@eugeneia eugeneia released this Apr 10, 2017 · 2262 commits to master since this release

Assets 2

This release upstreams Snabbwall into the main Snabb repository. Dragon also brings upgrades of LuaJIT (see what’s changed), and pflua. Also noteworthy is a new development branch for supporting the aarch64 architecture.

Major Changes

  • #1116 Upstreamed Snabbwall
  • #1111 Synced with LuaJIT v2.1

Minor Changes

Contributors

Adrián Pérez de Castro (63):

  • 8c6d135: Support IPv6 in the L7 packet scanner
  • 35179e3: Fix ipv6_addr_cmp(), and add ipv4_addr_cmp()
  • b1a89de: Fix review nits
  • eed5544: Fix offset for extraction of IPv6 source/destination addresses
  • cc8280c: Make lo_addr/hi_addr in flow keys arrays of bytes
  • 0fa645a: Discard Ethernet header when scanning IPv6 headers
  • c71aa04: Add comment for the ihl() function
  • 3a2e73d: Add a selftest() function to apps.wall.scanner
  • 0437b89: Remove unneeded assertions on flow key struct sizes
  • e919482: Combine intermediate hash result while iterating over the input
  • cf2da44: Do not clear the last bit of the calculated hash value
  • a820522: Add a __tostring metamethod for protocol_bitmask values
  • 6e0745a: Change log: Fix formatting.
  • dec356a: Expose the nDPI version and use versioned ndpi.protocol_ids
  • 782a6b6: Cater for differences between nDPI 1.7 and 1.8
  • c977233: Import LuaRocks' .rockspec files
  • 4a909ac: Release version 0.0.3
  • 0ecaffa: SnabWall: Add end spy-pcaps test runner
  • 92fed5c: SnabbWall: Import a bunch of test cases for "snabb wall spy"
  • afad674: SnabbWall: Print out stats after running "snabb wall spy" tests
  • 6dc9db6: Allow iterating over the active flows of a L7 scanner
  • 4f2cf50: wall-spy: Report detected flows at the end of non-verbose runs
  • 77a35df: wall-spy: Rename -v/--verbose flag to -l/--live
  • a9eda11: wall-spy: Rename reporter to LiveReporter
  • d4492d0: wall-spy: Document that the command works with TAP and Intel devices
  • 52625ab: wall-spy: Support packet+byte count statistics
  • 3ec3f1b: Do not pass "-v" to "snabb wall spy" when running tests
  • 0aa160e: wall-spy: Use correct link name for the RawSocket source
  • 1ae4a77: wall-spy: Properly calculate packets/s and bytes/s stats values
  • 7ba3858: Do not leak packets in apps.wall.util.SouthAndNorth
  • dfc8aa4: First pass at the SnabbWall application API reference documentation
  • ff62edc: wall-spy: Only print master protocol when it is known
  • 439437e: wall-spy: Convert port numbers to host endianness for flow reporting
  • 715c739: Use snabb-wall when installed, to reuse Snabb's command resolution logic
  • 193b490: Docs: Describe Scanner:extract_packet_info() and key objects
  • 157bfdb: Relicense to Apache License 2.0
  • 9c08985: Release version 0.1.0
  • 831f0eb: Generate ndpi/protocol_ids.lua from nDPI headers
  • 823c5ff: Generate ndpi/protocol_ids.lua from nDPI headers
  • 339ce1a: nDPI binding using LuaJIT FFI
  • 03681ce: nDPI FFI binding usage example using libpcap
  • e79a5d0: Add README file
  • 7573b0a: Add optional debugging output to examples/readpcap
  • 71d8cdb: Properly identify TCP/UDP packets for port extraction
  • 2f845cc: Do not hardcode input file for examples/readpcap
  • 59a703c: Make examples/readpcap show flows in terse format
  • 2ec05cb: README: Add brief example usage
  • aab270d: Use "/usr/bin/env luajit" in script shebangs
  • 6d1ae32: Remove usage of unexistant "base_type" variable
  • eb2518d: Wrap the proper name of the protocol bitmask type
  • bfd172d: Build the ljndpi FFI binding for nDPI into Snabb
  • c11f6e2: Improve README by adding some notes on the API
  • 91c84eb: Add small C-to-Lua examples in README
  • e8acff3: Make README refer to the example program, simplify examples
  • 6b0b927: README: Fix link to ntop documentation downloads
  • 415e404: README: Add authorship info, reorder sections
  • c5f7c11: README: Add paragraph welcoming fedback
  • 21187f8: Release version 0.0.1
  • 3e255be: Add skeleton for the "snabb wall" command
  • 0751416: Do not call ffi.gc() with nil function on created values
  • e5589f7: Release version 0.0.2
  • 0c8e946: Remove manual lib/ljndpi import
  • 5763476: Implement the L7Spy application and "wall spy" command

