NeTraMet Version History
========================
v4.4 20 Feb 02
In examples/ directory, moved old rules.* examples
to non_srl. The srl examples are now in the
examples/ directory.
SNMP security issues. I've tested NeTraMet's
SNMP code using the PROTOS test suite. A test
for negative lengths in the ASN.1 parsing code
has been added - that was the only change needed.
The SNMP routines (in snmplib/) perform a lot of
parameter checks, and calls on an ERROR() define.
By default ERROR does nothing. If you're tesing
an SNMP manager against NeTraMet, you can turn
those messages on by adding -DDEBUG to the CFLAGS=
line in snmplib/Makefile and rebuilding the
snmp library.
Change 'interface number' attributes to use
16-bit integers instead of 8-bit. This can
be useful when using NetFlowMet.
v4.4b11 25 Nov 01 Implement -C option for nm_rc, exactly as in
NeMaC. This allows you to use nm_rc to test
rulesets against trace files being read by
crl_ntm or dd_ntm. Sample commands to do this
are:
./crl_ntm -T5 -m1234 -Strace_file -wW~com
./nm_rc -C -m1234 -rpeers.rules localhost W~com
Note: you need CoralReef version 3.5 to build
crl_ntm!
Speed improvements in flowhash:
- move code which doesn't need to be executed
on every call outside blocks in match()
- implement list of running rulesets, instead
of doing serial searches of ri[] table
- use 32-bit hash values for flow and stream
hash tables, use table size specified by
user (rather than trying to pick a prime
above it - that doesn't help, since we
use a set of distinct primes for hashing)
Use long long integers (8 bytes) for counter64
if the host supports them. Newer Pentiums do,
this provides a useful speedup.
Change 'shutdown' request character. It was
a single ESC, but it's too easy to hit a key
which sends an escape sequence! Now you have
to type ESC ESC Return to shut down the meter.
Fix little problems which gave warning messages
when building NeTraMet on an alpha running
Digital Unix. The configure script wasn't
recognising the OS correctly; this didn't
cause problems because none of the programs
have defines testing this any more.
MinPDUs gave compilation errors on alpha,
fixed by adding c64geint() define.
Linux kernel reset promiscuous mode when
forking a NeTraMet daemon. Changed meter_ux.c
to fork first, then open the interfaces.
NeTraMet, NetFlowMet, LfapMet, crl_ntm, dd_ntm
(i.e. all the meters) write error messages and
summary information to a log file using log_msg(),
in the same way as NeMaC. The name of the log
file is meter.log, it will be written in the
directory where the meter starts running.
v4.4b10 23 May 01 LfapMet: RTFM meter for LFAP, code contributed
by Remco Poortinga, <
[email protected]>
Added files in src/meter
- README_LfapMet Notes about LfapMet
- lfapmet.h LfapMet globals
- lfapmet.c LfapMet support routines
Added two new MIB variables to reader row,
MinPDUs (default 0) and TimeMark. A flow must
have at least MinPDUs either to or from before
it will be read by a meter reader. TimeMark
is needed to associate an SNMP getnext request
with a particular reader.
MinPDUs can be set using the -M option.
nifty default is -M20, NeMaC default is -M0
Improved save.sav so that it only saves the
files we really need in the NeTraMet distribution.
v4.4b9 11 Apr 01 Fixed bug in NeMaC include statement.
getarg() no longer allows semicolon in an
argument.
Fixed srl compiler bug; optimise 3 wasn't
recognising the end of AND expressions
properly.
NeMaC could fail to open a flow data file
(e.g. because it already existed with
no write access); it now reports this
and doesn't try to run that meter/ruleset.
NeTraMet Coral interface improved to handle
two Dag cards properly. Reads blocks of
cells from each then merges them by timestamp.
NeTraMet uses -Siii to specify a Coral source
(instead of -C'source iii' *****).
v4.4b8 8 Aug 00 Fixed bug in fd_extract.c; needed to use
attr_ix[a] when listing column info.
Modified nmc_snmp so as to report (via log
file) size of "only one package" SNMP pDUs.
This required adding pdu_len to both snmp_pdu
and internal_snmp_pdu in snmplib.
srl compiler was warning when user redfined
a well-known port, but ignored the new definition.
This has been fixed, the new definition is used
instead of the default well-known port number.
Corrected ntm_conf.hin file so that it has ALL
the defines tested for by configure.in. It
was missing several, including WORDS_BIGENDIAN,
Changed configure.in to improve matching of
operating system name when setting the OS define.
