FastNetMon Advanced 2.0.371

by FastNetMon / 13.01.2025 / Comments are closed
FastNetMon Advanced 2.0.371

FastNetMon Advanced 2.0.371 has been released with significant updates. We’ve added logic to handle padding in IPFIX plugin, improved checks in IPFIX and Netflow v9 logic, and added support for IPFIX enterprise fields used by Arista. We’ve also implemented multiple options templates reading in IPFIX packets, added detailed logging for data templates parsing, and ensured correct reading of sampling rates. The release also includes fixes for issues in IPFIX template logic and additional sanity checks.

Changes:

  • IPFIX plugin, added logic to gracefully handle padding on the end of data set. Previously it caused following error: Attempt to read data after end of flowset. Offset: 0 record length: 4 flowset_maximum_length: 2
  • Reversed order of checks in IPFIX and Netflow v9 logic for forwarding status detection for Juniper reported by Samuel K. Lam
  • Added sanity checks for IPFIX variable length encoding
  • Added support for IPFIX enterprise fields used by Arista
  • Implemented logic to read multiple options templates in IPFIX packets. Implemented logic to detect padding on the end of IPFIX options template set
  • Reworked ipfix_data_set_header_t to generic ipfix_set_header_common_t to unify logic and reduce number of duplicated structures
  • Fixed issues that ipfix_variable_length_elements_used was accidentally set to all templates in SET even if just one had it. Extracted logic to read IPFIX template into dedicated function, ongoing refactoring
  • Rename ipfix_flowsets_with_anomaly_padding to ipfix_sets_with_anomaly_padding as part of getting rid non RFC compliant naming
  • Moved away from endian-less conversions in IPFIX logic
  • Added enterprise_bit and enterprise_number for IPFIX and Netflow v9 templates
  • Additional sanity checks for IPFIX template logic. Added explicit length check for enterprise numbers
  • Added explicit IPFIX structures length checking.
  • Extracted IPFIX set processing to function process_ipfix_sets
  • Added detailed logging to trace how we parse multiple data templates
  • Added test for Cisco 315 with multiple flows exported
  • Added logic to ensure that we read sampling rates correctly and added check that number of flows read correctly
  • Added test coverage for Nokia which sends data and template templates in same packet
  • Added logic to test when data and options template is carried in single packet
  • Typos reported by Patrick Matthai
  • Added information to show sequence of IPFIX packet for easier debugging
  • Added FastNetMon daemon dependency on network-online.target to ensure that network is configured and Internet connection is available, more details: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com