Our latest release includes a complete logic to reload per host hostgroups without a FastNetMon restart. We’ve improved IPv6 hostgroup lookup performance and added explicit logic to avoid complex JSON crafting operations. We’ve also added several counters to measure time required for various procedures. We’ve made significant improvements in our threshold checking logic and extracted some generic code for better organization. We’ve also added a new option for adding multiple communities to configuration and upgraded FerretDB. Check out the full list of updates below.
Changes:
- Complete logic to reload per host hostgroups without FastNetMon restart with sudo fcli set reload_hostgroups
- Moved hostgroup loading logic to fastnetmon_host_group_configuration_parser
- Hide internals of hostgroup_lookup_t by using private
- Added notes about potential options to improve flexible counters calculation
- Improved IPv6 hostgroup lookup performance by eliminating expensive memory copy
- Added explicit logic to avoid complex JSON crafting operations in max talkers, attack samplers and hostgroup sampling logic
- Added counter hostgroup_traffic_samples_calculation_time to measure time required to create per hostgroup samples
- Added counter attack_traffic_samples_calculation_time to measure time required for attack sampling procedure
- Added counter max_talkers_per_hostgroup_accumulation_time to track accumulation time as it’s very lengthy too
- Switched to new logic for checking if we should block IPv4 host or not. It features up to 2.5 speed up. It was accomplished by eliminating not needed memory copy
- Added function to lookup hostgroup and check thresholds in same time
- Extracted threshold checking logic into separate file
- Extracted some generic code from fast_libraries to fastnetmon_integers, fastnetmon_networks and fastnetmon_strings
- Extracted thresholds evaluation logic into separate library
- Removed duplicate checks to skip ban action if it disabled on hostgroup basis as we have it in we_should_ban_this_entity
- We decided to do bold move and duplicate speed_calculation_callback_local_ipv4_universal into two independent functions. We have lots of condition sections which make almost half of source code for it. I think it’s right move and as independent functions they will be easier to deal with
- Improved design per hostgroup lookup logic
- Exposed Sensitive flag for fields API
- Added -demo for fastnetmon_client to hide real IP addresses
- Added new option gobgp_communities_host_ipv6 which allows adding multiple communities to configuration
- Upgrade FerretDB from 1.16.0 to 1.20.1
- Added new fcli and API endpoint to return all networks which belong to particular ASN: fcli show asn_networks 269872
- Increased precision of system_counters for API from 3 to 6 digits after point
- Make XDP filter less verbose
- Added logrotate for MongoDB to address flooded logs
- Changed MongoDB configuration
- Switched logRotate configuration from rename to reopen: https://www.mongodb.com/docs/manual/reference/configuration-options/#mongodb-setting-systemLog.logRotate to make possible logrotation using Linux logrotate