mindrot.org projects weblog
Fri, 30 Apr 2004
It has been a while, but softflowd 0.9 has finally been released. There are quite a few changes in this release, so here are the highlights:
- softflowd now chroots to /var/empty and drops privileges on startup, greatly reducing the impact of any vulnerability in softflowd itself
- We now lock the underlying BPF descriptor against further changes, which further limits what an attacker can do. (Only OpenBSD supports the necessary ioctl for this at present).
- Improved the Perl NetFlow collector (collector.pl) with more useful output and IPv6 listen support
- Several performance improvements.
- Added a separate timeout for ICMP traffic (the default "general" timeout was too long).
- Support for exporting flows to an IPv6 host.
- Builds are now performed using GNU autoconf (horrid, but needed for Solaris support)
- Preliminary, experimental and probably broken support for Solaris 9
- Fixed a number of reliability bugs found in a code audit.
posted at: 12:00 | permanent link