Switched official FastNetMon image for Docker to 20.04
Added logic to return top talkers via API and fcli
Added logic to return baselines via API and fcli
Added patch to disable Clickhouse excessive logging
Added logic force_asn_lookup to overwrite ASN received from device
Version 2.0.279
Deprecated and removed notify_script_pass_details. All notify scripts must read information from stdin to work properly
Added logic to require latest version of schema for Clickhouse per host mertrics to enable per protocol counters
Removed manual logic to populate metrics date. We use automatic conversion via default value
Enabled per protocol counters for InfluxDB and Clickhouse by default
Deprecated old Clickhouse schemas without automatic metricDate calculations
Fixed logrotate permissions on Ubuntu and Debian platforms
Significantly reduced verbosity of Clickhouse error logs to avoid disk space filling with error messages
Version 2.0.278
Removed aggregate_networks_list as we do not need it with flexible counters
Reduced lock contention in IPv6 code and eliminated deadlock possibility due to two locks
Remoteved enable_subnet_counters conf option, enabled it by default
Reduce lock contention on IPv6 per subnet counters
Unified average_calculation_time for hosts, networks, asns and total hostgroups
Version 2.0.277
Added counters for UDP, TCP, ICMP protocols in attack start log
Improved attack performance logging
Added warning level when we cannot collect dump from traffic buffer
Added log entry to clarify which mode of reading from buffer is being used
Added per threshold filtering when threshold_specific_ban_details enabled
Added logic to apply per direction filetring when threshold_specific_ban_details set to true
Added conf option threshold_specific_ban_details
Added IPv4 and IPv6 logic for traffic_buffer bans
Added logic to dump attack buffer from API
Added packet arrival_time for all traffic caputre backends
Added circular buffers variables and conf values traffic_buffer and traffic_buffer_size
Added logic to skip InfluxDB database creation when it exists
Added context information about which process finished with which error code
Added more clear confirmation about type of script callback was called
Version 2.0.276
Disabled memory validation for licenses
Added counters clickhouse_metrics_writes_total and clickhouse_metrics_writes_failed to track Clickhouse metrics writes
Added flag ipfix_parse_datalink_frame_section to control IPFIX parser logic which actually parses traffic
Added logic to identify templates with variable length encoding using template information
Version 2.0.275
Added santiy check logic for IPFIX field processing to prevent buffer overflow
Added sanity checks for memcpy() in Netflow v9 code to avoid buffer overflow
Added counter to track failures to decode Netflow v9 lite
Added TCP Flag encoded via two byte encoding
Added counter for IPFIX when we ahve very large chunks of data from wire
Fixed bug in ExecuteMailTest. We did send email only to first email but we must send it to all. Thanks to PVS
Added explict zerofication for UDP listener
Switched all exception to pass them by reference
Version 2.0.274
Enable kernel level sampling for mirror mode by default with rate 1:100.
Disable multi-thread processing as it is not compatible with sampling
Fixed bug with IPv6 flow spec logic being enabled by IPv4 flag
Added intilizers for some structures to zeroify them explicitly
Added missing return value check for malloc
Version 2.0.273
Added proper initalizers in BGP code and sFlow logic
Enabled one more warning type about non initlized values
Enabled -Wuninitialized -Winit-self for build system by default
Added initialization logic for bitfields in network parser
Added logic to set logging level with storage conf option: logging_level
Effectively disabled all thresholds set to 0
Added different path for TLS root certificates on RedHat family
Increased GoBGP timeout to 10 seconds by default. For heavy operations like teable loading you we will use 60 seconds
Version 2.0.272
Enabled outgoing attack detection by default. Disabled remote attack detection logic when per_direction_hostgroup_thresholds set to true
Introduced per direction thresholds
Version 2.0.271
Added missing return for save_ipfix_sampling_rates_to_disk to address daemon crashes
Version 2.0.270
Enabled per protocol counters for IPv6 networks
Returned logic to maintain per protocol counters for IPv4 per network metrics
Added sampling rate cache for IPFIX and Netflow, use netflow_sampling_cache to enable it
Extracted IPFIX and Netflow sampling rate update logic
Added explicit zeroify for Netflow structures
Version 2.0.269
Fixed bug with missing networks list for total hostgroups. We need to clean it only for per host
Version 2.0.268
Added logging logic to trace new hostgroup creation in details
Reworked per host hostgroups to new unified logic
Simplified locks for hostgroup lookup structure as we have no reasons to keep two locks
Updated resources to sync mongo configuration files change
Added quiet flag to reduce MongoDB verbosity
Added logic to cleanup FastNetMon caches for rpm based distributions
Added logrotate for fastnetmon logs on Debian and Ubuntu
Added logic to remove traffic counters dump during upgrade
Version 2.0.267
Reworked per network IPv4 traffic counetrs to use standard logic
Version 2.0.266
Added logic to serialize IPv4 networks
Added logic to serialize old IPv4 counetrs
Moved all IPv4 network counetrs to single structure
Cleanup of old style static counters
Added logic to load total traffic counters
Ported all metrics backend to new total counters code
Added logic to serialize total counters
Reworked total traffic counters
Added logic to remove traffic counters after load attempt
Added logic to store total hostgroups between restarts
Added logic to dump traffic to disk for IPv6 networks too. Unified dump logic
Unfied speed counters logic
Added logic to dump IPv6 per host counters to disk
Added fcli / API command save_traffic_counters
Implemented API endpoint to dump traffic to disk
Added logic to dump traffic on restart
Added logic to load speed calculation counters to disk
Added logic to store speed counters to disk
Added function to load traffic counetrs from disk
Added logic to serialize speed counters
Added logic to disable TLS certificate checks, it needed in some cases: email_notifications_disable_certificate_checks
Version 2.0.265
Unified IPv6 logic for total hostgroups by introducing function
Improved total hostgroup logic for IPv4 by adding function to build it
Imporoved duplicate check logic for total hostgroups
Unified logic which adds global hostgroup
Unified total hostgroup creation logic
Added logic to unify parent logic for total hostgroups
Unified logic which adds new total hostgroups
Unified logic to lookup total hostgroups by id
Unified IPv6 path for total hostgroup lookup
Unified logic for getting total hostgroups by name
