format.
* Added coral_write_pkt_to_pcap() for convenience.
* Added coral_fmprint_pkt() and coral_mprint_pkt() to skip low level
protocols
when printing.
* Added coral_filename() to expand "~" in filenames.
* Added coral_inet_pton() for systems without inet_aton() or
inet_pton().
* Added coral_new_fdsource() to open a source from an existing file
descriptor.
* Added coral_write_fdopen() to open a writer from an existing file
descriptor.
* Added CORAL_OPT_IP_CKSUM option to libcoral.
* Added CORAL_FMT_IF_SUBIF_LEN and CORAL_FMT_SUBIF_LEN constants for
coral_fmt_if_subif() and coral_fmt_subif().
* Parameters to coral_atm_pkt_hook and coral_cell_block_hook are const.
* Changed prototypes of coral_in_cksum_add() and
coral_in_cksum_result().
* Made it explicitly legal to call coral_pkt_to_pcap() on a packet from
an
interface which had not had coral_iface_to_pcapp() called on it.
* Replaced last parameter of coral_usage() with a printf-style format
and
variable arguments (old calls will still work unless the last
parameter
contains "%").
* Fixed: coral_cell_block_hook wasn't called from read_pkt* or
read_cell_all*.
* Fixed value of *binfo in unsorted read_cell functions.
* Added coral_set_max_{pkts,blks,cells}() to limit reading functions.
Perl APIs
* Removed CAIDA::Traffic2::Sample and CAIDA::Traffic2::Vpvc_data
* Added CAIDA::Tables::AppInfo_Table, which uses application information
(such as that returned by AppPorts) instead of just the name as a key.
Still only hashes on the 'name' field, however.
* Changed CAIDA::AppPorts to use a C++ backend (which is also directly
accessible via C++), which increases performance. Also changed API
slightly, see CAIDA::AppPorts documentation for more details.
* Consolidated multiple .so files in CAIDA::Tables to one file, removing
a memory leak (visible when running t2_report).
* Made CAIDA::Tables and CAIDA::FlowCounter C++ backends publicly
available, not just members only. The perl backend is now deprecated.
* Fixed error in Perl API's quick_start(), where setting the libcoral
API
value failed.
* Renamed Coral classes Packet, Buffer, Stats, and Interval to
Pkt_result,
Pkt_buffer, Pkt_stats, and Interval_results, respectively, to better
match the libcoral C API.
* Last parameter of Coral::usage() is optional.
* Added libcoral parallels to Coral namespace:
set_max_{pkts,blks,cells}(),
filename(), fprint_data(), fprint_cell(), fprint_pkt(), fmprint_pkt(),
file_version(), OPT_IP_CKSUM.
--
Ken Keys
kkeys@caida.org
CoralReef: http://www.caida.org/tools/measurement/coralreef/
|
