v4.11.1

Change from v4.11.0:

• fixed build on OpenWrt

Brief list of changes from v4.9.0:

Improvements:

• IPFIX: propose new variable (cmd line option) to set ipfix template refresh rate
• DPDK: improvement of config and init script
• Flow cache: improve hashing to incorporate VLAN info
• statistics: improved monitoring capability, added additional statistics

New plugins:

• GRE: add new plugin to export GRE tunnel information
• VLAN: add new plugin to export VLAN information
• NetTiSA: Add new NetTisa process plugin, see https://arxiv.org/abs/2310.05530
• OVPN: Improvements (Added RTP header validation function, Improve detection)
• HTTP: Add parsing HTTP response headers server and set-cookie names
• ICMP: Add new ICMP process plugin to export ICMP information
• Flow Hash: add new plugin to export Flow Hash field

BUGFIXES:

• templates and byte encoding (HTTP)
• QUIC: bugfixes and checks

v4.9.0

Changes in v4.9.0

Brief list of changes from v4.7.1:

• flow cache: add VLAN ID to the flow key
• ovpn: enhanced algorithm to minimize false positives
• SSADetector: add new plugin to detect possible SYN-SYNACK-ACK sequence to detect VPN within exiting connection
• Support parsing of IPv6 mobility header
• pstats: Improve Input & Output pugin stats
• pstats: bugfix of recognition of zero length packets
• optimization: do not export some additional info for short flows
• tls: fix buffer overflow error (causes crashing)
• tls: Support TLS v1.3
• tls: Support of extracting TLS version from handshake extension
• rpm hotfix: disable automatic setting of hardening flags
• DPDK: bugfix of HW timestamps
• DPDK: compliance, different constant names
• DPDK: bugfixes
• DPDK: changed RSS setting to use IP only
• DPDK: allow running as a secondary DPDK process, reading from mring
• DPDK: allow reading from multiple port of the network interface
• init/service: improved config & service to set lcores

v4.7.1

Changes in v4.7.1

• http: Removed trailing '\r' from HTTP exported fields
• tcp: fixed seq&ack tracking
• dpdk: reworked plugin
• slightly improved doc/help

v4.6.1

Compared to v4.6.0, this version contains only build-related fixes for OpenWrt compilation.

v4.6.0

Brief list of changes:
* Refactoring and fixes of QUIC plugin
* Zero-copy packet processing
* Update of xxhash code
* Remove std::future feature for workers terminations

v4.5.0

Brief list of changes:

• FIXED variable-length IE IPFIX export (quic, http, tls)
• FEATURE QUIC: Export of new information elements in QUIC plugin
• FIXED wrong export reason

v4.4.0

Brief list of changes:

• improved performance by replacing std::stringstream by std::string (due to global lock)
• improved WireGuard confidence
• fixed QUIC plugin
• fixed uninitialised variable
• fixed UniRec flow duplication
• cleanup IPFIX elements and fixed their duplicates (compatibility of some elements with flowmon exporter)
• added DLT_RAW link-layer of libpcap

v4.0.0

The ipfixprobe flow exporter is used to process packets of the high-speed network traffic to create aggregated information about ongoing traffic. The output of ipfixprobe are IP flows represented in the standard IPFIX format, thus the tool is compatible with common monitoring and detection systems. To receive packets from the network card, ipfixprobe supports libpcap and DPDK technologies and is also compatible with COMBO accelerator cards developed by CESNET. This makes it possible to monitor high-speed traffic at speeds of up to around 170Gb/s. The ipfixprobe architecture is modular and contains a number of plugins that extend common IPFIX data information. More advanced packet sequence statistics allow the use of machine learning methods to classify network traffic, including encrypted communication.