Flipped logic for lookup_tree_32bit_with_payload_t and lookup_tree_128bit_with_payload_t to avoid memory de-allocation by default for clarity
Version 2.0.264
Unified logic path for manual IPv4 and IPv6 bans
Unified IPv6 hostgroup lookup logic for manual bans
Unified IPv4 hostgroup lookup logic for manual bans
Unified IPv4 hostgroup lookup logic when called from API
Unified IPv6 hostgroup lookup logic when called from API
Removed hostgroup name for get_ban_settings_for_this_ipv6_subnet function
Removed hostgroup name for get_ban_settings_for_this_subnet function
Version 2.0.263
Deprecated old statically allocated counters
Added logic to use total hostgroups without need to create global_total hostgroup at all
Fixed string form of attack’s severity
Unified global_total search logic
Added explicit integer setting to 0 in parser logic
Improved processing for unknown protocols in sFlow mode
sFlow protocol name unification
Added warning for flow spec wire format parser
Added error control logic for NLRI encodigng path
Fixed bug with rule optimized when fragmented flag has ports specified for some reasons. Identified by gcc warnings
Added logic to check that we’ve successfully read old GoBGP configuration file
Cleanup not used variables
Version 2.0.262
Added logic to push per network IPv6 traffic to InfluxDB
Suppressed warning that process name should not exceed 15 symbols
Improved build system for all platforms
Version 2.0.261
Fixed bug with IPFIX length processing
Allowed all possible protocol types for flow spec detection engine
Version 2.0.260
Unified ban check logic for all types of blocks using should_ban_outgoing and should_ban_incoming
Added flow detection for should_ban_incoming and should_ban_outgoing used for remote host bans
Version 2.0.259
Migrated Flow Spec logic to IANA unified protocols
Added system counter to track only real changes for Netflow and IPFIX templates
Added new counter sflow_udp_receive_eagain to count eagains outside of errors counters in sFlow plugin
Migrated enum for flow spec actions to class enum
Removed never used TCP flag type for flow spec
Converted fragmentation flags into class enum in BGP
Added logic to dump IPv6 classified as other
Version 2.0.258
Packet parser improvements
Version 2.0.257
Added logic to cleanup remote IPv4 counters
Unified IPv4 and IPv6 blackhole persistence logic
Added AlmaLinux support for Installer
Unified all things to support RockyLinux
We need to disable traffic db when we cannot connect to it
Added logic to print flow spec rule we’ve read from white list
Enabled IPv6 metrics export to InfluxDB by default
Version 2.0.256
Unified logic to call unban flow spec actions
Moved logic which adds flow spec mitigations to MongoDB into unified function. Moved it away from flow spec code
Unified flow spec function to apply it when we actually unban flow spec rule
Version 2.0.255
Added automatic restart in case of any issues for all systemd daemons
Version 2.0.254
Added license business type for show license command
Version 2.0.253
Added information about threshold which triggered alert for email
Version 2.0.252
Exposed fragmented and dropped counters via fcli
Added fragmented and dropped counters for total hostgroups
Fixed calculation logic for dropper traffic
Added logic to dump all traffic in JSON format
Added logic to decode forwarding status for Netflow v9
Enabled socket stats for AF_PACKET by default
Version 2.0.251
Added logic to decode ERSPAN encoded telemetry
Added UDP buffer override by sysctl by default
Enabled simple dumps to file system by default
Upgraded librdkafka to 1.7.0 to address bug: https://github.com/edenhill/librdkafka/issues/757
Wrapped Kafka producer creation in exception catch logic to avoid crashes
Enabled Grafana alerts by default when we install visual traffic
Version 2.0.250
Fixed bugs in af packet and xdp ng gre enabled parser
Added more counters for AF_PACKET logic and fixes bug for XDP and AF PACKET for new generation parser
Expanded logic to disable offload for vmxnet3
Added logic to automatically enable InfluxDB export from visual installer
Added logic to set secure permissions for htpasswd file
We need to disable using force yes as it may break things
Added mirror_af_external_packet_sampling and mirror_external_af_packet_sampling_rate values for AF PACKET
Added flag to extract tunnel traffic for af packet mode
Added NG parser flag for AF_PACKET
Added NG parser flag for XDP
Version 2.0.249
Added logic to avoid partial deserialization for IPFIX
Added intermediate step for template serialize for Netflow 9 to avoid issues with deserializer
Reworked Netflow and IPFIX template cache logic
Added blackhole v6 cleanup for Debian and Ubuntu
Version 2.0.248
Added logic to parse GRE from ng parser
Added logic to identify GRE and ESP protocols properly
Version 2.0.247
Rename IPFIX file to typo-free version
Added support for unban when finished for IPv6
Version 2.0.246
Migrated MongoDB to explicit copy of session in attempt to address issue: ‘database closed explicitly’
Disabled trace logic by default for Web API, only print errors
Version 2.0.245
Added option to specify custom port for BGP: gobgp_bgp_listen_port
Version 2.0.244
Fixed seg fault when both web hook and script were enabled
Propagate license error to top level call of set renew_license
Added logic to remove cache entries between upgrades on Debian and Ubuntu
Version 2.0.243
Added auth support for Grafana alerts
Version 2.0.242
Added flow spec next hop logic support: gobgp_flow_spec_next_hop_ipv4 and gobgp_flow_spec_next_hop_ipv6
Version 2.0.241
Added logic to exclude traffic by vlan
Added logic to enable SSL on Ubuntu and Debian
Version 2.0.240
Upgraded new GoBGP from 2.16 to 2.27
Version 2.0.239
Implemented BGP flow spec and BGP for new GoBGP integration
Version 2.0.238
Added simple packet dump for flow spec dumps
Version 2.0.237
Added packet_dump_detailed for flow spec dumps
Version 2.0.236
Added IP fragments threshold
Version 2.0.235
Fixed bug with rate limit encoding in flow spec
Version 2.0.234
Added complete support for ESP and GRE protocols
Version 2.0.233
Full implementation of traffic rules for fcli
Fixed obvious bugs in mongo based auto-completion
Unified auto completion and eliminated sort logic for names of field
Version 2.0.232
Reworked configuration management in fcli
Version 2.0.231
Added logic to filter out IPv6 announces for IPv4 ASN lookup tree
Version 2.0.230
Added flag to suppress uuid in flow spec when we just list rules for fcli
Added UUID of rule for flow spec callback
Added logic to parse sFlow IPv4 headers without Ethernet headers
Added per protocol counters for sFlow headers
Version 2.0.229
Added logic to populate thresholds used to detect attack
Exposed attack_detection_threshold to JSON
Version 2.0.228
Added logic to generate UUID for manually banned hosts
Enabled traffic_db by default
Added new SQL schema for TTL based retention
