FastNetMon’s latest release introduces several enhancements to improve your network security. We’ve added a new capability to filter traffic inline using XDP, upgraded MongoDB to 7.0 for Debian 12, and added support for multi-set TCP flags in BGP Flow Spec mode. We’ve also incorporated scrubbing_services_integration into our official packages and added logic to upgrade Grafana. For a full list of updates, see below.
Changes:
- Added new capability to filter traffic inline using XDP capability
- Added logic to reset Grafana password for Clickhouse in Grafana cache
- Switched to use for FerretDB on Debian 12 when we have no AVX
- Switched to use FerretDB for Debian 11 when we have no AVX.
- Upgraded MongoDB to 7.0 for Debian 12
- Added logic to unconditionally load tzdata and avoid need to load it from filesystem
- Added installer function to reset password for Clickhouse: -reset_clickhouse_password
- Added missing logic to update Flow Spec rules on disk when we automatically unblock BGP Flow Spec rule.
- Extracted flow spec ban logic to separate function
- Added capability to configure filtering mode using option filter_xdp_mode which can be set to skb, driver, hardware
- Extracted libbpf workaround to dedicated file
- Added logic to switch MongoDB to FerretDB when we have no AVX support
- Added FerretDB support for RedHat family
- Upgrade FerretDB to 1.16
- Added support for field NETFLOW9_LAYER2_PACKET_SECTION_SIZE 103 used by Cisco Catalyst 4500 in their Netflow lite implementation
- Disabled logic which installs our own kernel headers for relatively new Linux distros as it makes more harm for us
- Upgraded bpf to bpf 1.0.1 and ported AF_XDP plugin to new version
- Added support for mutli-set TCP flags in BGP Flow Spec mode: syn|ack
- Made Flow Spec encoding reader from JSON more strict. It will return error when we cannot parse some field
- Fixed bug with keep_blocked_hostgroups_during_restart
- Added complete logic to save blocked hostgroups to persistent storage: keep_blocked_hostgroups_during_restart
- Added configuration option app_packet_sr_tunnel_traffic to decode GRE for Nokia SR Shim mode
- Completely working unban_only_if_attack_finished for total hostgroups with static and flexible thresholds support
- Added complete logic to configure all fields for scrubbing management
- Adding support for plugin scrubbing_services_integration
- Added clarity for messages when we cannot retrieve license from licensing server over IPv4 and then we do Ipv6 fallback
- Incorporated scrubbing_services_integration into official packages
- Added logic to upgrade Grafana when we install it to address issue with Grafana is not running