Fixed bug which prevented rate distributions from
being collected (this worked properly in 4.3). A
test that an event (to which the distribution could
be linked) existed was wrongly implemented.
Fixed bug reported by Dylan Hall, 31 May 00
NeTraMet -l options wasn't working because
pp.p_len was being overwritten.
Deimplemented TCP_ATR define. TCP attributes are
now implemented as part of the new attributes,
controlled by #define NEW_ATR.
v4.4b7 22 May 00 Increased size of symbol and label tables
in srl compiler, to allow compiling of *much*
bigger programs.
[Bug report and patches supplied
by Carsten Schmoll, 15 Mar 00]
fd_filter now allows != as well as == operators
in tag descriptions. This allows you to create
a tag for bidirectional flows, e.g.
tag 3 ToPDUS != 0, FromPDUs != 0;
The srl compiler now allows Ruleset names to
be identifiers, not just integers, e.g.
set my_big_ruleset;
Ruleset names must be <= 16 characters long.
A CoralReef version of the meter, crl_ntm, has
been implemented. You can use crl_ntm to analyse
CoralReef or tcpdump trace files. crl_ntm
has tree new command-line options:
-C'source fn' Tells meter to read file fn
-T sss Specifies the NeMaC sample interval
(default 10 seconds)
-N nnn Specifies the number of intervals
(default 0, i.e. process whole file)
NeMaC has a new command-line option too:
-C Tells NeMaC that this meter is
runing from a Coralreef trace file
v4.4b6 22 Feb 00 Change to using autoconf Configuration
Header File. The ntm_conf.h file (in the
base directory) is now included by all the
source programs. It contains all the options
detetected by autoconfigure, together with
some defines giving NeTraMet's version number.
One advantage of this is that there is a lot
less text displayind while Making Netramet.
When NeMaC is shut down gracefully (by a
SIGTERM or SIGINT) it will now collect the
flow data gathered since the last collection
for all the meters it is controlling.
[This change was suggested by
Robert Strycharczuk, 10 Feb 00]
NeTraMet (on Unix and Cygwin32) has been
extended so as to handle PPP interfaces.
PPP flows are assumed to be IPv4 (the most
likely possibility), they have AdjacentType
AT_PPP (i.e. 23) and AdjacentAddresses 0.
[This change was suggested by
Gerald Richter, 10 Dec 99]
When displaying domain names instead of IP
addresses, nifty may have to wait a long time
for the DNS response. It now displays a
'cross-hair' cursor while waiting on DNS.
nifty.srl has been modified to plots diamonds
instead of pluses for multicast flows.
Port NeTraMet to MS Windows, using the Cygwin32
environment and WinDump's BPF drivers
- ported libpcap to cygnus+windump
- changes to meter_ux for CYGWIN32 (can't
assume that pcap files work with select)
- changes to snmpapi.c and snmpclnt.c
(Cygwin32 doesn't have `timerset' defines)
v4.4b5 12 Jan 00 Allow fd_filter to have character constants
in tag specifications, e.g. DestKind = 'F';
Fix bugs relating to ASNs looked up using
OCX_BGP (i.e. in a bgp.txt file). These were
- Lookup wasn't being done if DestASN was
saved but not SourceASN
- S/D ASN attributes weren't being set to zero
if the IP Address lookup failed (i.e. when
we couldn't find its ASN).
Correct Makefile.in files to set GF variable
(it was $GF by mistake).
v4.4b4 16 Nov 99 Update mib.txt to use RFC2720 version.
Add support for NetBSD on Alpha:
* Use XtPointer in nifty source, cast
to IntFromPtr when values are used
* Set __unix__ = !defined(DOS)
in btypes/types.h
* Use POINTER_DATATYPE instead of Bit32 for
subnet pointer arithmetic in integrat/subnetd.h
* Cast bytes to counter64 in getcounter64()
in manager/nmc_snmp.c
* Recognise NetBSD in configure.in
* Change source to use !defined(DOS)
instead of defined(__unix__)
v4.3 30 Sep 99
Added a GFLAG variable to the configure.in
script and the Makefiles. By default this
is null. Set it to -g to build executeables
which have symbolic information for debugging.
Replaced mib/mib.txt with a new version, using
the 'Proposed Standard' RTFM Meter MIB.
Added config support for Alpha (Tru64 Unix) systems.