Added compression for Grafana to improve Nginx performance
Moved away from stringstream and additional copy of memory to improve sFlow performance
Added new faster version of IP conversion logic
Version 2.0.227
Added logic to distinguish new sampling rate for IPFIX and update of sampling rate
Version 2.0.226
Fixed missing outgoing traffic for ASNs
Extracted FastNetMon type mapping and deprecated fields into function
Upgrade golang version
Switched installer to go mod
Migrated fcli to go mod
Migrated fastnetmon_client to go mod
Added etcd to distribution package
Version 2.0.225
Fixed bug with flow calculations in flexible counters mode
Removed ASN lookup from traffic_db, please enable asn_lookup on FastNetMon side instead
Added logic to lookup ASN for IPv6 traffic
Added fcli commands: asn_counters_v4 and asn_counters_v6
Added Clickhouse export for ASNs
Added ASN export to InfluxDB
Extracted IPv6 logic into separate function
Version 2.0.224
Added logic to decapsulate sflow tunnels: sflow_extract_tunnel_traffic
Version 2.0.223
Added IPv6 incoming announces listing
Version 2.0.222
Enabled Netflow lite support: netflow_v9_lite
Version 2.0.221
Added logic to re-classify IPv6 packets as IPv4
Version 2.0.220
Reduced amount of data copies for flow spec announces
Added logic to generated UUID for flow spec in GoBGP logic
Switched to manual uuid generation for flow spec announces
Removed UUIDs for unicast v4 and v6 announces
Unified attack_details_t and banlist_item_t, we do not need latter, it just adds useless complexity
Fixed gcc warning about Flow Spec rate-limit little / big endian conversion
Added functions to expose number of packets per device
Dropped plenty of deprecated configuration options
Version 2.0.219
Enabled IPv6 traffic processing by default in configuration
Fixed 64 bit overflow error: Cannot parse value 16101149398 for metric InDatagrams
Added sflow_read_packet_length_from_ip_header to read packet length from ip packet instead of sFlow
Version 2.0.218
Added logic to stop processing when we read all flow sets. Fixed bug with Netflow with garbage on the end of packet
Reduced error duplication for IPFIX
Added support for RHEL
Version 2.0.217
Added working support for flow counters for flexible counters
Unified logic for flow tracking
Covered access to SubnetVectorMapFlow with mutex
Version 2.0.216
Reduced logging from hot path
Added configuration option netflow_rx_queue_overflow_monitoring for recvmsg mode
Version 2.0.215
Added statistics for global udp packet loss
Extracted banlist logic into separate module
Version 2.0.214
Added configuration option netflow_socket_read_mode which can be set to: recvmsg or recvfrom to control socket mode. recvmsg offers monitoring for number of drops on socket
Added logic to dump default sflow and netflow buffer size
Version 2.0.213
Added detailed logging for license validation errors
Suppressed http logging for InfluxDB in installer code
Added logic to skip firewalld configuration if we do not have it on CentOS
Version 2.0.212
Fixed overflow for JSON serializer: it used signed 32 bit value for 64 bit integers: 2629580 pps 22169 Mbps
Version 2.0.211
Added flag for instant ban mode without packet collection
Added gobgp_flow_spec_v6_announces, gobgp_flow_spec_v6_default_action, gobgp_flow_spec_v6_rate_limit_value to control flow spec for IPv6
Version 2.0.210
Added logic to retrieve IPv6 host counters for host
Version 2.0.209
Disabled repetitive logs which spam log files in debug mode
Added metric about number of not parsed packets
Version 2.0.208
Moved Clickhouse metrics to the separate module
Graphite extracted into separate module
Graphite extracted into separate module
Version 2.0.207
Added options to override sampling rate for Netflow on router basis for ipfix_per_router_sampling_rate, netflow_v9_per_router_sampling_rate, netflow_v5_per_router_sampling_rate
Version 2.0.206
Added support for IPFIX sampling rates
Added newer field which may carry IPFIX sampling rate for Cisco NCS devices
Added fcli command to read sampling rate for ipfix devices: show ipfix_sampling_rates
Added sanity check logic for IPFIX options data
Added sanity check logic for Netflow v9 data
Added counter to track number of IPFIX option templates
Added logic to track case when flow duration is negative
Added logic to decode reasons of flow timeout on Juniper for IPFIX
Fixed issue which caused FastNetMon auto start removal after upgrade on CentOS
Version 2.0.205
Implemented option to override number of workers for AF_PACKET manually: mirror_af_packet_workers_number_override, mirror_af_packet_workers_number
Set number of AF_PACKET workers to number of NIC queues
Added logic to parse FORWARDING _STATUS for Netflow v9
Version 2.0.204
Disabled automatic activation for pcap dumps, it’s not required in modern detection engine
Removed experimental logic to divide packet on duration
Made code more compliant with C++ specification
Removed old code for Netflow v1 and v7 support
Added alternative ways to declare bool values in cli / api
Added logic to disabled offload automatically for AF_PACKET
Added logic to disable offload on XL710 Intel
Version 2.0.203
Added input and output interfaces for sFlow
Version 2.0.202
Added logic to generate ASN mapping list from fill_dictionaries
Version 2.0.201
Added SSL support for API
Added duplicate network prevention for total and per host IPv4 and IPv6 hostgroups
Sync Grafana configuration with upstream
Sync InfluxDB configuration with upstream
Added logic to override Netflow v5 sampling rate: netflow_v5_custom_sampling_ratio_enable and netflow_v5_sampling_ratio
Added CentOS support for Grafana, InfluxDB, Clickhouse, Nginx
Disabled core dumps by default
Enabled CentOS support in installer
Version 2.0.200
Enabled MongoDB authentication in Docker build
Added complete ARM64 support for Ubuntu 16.04, 18.04 and 20.04
Version 2.0.199
Added flag Gobgp_do_not_manage_daemon to avoid attempts to restart GoBGP
Added flags gobgp_api_host and gobgp_api_port to configure data for GoBGP connection
Added logic to disable AppArmor for msmtp and added more details about msmtp operations
Switched to new gRPC
Added option flow_spec_ignore_do_not_fragment_flag to address Arista issues
Version 2.0.198
Added gobgp_communities_subnet_ipv4 to specify multiple subnet level communities
Added new option gobgp_communities_host_ipv4 to specify multiple communities for IPv4 host announces
Added metric sflow_raw_udp_packets_received and sflow_udp_receive_errors to track UDP errors in sFlow mode
Added support for Debian in graphic stack
Added support for Ubuntu 20.04
Added Debian support for FastNetMon
Version 2.0.197
Switched to custom version of OpenSSL
Fixed API support on Google Cloud / FireStore
Added Clickhouse error ignore if we cannot start it due to missing SSE42
Added new flag mongo_store_attack_information to address crashes on GCE
Version 2.0.196
Enabled export into traffic_db for traffic received from tera_flow plugin
