github phaag/nfdump v1.7.2
nfdump-1.7.2

latest releases: v1.7.5, v1.7.4, v1.7.3...
18 months ago

Nfdump-1.7.2 removes old code, and got some new features. It fixes a few bugs and improves stability.
As of nfdump-1.7.2, it is now the recommended version in production.

For the full list of changes, see the ChangeLog file.

Some highlights:

  • Update nfcapd/sfcapd man pages for erspan data link
  • Implement erspan protocol in nfpcapd packet processing
  • Sync ipfix and netflow_v9 for option field processing
  • Handle buggy option data(!) from exporter
  • Fixes compile warnings for Linux(es) and *BSDs.
  • Fix v9 option template processing
  • Fix option record processing for multiple records
  • Fix ipfix nbar processing
  • Update pcap reader with erspan device
  • Fix fmt argument parsing
  • Add IPv4 in IPv6 special cases in geolookup
  • Fix IP version check in geolookup
  • Disable signals in threads. Different OS handle signals differently
  • Recongnize old sampler with missing algorithm tag #35
  • Fix memory leaks
  • Update pcap_reader and add CISCO application performance monitor tags
  • Add ERSPAN decoding to pcap_reader
  • Check uid root for src spoofing option
  • Fix valgrind error for uninitalised memory. #431
  • Update lz4 code
  • Update number of enabled tags in v9 and ipfix
  • Add collector option -X to limit stored data.
  • Implement %sasn, %dasn organisation name printing tags. See #430
  • Improve geoDB handling. Needs rebuild of the geoDB.
  • Wire sampling extension for individual sampling
  • Update ICMP type/code handling. Issue #423
  • Codespell - cleanup
  • Fix #415. ICMP decoding in netflow v9
  • Pimp pcap_reader
  • Added source address support for nfreplay
  • Fix dst tos bug in output_raw
  • Add geo info in JSON output when using GeoDB. #402
  • Fix 408. Interchanged time stamps
  • Add icmp type/code elements 176, 177, 178, 179
  • Add unique version string
  • Add OpenBSD pflog format in nfpcapd
  • Add Linux nflog in nfpcapd
  • Replace old packet repeater code with more modern privsep code
  • Replace old launcher startup code with more modern privsep code
  • Fix compile issue #395 on Alpine Linux

Don't miss a new nfdump release

NewReleases is sending notifications on new releases.