This release of nfdump delivers numerous improvements, removes obsolete code, and fixes many bugs. The focus of this version is stability, cleanup, and preparing the codebase for the upcoming 1.8.x “Colibri” branch.
Notable Changes
- Improved build system using autotools.
- Fully revised pcap reader; old implementation removed.
- Improved overall code robustness and extensive cleanup of legacy code.
- Correct handling of records containing both IPv4 and IPv6 extensions.
- Implemented dual‑stack listener support for nfcapd and sfcapd.
- Cleaned up sequence checks in NetFlow v5 and v9 modules.
- Major refactoring of the collector’s generic code; removed old exporter flowsource logic.
- Added
--enable-ltoto enable link‑time optimization. - Added
--enable-nativeto generate locally optimized binaries. - Exporter IP anonymization added to nfanon.
- User‑supplied worker thread count now also applies to filter threads.
- Introduced a post‑processor thread in the collector to speed up rotation cycles.
- nfanon now supports
-W numto request a specific number of worker threads. - Removed
MAXWORKERS; worker count is now limited only by available CPU cores. - Fixed memory leaks in SSL payload processing.
- Improved nfpcapd with an adaptive slab allocator and replacement of the RB‑tree with an open hash.
- Replaced the pcap reader in nfpcapd with a faster
mmap‑based version. - Replaced slow packet dump code with native system calls in nfpcapd.
- Fixed IP fragment initialization in nfpcapd.
- Fixed race conditions and replaced all
localtime()calls with thread‑safelocaltime_r().
Many additional small fixes, cleanups, and refinements are included.
Project Status
This is expected to be the final release of the 1.7.x “Unicorn” branch. Development of the 1.8.x “Colibri” branch continues at:
https://github.com/phaag/nfdump/tree/devel_1.8.x
Testers are welcome.