Fixed bug with deprecated fields on FireStore back-end
Added metric total_flowspec_filtered_bytes to count number of bytes filtered by flow spec rules
Version 2.0.195
Added option to ignore IP flags: flow_spec_do_not_process_ip_fragmentation_flags_field
Version 2.0.194
Added source of attack detection for remote blocks
Added bps and pps rates for incoming and outgoing for syslog attack alerts
Version 2.0.190
Added option to make syslog alerts
Version 2.0.189
Disabled flow spec call if we do not have any rules
Added vlan for ng parser
Fixed bug with too big packet buffer size in IPv6 mode
Exported parent_host_group flag for per host JSON callbacks
Fixed misnamed collect_attack_pcap_dumps and collect_simple_attack_dumps to their original meaning
Version 2.0.188
Fixed out of bound memory write in IPFIX code which break packet counter
Added logic to handle crashes when malformed data was sent to tera_flow port
Fixed bug caused by flexible hash cleanup logic and when option unban_only_when_finished was set
Added configuration options override_internal_traffic_as_incoming and override_internal_traffic_as_outgoing to alter logic for internal traffic
Version 2.0.187
Added Radware plugin fcli management
Version 2.0.186
Added flow per second rate
Version 2.0.185
gRPC and protobuf libraries upgrade
Version 2.0.184
Added TCP flag support for flow spec mode for Netflow capture
Version 2.0.183
Upgraded all libraries
Added options netflow_ignore_long_duration_flow_enable and netflow_long_duration_flow_limit and basic implementation of duration filter
Version 2.0.182
Added fcli auto-completion for bgp peers
Added support for context help for bgp and hostgroup
Updated cli library
Added logic to read flow spec announces from disk
Added option keep_flow_spec_announces_during_restart and added on-disk sync when we remove flow spec announce
Version 2.0.181
API: Added logic to retry connection to MongoDB 30 times with 5 second delay during initial start up
Added confirmation for create_configuration command in interactive mode
Allowed symbol – and uppercase letters in hostgroup and bgp peer names
Added logic to hide any passwords in configuration
Added agent IP information to details JSON packet dump
Added ASN and interface numbers in details JSON dump of packet
Version 2.0.180
Improved auto completion for hostgroups
Fixed auto completion artifacts (duplication) with many completion matches
Version 2.0.179
Improved blackhole persistence logic
Version 2.0.178
Added logic to immediately sync blocked IPv4 and IPv6 hosts with on disk dump for graceful restarts
Version 2.0.177
Added support for parent hostgroups to use networks list from another group
Version 2.0.176
Added IPv6 support for total hostgroups
Added IPv6 support for per-host hostgroups
Added support logic to parse ASN from sFlow
Version 2.0.175
We’ve deprecated flag netflow_ipv6 and now you need only process_ipv6_traffic
Version 2.0.174
Added option to automatically cleanup empty counters for IPv4 and IPv6 flexible counters. Significantly reduces CPU usage
Version 2.0.173
Added TCP SYN bandwidth and packet per second thresholds
Enabled IPv6 counter even if IPv6 processing is disabled completely
Version 2.0.172
Added support for offline licenses on machines without default route
Version 2.0.171
Added flows per second export to tracking server for new custom license types
Added counters about per header and per flow speed for system_counters
Version 2.0.170
Added logic to multiply packet rate on sampling rate in af packet mode
Fixed extremely old bug with traffic conversion to Mbits it was cause of 5% traffic difference
Version 2.0.169
Improved build process
Version 2.0.168
Implemented option to export IPv6 counters to InfluxDB
Version 2.0.167
Added native Prometheus support for system counters
Improved Netflow error reporting in log
Version 2.0.166
Enabled flexible_traffic_calculation by default
Version 2.0.165
Added options gobgp_announce_whole_subnet_force_custom_prefix_length and gobgp_announce_whole_subnet_custom_prefix_length to override length for subnet announces
Added option to install Docker on Ubuntu 18.04
Added options gobgp_announce_whole_subnet_force_custom_ipv6_prefix_length and gobgp_announce_whole_subnet_custom_ipv6_prefix_length to override IPv6 announces
Improved logging for orphaned buckets cleanup
Unified IPv6 and IPv4 bucket cleanup function
Added debug logging for packet collection
Implemented batch processing for IPv4 and IPv6 bans. Previously, FastNetMon was able to run single ban action per ban function run (once per second). In this release it can ban any number of hosts each ban function call. It makes FastNetMon much more efficient against attacks towards big number of hosts
Version 2.0.164
Added option netflow_ignore_sampling_rate_from_device to ignore Netflow v9 sampling rate announcements from device
Version 2.0.163
Added per protocol traffic counters for metrics export to Clickhouse: clickhouse_metrics_per_protocol_counters
Version 2.0.162
Added code to unban hostgroups automatically
Added attack notification pipeline for manual unblocks for hostgroups
Version 2.0.161
Added networks which belong to hostgroup to per-hostgroup callbacks
Added scope to distinguish per-host and per-hostgroup callbacks
Version 2.0.160
Suppressed log messages about InfluxDB and switched them to counters
Added option to build total hostgroups from per-host: build_total_hostgroups_from_per_host_hostgroups
Version 2.0.159
Implemented logic to export per protocol counters for hostgroups
Version 2.0.158
Added option to suppress automatic flow spec withdrawal: do_not_withdraw_flow_spec_announces_on_restart
Fixed bug with mongo session in fcli
Version 2.0.157
Added support to decode ASNs encoded as 2 byte values in IPFIX
Version 2.0.156
Reduced fcli timeout from 10 to 3 seconds to offer better experience in offline mode
Disabled increasing timeout during connection to MongoDB. Now we retry 10 times every 5 seconds
Version 2.0.155
Added option to suppress pid file check when pid_file path is empty
Version 2.0.154
Added custom command to restart FASTNETMON on Docker
Added custom path for FastNetMon’s log in Docker setup
Added detailed error message to debug mmap issues
Added offline mode for fcli to avoid scary errors during database init process
Version 2.0.153
Added option to connect to MongoDB without authentication
Disabled requirement for non empty Mongo password in fcli
Version 2.0.152
Upgraded gRPC version in FastNetMon’s internal API
Suppressed verbose logging from BGP parser code
Version 2.0.151
Added support to export top remote talkers via fcli: show remote_host_counters
Version 2.0.150
Added support to account total traffic usage per hostgroup
Added threshold to run actions when total traffic for host group exceed limit
Introduced notify_script_hostgroup_enabled and notify_script_hostgroup_path for per-hostgroup notify script calls