Alexandr Kostrikov (1):

  • ecbc4a3: Mailing list is abandoned

Asumu Takikawa (56):

  • da233f0: Merge commit '25289c5797b582a362ae22dad3e1089cc71a0837' into lib/pflua
  • 16acf1e: Update Makefile to build dynasm files in pflua
  • ef5de81: Read a "native" config option in pcap_filter
  • d9c63f2: Extend pcap_filter selftest to test native mode
  • 7769e0d: Fix references to intel1/10g apps in wall spy
  • 62672d2: First attempt at a l7fw app and filter program
  • 40eeadf: Allow pfmatch actions for l7fw rules
  • 7e6f8dd: Allow pfmatch rules to use the flow packet count
  • 78ee8f0: Have to index handler table by name and count
  • 393b8d2: Only recompile if the pfmatch uses $flow_count
  • fc6149b: Modify pflua to support extra pfmatch arguments
  • ddf1e14: Refactor spy program to allow code sharing
  • 6ac8f23: Make snabb wall filter more complete
  • 698a190: First implementation of reject l7fw policy
  • bafad40: Send ICMP responses only if host ip/mac are set
  • 3a738e6: Output a TCP RST for rejects for TCP traffic
  • f74156b: Add README for snabb wall filter
  • f953f7e: Send rejection packets to a separate output port
  • 38dad92: Add support for ICMPv6 responses in l7fw
  • e731778: Enable passing IP & MAC to snabb wall filter
  • 675040a: Make snabb config filter take a rules argument
  • 30437d0: Add a test script for 'snabb wall filter'
  • 00747e2: Fix incorrect ethernet type for IPv6
  • 4d789d0: Fix incorrect payload calculation for ICMPv6
  • a9c1496: Add unit tests for apps.wall.l7fw
  • b0656f3: Add docs for L7Spy and L7Fw
  • 0aac8a7: Adjust -e and -f flags and document both
  • 102e45c: Add a report option to snabb config filter
  • aa408b8: Update test for new snabb wall filter report
  • 22e5709: Support logging packet actions to the system log
  • e584403: Simplify handling of extra pflua filter arguments
  • 0c8da90: Move assert statement earlier in the call graph
  • fbcd59d: Lift some constants as definitions
  • 3efcc82: Fix undefined variable in pf.savefile
  • b5352a4: Fix typo in lib.protocol.tcp constructor
  • 8152ad9: Backport pflua fixes from Igalia/pflua
  • 168b1be: Assert that the rules file exists
  • da90ff2: Explicitly require the bit library in l7fw
  • 86e3207: Fix typo in L7Spy API docs
  • b19056b: Add duration arguments for 'snabb wall` commands
  • 33523c4: Fix "tx"/"rx" link names that were reversed
  • a77446e: Fix PPS & B/s printouts for snabb wall spy
  • 15a90b8: Workaround for intermittent segfaults
  • 90151e6: Move constants to separate module & localize
  • 5680c60: Pre-allocate the flow key objects and rewrite
  • f4e9e1a: Use dynasm to optimize ndpi binding functions
  • aa03883: Add a --cpu option to 'snabb wall filter'
  • 4d1bd21: Report bytes/packets/bps for 'snabb config filter'
  • a45e44c: Add a benchmarking script for 'snabb wall filter'
  • 0e21baf: Fix typo ("nddp" -> "ndpp")
  • 42e2940: Adjust snabbwall test path to work on NixOS
  • f2419ca: Change binary from "snabbwall" -> "snabb-wall"
  • 0e4a2cb: Update .gitignore for ljndpi
  • f4afc0f: Revert Makefile changes for upstreaming Snabbwall
  • 65c77bc: Add an ok printout for l7fw & scanner selftests
  • 0628e24: Add Snabbwall branch info to src/doc/branches.md

Jianbo Liu (1):

  • ae0014d: Add development branch for ARM aarch64 platform

Luke Gorrie (3):

leenaars (1):

  • ae83a0d: Rename snabb to snabbwall