Release date: 31 May, 2026
Version: 2.0.379
FastNetMon Advanced 2.0.379 introduces a major rewrite of IPv4 and IPv6 network loading and lookup logic, improving scalability, concurrency, and memory management for large-scale deployments. The release also enhances traffic_db with fully asynchronous ClickHouse inserts to prevent packet drops on busy systems, alongside new Prometheus monitoring support and expanded observability options.
In addition, the release adds advanced network-level mitigation controls, including BGP-based network learning, live network reloads, improved Flow Spec matching, IPv6 allow lists, and expanded per-network blocking options. Support for additional IPFIX fields and multiple traffic processing improvements further extend packet visibility and detection capabilities.
Full list of changes
- Added support for parsing IPFIX_IP_TTL, IPFIX_ICMP_TYPE_IPV4, IPFIX_ICMP_CODE_IPV4, IPFIX_TCP_WINDOW_SIZE, IPFIX_TCP_ACKNOWLEDGEMENT_NUMBER, IPFIX_TCP_SEQUENCE_NUMBER in IPFIX mode
- Rename mbit to Mbit in flexible hostgroups schema
- Rename mbits to Mbits in hostgroup section
- Fixed Mbits from pps for TCP SYN pps and IP Fragmented packets per second
- Made logic of Clickhouse insert fully async in traffic_db. It ensures that we keep receiving new packets while another thread is working on Clickhouse inserts. It addresses drops of traffic in traffic_db on loaded instances
- Added support for Prometheous for traffic_db, can be configured via /etc/fastnetmon/traffic_db.conf options prometheus, prometheus_host, prometheus_port
- Unified Promethtous logic to work for multiple instances
- Added logic to trace duration of Clickhouse insert
- Added logging_level to traffic_db daemon which can be set to info by default or debug
- Added logic to load networks list from BGP when load_networks_from_bgp is enabled and subnet_learning is enabled for peer
- Added field load_networks_from_bgp_filter_communities to filter only prefixes with defined community when load_networks_from_bgp is enabled
- Full rewrite of IPv4 and IPv6 loading logic
- Reworked prefix normalization logic for IPv4 networks
- Added test to confirm that Patricia does not have function to normalize prefix before storing, when we add 192.168.1.121/24 it stores it same way as 192.168.1.121/24 instead of 192.168.1.0/24
- Removed logic which sorted networks from largest to smallest, we definitely do not need it anymore and it's overhead
- Added command sudo fcli set reload_networks to live reload networks
- New logic to introduce concurrent access to IPv4 and IPv6 lookup trees
- No more manual memory management for network lookups
- Reworked Patricia tree for whitelist of IPv6 traffic to standard lookup logic
- Reworked Patricia tree for IPv4 traffic to standard lookup logic
- Added logic to run callback script when network is under attack with notify_script_network_enabled notify_script_network_path
- Added logic to check banned networks - sudo fcli show network_block and block / unblock them
- Added option for networks unban_network_only_if_attack_finished
- Implemented /etc/fastnetmon/allow_list_rules.dat for IPv6
- Added logic to match flow spec rules on non /128 boundaries
- Added configuration option to enable / disable per network blocks fpr all protocols: enable_ban_network
- Added logic to load hostgroup with network level configuration: global_network_ipv4 and calculaion_method = network_ipv4
- added new configuration options: enable_ban_network_ipv4, enable_ban_network_ipv6, ban_time_network_ipv4, ban_time_network_ipv6, unban_network_enabled_ipv4, unban_network_enabled_ipv6
- Implemented logic for disable_local_host_counters_ipv4 and disable_local_host_counters_ipv6 to selectively disable host counters
- Added options disable_local_host_counters_ipv4 and disable_local_host_counters_ipv6