Added flag enable_ban_hostgroup to control per hostgroup behaviour
Implemented per hostgroup counters for InfluxDB
Introduced optimized version of LPM lookup tree
Decoupled code which reads hostgroups with code which creates all support structures
Version 2.0.149
Added ASN lookup logic for IPv6 in traffic_db
Unified IPv4 remote and IPv6 traffic counters
Added IPv6 support for fill_dictionaries
Version 2.0.148
Implemented complete GCE support
Version 2.0.147
Added support for FireStore for hostgroups and bgp in fcli
Version 2.0.146
Completely working code to withdraw remote blackhole announces
Exported information about license status to FCLI
Added code which will trigger all callbacks for manually added flow spec rules
Version 2.0.145
Added option to add custom tags to InfluxDB metrics: influxdb_custom_tags, influxdb_tag_name, influxdb_tag_value
Added option to control partitioner between Kafka partitions: influxdb_kafka_partitioner
Added tracking for number of InfluxDB messages written to influxdb for system_counters
Version 2.0.144
Implemented export to InfluxDB over Kafka queue system
Fixed traffic_db.conf parser issues with empty keys
Version 2.0.143
Added Clickhouse bandwidth export for flexible counters mode
Version 2.0.142
Added system_counters hosts_hash_size_ipv6 and hosts_hash_load_factor_ipv6 for IPv6 performance debugging
Exposed debug options for flexible counters: hosts_hash_load_factor and hosts_hash_size
Added support for flexible counters which avoid memory allocation for hosts without traffic and sparse networks
FastNetMon will execute license check after checking for duplicate process in memory
Version 2.0.141
Enabled simple packet dump in email by default
Added command for installer to set password for Grafana from metadata service on GCE (sudo ./installer -set_visual_passwords_gce_metadata)
Added logic to use per VM configuration storage on GCE / Firebase
Version 2.0.140
Reduced amount of memory copy calls in Netflow code
Added counter to calculate number of Netflow v5 flows explicitly: netflow_v5_total_flows
Added conf option netflow_multi_thread_processing to control multi thread mode for Netflow
Added option to control number of working threads per port for Netflow: netflow_threads_per_port
Version 2.0.139
Fixed bug for secure version of http client
Added support for reading configuration from Google FireStore on GCE in FastNetMon
Version 2.0.138
Added support for storing information in Google Firebase from fcli
Added command to renew license automatically from fcli: sudo fcli set renew_license
Version 2.0.137
Added 4 byte encoding support for IPFIX plugin to decode flow starts and ends
Version 2.0.136
Switched connection to license server to port 443 for better firewall compatibility
Version 2.0.135
Added ability to set number of hosts in output for fastnetmon_client
Added explicit code to process negative traffic recalculation delays
Added return code processing for notify script with arguments
Disabled DDoS detection for outgoing traffic in default configuration to reduce false positive
Version 2.0.134
Added packet_dump_detailed with per field information about packet dump to JSON notify scripts and web callbacks
Version 2.0.133
Added option license_use_port_443 to switch to port 443 for all connections to license server
Version 2.0.132
Added support for InfluxDB authorization
Version 2.0.131
Added new kind of white-list which uses flow spec rules
Version 2.0.130
Passed client ip address from sFlow to Clickhouse
Version 2.0.129
Increased timeout for waiting Clickhouse from 3*5 to 5*15
Added notifications about BGP Flow spec mitigations in Grafana
Version 2.0.128
Added function to retrieve number of queues available on NIC
Added XDP_ZEROCOPY support for AF_XDP (not implemented yet)
Implemented single_remote_host_counters from fcli side
Migrated ARM64 build to Mongo 4.1. It has native repositories for Ubuntu Bionic
Version 2.0.127
Added option to decapsulate external GRE tunnels: xdp_extract_tunnel_traffic
Version 2.0.126
Added counter for packets not parsed by XDP
Added option to switch interface into promisc for XDP
Version 2.0.125
Enabled influxdb_export_system_counters by default.
Changed influxdb host description: we allow domain names now
Added DNS resolution code for InfluxDB export engine
Version 2.0.124
Banned /0 IPv4 networks because customers can announces default gateway to FastNetMon using BGP integration
Fixed code which should prevent allocating memory for really big networks
Added new fields email_subject_blackhole_block, email_subject_blackhole_unblock, email_subject_partial_block
Version 2.0.123
Implemented commit operation for web api. It can be triggered with PUT method
Updated core libraries
Version 2.0.122
Upgraded Mongo C and C++ libraries to current versions.
Added fresh gRPC library for ARM64
Added option keep_blocked_hosts_during_restart to control graceful reload of FastNetMon for blackholed hosts.
Implemented logic to read blackholed hosts from disk
Added option do_not_withdraw_unicast_announces_on_restart which disabled automatic BGP withdrawal
Version 2.0.121
Added infinite loop prevention and limit for number of flowsets per packet
Version 2.0.120
Added field packet_dump to JSON callback script and web hooks
Version 2.0.119
Added debug message about field types in MongoDB
Added new logic to parser to read integers encoded as 64 bit integers in MongoDB
Regenerated parser for local_asn and remote_asn to support private 32 bit ASNs which exceed limit for 32 bit signed integer
Version 2.0.118
Added native support for Grafana notifications about attacks
Version 2.0.117
Fixed metric name from netflow_v9_duration_less_60_seconds to netflow_v9_duration_less_60_seconds
Added automatic Clickhouse user configuration if we know it
Switched to SHA 256 hashed password in Clickhouse configuration
Fixed bug with incorrect name for Other Packets dashboard for total traffic
Fixed bug with duplicated Incoming packets for per host traffic dashboard
Added Netflow v9 dashboard into default package
Nginx released native ARM64 packages for 18.04
Added IPFIX duration histogram for system_counters
Version 2.0.116
Added option remote_host_tracking to configure remote host tracking
Added options enable_ban_remote_outgoing and enable_ban_remote_incoming to control remote blocks behaviour
Added complete support for host groups remote_host_incoming/remote_host_outgoing for remote hosts
Added gobgp_announce_remote_host option to announce blackholed remote hosts using BGP
Added option gobgp_next_hop_remote_host to configure next hop for remote block hosts
Version 2.0.115
Added plugin for AF_XDP support
Added option force_native_mode_xdp to force native mode for XDP driver
Added XDP stats
Added poll backed processing for XDP mode: poll_mode_xdp. It significantly reduces load on CPU
Disabled gobgp init file creation from installer. We do it from FastNetMon’s deb package
Upgraded Grafana to 5.3.2.
Version 2.0.114
Added experimental flag gobgp_modern_configuration_format to switch GoBGP to upstream format (1.33 compatible)
Fixed bug with manual blackholes. Previously, all of them had 1970.1.1 date because we did not populate ban_time
Version 2.0.113
Added option to disable multi-thread processing completely for AF_PACKET with option set main mirror_af_packet_disable_multithreading
Replaced af_packet_ thread name to short afp_. We have limit for 16 symbols and it will improve performance profiling experience
Added option to control fanout (load balancing mode) for AF_PACKET: mirror_af_packet_fanout_mode: cpu, hash, random, rollover, queue_mapping
Version 2.0.112
HASH(0x55a9213283a8)
Version 2.0.111
Added command to configure mongodb initial configuration from fcli using fcli create_configuration
Version 2.0.110
Fixed bug for Netflow v9 processing code which caused infinite loop after receiving malformed packet
Version 2.0.109
Added ability to disable ban actions for incoming/outgoing traffic using: do_not_ban_outgoing and do_not_ban_incoming
Version 2.0.108
Upgraded Clickhouse library to new version (fixes retries and timeouts)
Version 2.0.107
Added option to switch connection tracking from flow to unique opposite hosts tracking with sudo fcli set main connection_tracking_skip_ports
Version 2.0.106
Implemented sudo fcli show netflow_sampling_rates to expose sampling rate information for Netflow v9 agents
Added support for duration distribution for Netflow v5
Version 2.0.104
Added IPv6 support for IPFIX
Version 2.0.104
Fixed BGP Flow Spec validation bug for rules injected from API/fcli
Version 2.0.103
Added fcli/API command: bgp_incoming_announces to expose received BGP announces from peer
Version 2.0.102
Reintroduced Redis support
Version 2.0.101
Added default fields for metricDate for Clickhouse metrics to avoid timezone issues
Added automatic calculation for packetDate in traffic_db. We did it to eliminate timezone issues
Added https support for apt in installer
Enabled Ubuntu 18.04 by default
Added support for 18.04 for graphic stack installer
Version 2.0.100
Added agent ip address for Netflow v5
Added agent ip address for Netflow v9 and IPFIX
Added new field AgentIP address for Clickhouse
Enabled support for 18.04 in installer and switched 18.04 to MongoDB 4.0
Version 2.0.99
Added support for input and output interfaces for IPFIX
Added source and dst ASN support for IPFIX
Improved error reporting for Graphic stack installer
Added support for Clickhouse server automatic install with: -install_traffic_persistency
Version 2.0.98
Added ability to configure speed recalculation delay with option speed_calculation_delay. It’s quite useful for debugging and for customers with really huge networks
Version 2.0.97
Added support for duration histogram for Netflow v9
Version 2.0.96
Added variables netflow9_custom_sampling_rate_received and netflow9_sampling_rate_changes to track sampling rate learning for Netflow v9 better
Added netflow9_options_packet_number counter to debug Netflow issues
Initial support for viewing all availible options of fields in api
Version 2.0.95
Added export for system counters to InfluxDB: set main influxdb_export_system_counters
Added options for dpkg to suppress interactive reconfiguration attempts
Version 2.0.94
Added IPv6 support for Netflow v9 code
Version 2.0.93
Added https support for web hook handlers
Version 2.0.92
Boost library upgrade to fix locale related issues and add new functions
Version 2.0.91
Moved logging level reconfiguration close to toolkit run
Version 2.0.90
Introduced configuration option to configure logging level: sudo fcli set main logging_level debug
Fixed parser for flow spec detection engine for fragmented packets
Version 2.0.89
Added support for flow_spec_do_not_process_length_field and flow_spec_do_not_process_source_address_field for flow spec mitigations in sFlow/AF_PACKET modes
Version 2.0.88
Added configuration option flow_spec_do_not_process_source_address_field. It’s very useful to provide good level of aggregation for memcached/SSDP attack types
Version 2.0.87
Added per day partitioning for Clickhouse metrics
Version 2.0.86
Migrated to per day partitions for traffic_db/Clickhouse
Removed dependencies on libpcap and libnuma from deb package
Version 2.0.85
Added code for BPF sampling in AF_PACKET filter: mirror_af_packet_sampling_rate
Version 2.0.84
Added ability to change traffic_db configuration using configuration file
Added ARM64 compatibility
luajit code upgrade for ARM64
Added ARM64 version of installer tool
Switched BGP daemon logging to stdout for systemd enabled distributions
Version 2.0.83
Improved compatibility with Ubuntu 18.04
Version 2.0.82
Added support for accept BGP Flow Spec action type
Unified upstart/systemd configuration for new Ubuntu distributions
Version 2.0.81
Added ability to override Router ID for BGP peers: gobgp_router_id Mandatory for IPv6 only setup.
Explicitly added local_address in BGP configuration
Version 2.0.80
Enabled option to use IPv6 only peers
Version 2.0.79
Implemented API and fcli to retrieve traffic for single host: fcli show single_host_counters 192.168.1.100
Version 2.0.78
Added network for host into JSON and text/email notifications
Added protocol version to JSON and email/text notify scripts
FastNetMon can populate host group properly for manually created blackholes
Migrated MongoDB version 3.6
Version 2.0.77
Added community support for IPv6 mode
Added gobgp_community_host_ipv6 and gobgp_community_subnet_ipv6 to configure IPv6 independently
Working IPv6 BGP integration
Added configuration options for IPv6: gobgp_announce_host_ipv6 and gobgp_announce_whole_subnet_ipv6 to configure behaviour independently to IPv4
Added field gobgp_next_hop_ipv6 to configure IPv6 next hop
Implemented option to create IPv6 blackhole using cli
Added IPv6 unicast and flow spec AFI for GoBGP.
Version 2.0.76
Added basic ssh server into fcli: sudo -E SSH_SERVER_MODE=on ./fcli
Version 2.0.75
Full IPv6 support
Fixed white listing for IPv6
Fixed segmentation faults when fastnetmon load IPv6 network into white list
Version 2.0.74
Migrated to native Go interface code which creates fastnetmon user for MongoDB
Installer does not remove old configuration. It just renames it
Added auto start for BGP daemon
Complete support for IPv6 for notify JSON script and web hook
Implemented ability to show banned IPv6 address
Version 2.0.73
Introduces IPv6 mode in fastnetmon_client -ipv6
Version 2.0.72
Implemented ability for Netflow v9 to read input and output interfaces for packet from flow data
Netflow v5. Added ability to read input and output port numbers from Netflow packets
Added two new fields for Clickhouse schema: inputInterface and outputInterface
Version 2.0.71
Fixed bug with ASN population code
Version 2.0.70
Netflow plugin: implemented ability to read source and destination ASNs directly from Netflow v9 packet
Traffic db will not try to fill ASN information if we already have non zero ASN from FastNetMon
Version 2.0.69
Re-introduced fastnetmon_client toolkit to emulate old tool from FastNetMon Community
Added symbolic link for fastnetmon_client to call without full path
Introduced fake mode for fastnetmon_client using key z for example output
Version 2.0.68
Implemented support for multiple interfaces in AF_PACKET
Added new configuration option af_packet_read_packet_length_from_ip_header to read size from IP header instead of wire
Added option for strict CPU affinity for AF_PACKET: afpacket_strict_cpu_affinity
Version 2.0.67
Introduced complete support for licenses on grey IP addresses
Version 2.0.66
More robust license check code
Version 2.0.65
Complete web API
Automatic creation for all Clickhouse tables
Introduced ability to create database for Clickhouse metrics automatically
Added correct check to handle unreachable Clickhouse for metrics export
Version 2.0.64
Implemented option to export host counters using API
Version 2.0.63
Enabled IPv6 by default in traffic_db
Fixed bug with traffic_db. It crashed when we did not have Clickhouse running when traffic_db starts
Added check for correctness of networks in CIDR for for fcli
Version 2.0.62
Introduced traffic_db_sampling_rate to configure sampling rate for AF_PACKET capture
Version 2.0.61
Added automatic schema creation for Clickhouse
Version 2.0.60
Fixed segmentation fault for fill_dictionaries: double memory free up
Version 2.0.59
Enabled API gateway by default
Version 2.0.58
Enabled code dump handlers for fill_dictionaries for debugging purposes
Version 2.0.57
Introduced JSON mode for fcli: JSON_MODE=on sudo -E ./fcli show bgp
Added JSON methods for almost all fcli commands
Version 2.0.56
Enabled batch mode for Clickhouse by default
Added automated deployment for all dashboards for Grafana
Implemented an ability to create InfluxDB data source with API in Grafana automatically
Improved InfluxDB installer to create database with proper retention
Version 2.0.55
Added debug messages about orphaned buckets
Version 2.0.54
Introduced support for MD5 secured BGP sessions: md5_auth, md5_auth_password
Version 2.0.53
Improved license validation code on grey IPs
Version 2.0.52
Added options dump_all_traffic and dump_other_traffic to dump all/other traffic to log for debugging reasons
Introduced new option sflow_use_new_generation_parser which could enable new packet parser for parsing sFlow packets
Version 2.0.51
Added host group name to email/JSON notification about attack
Version 2.0.50
Introduced an ability to skip export of host counters to reduce load on InfluxDB: influxdb_skip_host_counters
Added complete ignore to SIGHUP signal
Added support for Ubuntu 16.04 for graphic stack
Version 2.0.49
Introduced per protocol counters export to InfluxDB: influxdb_per_protocol_counters
Version 2.0.48
Added option to list all interfaces available in system: show interfaces
Fixed BGP daemon auto start unit
Version 2.0.47
Introduced separate repositories for Ubuntu Trusty Tahr
Version 2.0.46
Made BGP Flow Spec validation configurable with configuration option: ‘flow_spec_execute_validation’
Introduced option to enable/disable network aggregation to reduce number of networks: ‘aggregate_networks_list’
Disabled configuration check for FastNetMon in systemd/Upstart unit
Version 2.0.45
Improvement for users with huge networks lists: we do not add small networks already added into lookup table as part of big networks
Version 2.0.44
Significant performance optimization for users with big networks. 1.9 second => 0.7 second for /8 network
Performance improvement: reduced lock contention for DDoS checks
Added number of host groups to info log
Performance improvement. 3.5 seconds -> 1.9 seconds for 1m hosts for speed recalculation. Replaced copy by value to copy by reference
Version 2.0.43
Added fcli to PATH
Version 2.0.42
Added initial support for systemd
Version 2.0.41
Improved license validation code to ignore small differences in hardware configuration
Version 2.0.40
Added option to add simple packet dump to email: email_notifications_add_simple_packet_dump
Version 2.0.39
Introduced ASN lookup function for fcli: ‘show ip_asn 8.8.8.8’ you can use it to get ASN for any host
Version 2.0.38
Improved compatibility with SMTP protocol in email notifications
Added unique Linux thread names for all Netflow capture threads
Fixed bug which caused negative source_id in template cache
Version 2.0.37
Added new function for fcli to lookup host group for specified IP address: show ip_hostgroup 11.22.33.44
Upgraded HTTP library to new version. We use it for web_hooks and InfluxDB metrics export
Version 2.0.36
Added new configuration option flow_spec_do_not_process_length_field (main) to suppress any processing for length field. It’s useful in case when your device send incorrect IP length in Netflow/IPFIX
Version 2.0.35
Introduced configuration option flow_spec_fragmentation_options_use_match_bit (main). You could use it to enable match field inside BGP Flow Spec announces. Some vendors require this flags
Reworked code which handles BGP Flow Spec Fragmentation Flags
Version 2.0.34
Added option flow_spec_tcp_options_use_match_bit (main) to enable match bit in BGP Flow Spec announces. Some vendors require this flags
Traffic DB got an ability to create required databases/tables for traffic persistency automatically
Version 2.0.33
Fixes bug with zero packetDate in traffic db
In case of issues with connection with our traffic persistency backed FastNetMon could crash
Hide email password from output of show main command
Version 2.0.32
Added new plugin to read data in tera flow format from external sources (another FastNetMon instance).
Implemented enhanced error handling for write_simple_packet
Introduced filter to count full number of packets processed by process_packet function: total_simple_packets_processed
Version 2.0.31
Fixed bug with active option for BGP peers. Now we handle it correctly
Added support to store IPv6 address in tera flow format and inside traffic persistency backed
Version 2.0.30
Implemented batch inserter for traffic persistency back end (significantly faster than old implementation)
Upgraded persistency database library integration. Fixed crash in case of connection issues with database
Version 2.0.29
Introduced auto connection logic for traffic persistency back end
Version 2.0.28
Rename process name fastnetmon to be unique line because it conflicts with Monit’s entity created for server itself
Disabled graphite by default. If somebody wants it he could enable it manually
Report incorrect value in field gobgp_flow_spec_default_action
Version 2.0.27
Fixed white list option (main)
Version 2.0.26
Implemented host_counters_v6 in fcli
Implemented method to export top IPv6 talkers
Version 2.0.25
Implemented full support for fcli command show sflow_sampling_rates. You could use it for sFlow sampling rate monitoring
Version 2.0.24
Implemented an ability to specify number of hosts in output of show host_counters with environment variable: HOST_COUNTERS_MAX_HOSTS
Version 2.0.23
Introduced method license_hardware_data_reset to reset hardware assignment. You allowed to do it only three times
Version 2.0.22
Fix bug with vendor specific implementation issues. When we have padding at the end of sFlow packet we drop all frames. Now we process all of them correctly
Version 2.0.21
Introduced very nice optimization. Do not write zero elements to Clickhouse and InfluxDB
We introduced show latest_fastnetmon_version for fcli to get latest version of toolkit from server
Introduced ability to retrieve FastNetMon running version from fcli: show fastnetmon_version
Version 2.0.20
Introduced ability to execute notify script when attack mitigated with blackhole (for ban and unban). Also, introduced ability to call it when attack was mitigated with flow spec (script call on announce withdrawal is not supported yet). Please set notify_script_format to JSON to use this option
Introduced variable to configure format for notify script. Now we support text and JSON formats
Version 2.0.19
Allow small memory differences for license server
Implemented network_counters_v6 in fcli
Implemented ability to get sorted average counters for IPv6 subnets
Fix bug in IPv6 get_packet_direction_ipv6. Now we could correctly detect outgoing traffic
Version 2.0.18
Implemented support for extracting IPv6 total counters using API: show total_traffic_counters_v6
Introduced special counter for non IPv4/IPv6 traffic: non_ip_packets.
Introduced option to disable/enable IPv6 traffic processing explicitly: process_ipv6_traffic
Version 2.0.17
Introduced ability to push network’s traffic to Clickhouse
Introduced ability to configure Clickhouse for metrics using configuration interface
Version 2.0.16
Fix bug in traffic persistence. Add correct traffic directions. Previously we had other everywhere
Version 2.0.15
Print ASN mapping file version to log file
Add special check that we could de-serialize data from ASN mapping table
Version 2.0.14
Moved message about absence of template to DEBUG level because customer complaints
Introduced additional log messages to debug Netflow templates delay
Version 2.0.13
Fixed issue: netflow_host ignored in previous releases
Version 2.0.12
Introduced ip_length field to track only IP packet total length (without Ethernet). We need it because BGP Flow Spec uses such representations
Version 2.0.11
Since this commit we retrieve attack bandwidth information from time when attack was detected. This commit fixes cases when customer report that attack report was below threshold
Removed Average packet size for incoming traffic and Average packet size for outgoing traffic from attack details report
Unified SMTP notifications. Do not block thread with email process. Let’s fork additional threads for this task
Introduced ability to remove packet length if we detected fragmentation attack. Implemented facility for rule optimization
Added requirement to run fill_dictionaries from root
Version 2.0.10
Completely working ASN lookup for traffic database
Introduced src_asn and dst_asn fields for traffic db and simple packet
Implemented support for pushing data into Clickhouse
Version 2.0.9
Added upstart file for tera-tsdb
Version 2.0.8
Introduced ability to read MongoDB configuration options from special file in fcli
Introduced option to specify custom mongodb port for fcli
Moved configuration for mongodb for fcli to special file
Version 2.0.7
Added api_port configuration variable
Fixed bug in schema upgrade code inside CLI
Install pwgen by default
Introduced timeout for msmtp because without it it hangs completely
Version 2.0.6
Implemented native capability to push data into InfluxDB in batches. Previous we executed single write() operation for all calls
Fix Grafana configuration to work with nginx + http auth
Introduced special option for install tool to install Grafana, InfluxDB and Nginx
Switched to Stable version of Nginx
Version 2.0.5
Do not bother with ‘cache folder does not exists. Disabled Netflow cache option’ customers without Netflow enabled
Introduced new API method show license_hardware_data for getting information about hardware
Set average recalculation time to 5 seconds for networks too
Installer: Do not ask user about SPAN if we specified command line argument
Version 2.0.4
Implemented ability to pass information about published flow spec mitigations with web hook
Reduced delay for attack detection from 3 seconds to 1 second
Remove information about subnet’s traffic from email notifications also. It’s useless technical information
Fix zero UUIDs for attacks in mongodb and for web hooks. Added complete attack description into JSON web hook
Use only smoothed (average) network counters for API / Graphite / InfluxDB export
Introduced new system counters to track number of hosts with traffic and without traffic.
Added new method for fcli to add new fields into schema for main configuration: upgrade_configuration
Reduced number of attempts to connect to MongoDB. Removed per-network stats from redis/mongo attack detail
Implemented ability to run FastNetMon without root permissions. Only for testing purposes.
Version 2.0.3
Fixed Netflow 9 sampling processing for case when we have non zero scope field
Fixed bug when we have multiple samplers in one packet. Fixes weird sampling rate for ASR devices
Version 2.0.2
Added timestamp in RFC 2822 to emails
Introduced configuration option to tune Netflow cache. Add explicit check that we should have cache folder for Netflow caches
Add handler for negative padding
Add support for sFlow packets with padding. We discovered this issue in Brocade ICX6610
Fix bug in installer. If we have /etc and /tmp on different block devices installer will fail to create configuration files