This corrects several bugs introduced since 4.2;
they only showed up on a 64-bit machine.
* The Tru64 C compiler is much more 'picky' than gcc!
Cleaned up the source so as to get rid of
warning messages
* Change snmp library so as to use Int32 for
ASN.1 INTEGERs and Bit32 for TIMESTAMPs.
The original CMU code used 'unsigned long'
for both. Made corresponding changes to
the meter and manager programs.
NeTraMet and NeMaC as daemons: -D option
* NeMaC
./NeMaC -D runs NeMaC in its own Unix session
* NeTraMet
./NeTraMet -D and ./NetFlowMet -D
runs the Unix and NetFlow meters in their own
Unix session. Before doing so it disables
the screen and keyboard, so -k -s are implied
by -D.
CAUTION: -d turns on diagnostic dumps of the
SNMP packets. Don't set this by mistake for -D!
Implemented command-line defines for srl.
For example
./srl -DW=16 "-Dext = DestPeerAddress/24" xxx.srl
defines w to be 16, and EXT to be DestPeerAddress/24.
Note the quotes around the second define; they are
required if the define text contains blanks.
Modified NeMaC ruleset parser to skip dots and
digits at the end of addresses. This allows it
to download rulesets produced by an srl compiler
compiled with the V6 option set even if NeMaC
was compiled with the V6 option not set.
v4.3b10 26 May 99
Support for IPv6
* Controlled by V6 option in the source files.
To enable this:
a) If you run autoconf to build the Makefiles
change AC_DEFINE(V6, 0)
to AC_DEFINE(V6, 1)
before running autoconf
b) Otherwise, in the configure script
change #define V6 0
to #define V6 1
before running ./configure
* The SRL compiler allows V6 addresses, as
specified in RFC 2373. Although v6 addresses
have a fairly simple form, it's easy to get
it wrong. The compiler tries very hard to
produce helpful error messages for them.
* The NeTraMet meter handles v6 packets,
returning them to the manager with
SourcePeerType = IPv6
(IP and IPv4 are synonyms for IP version 4)
* The managers (NeMaC, nm_rc and nifty)
display IPv6 addresses as per RFC 2373.
* fd_util and fd_extract handle IPv6
addresses properly.
Other changes
* SRL compiler will allow redefinition of
'built-ins,' i.e. well-known ports, address
families and transport types. A warning is
given telling the user what was declared.
* Lots of bugs fixed in SRL compiler handling
of syntax errors. These either crashed the
compiler or sent it into infinite loops
while reading the source program.
v4.3b9 16 Feb 99
* The distribution file now has TCP_ATR set
by default, so that the TCP-based attributes
are available for use. So as to minimise the
meter default memory requirements, several
new memory-allocation command-line options
have been implemented. The complete set of
these is now:
-f fff Max of fff flows
-u rrr Max of rrr rules
-b bbb Max of bbb TCP flows <<< NEW
-t ttt Max of ttt TCP streams <<< NEW
-v ddd Max of ddd distributions <<< NEW
-e eee Max of eee distrib events <<< NEW
* Implement ASN lookup in NeTraMet meter.
This uses Joel Apisdorf's bgp code from
OCxMON. The src/meter Makefile contains
variable USE_OCX_BGP, which is commented
out by default. Uncomment it, and make
will include ASN lookup in the meter.
To use it:
a) Set the environment variable DEFAULT_AS
(I set it to my own AS number)
b) The meter starts up by reading a file,
bgp.txt. You can create this file
for your own network using SHOW IP BGP
on a Cisco router. NOTE: a full bgp
routing table will take 5 to 10 MB of
memory space on the meter.
c) By default the meter looks up 'next-hop'
ASNs, i.e. the ASN the router would
send packets to. The command-line
option -o will look up 'owner' ASNs
instead.
v4.3b8 4 Feb 99
* Implement distribution-valued attributes
in fd_filter
* Fix memory management problems for TCP
subflows in meter. Implement TCP-related
distribution attributes in meter, NeMaC,
fd_filter and srl.
v4.3b7 8 Jan 99
* Implement TCPdata attribute in fd_filter
* Fix NEW_ATR vs TCP_ATR bugs in meter_ux.c
and nf_fwd.c
v4.3b6 23 Dec 98
* Fix bugs concerned with intermixing
of NEW_ATR and TCP_ATR
v4.3b5 26 Nov 98
* Fix bug in SRL compiler, which wasn't
distinguishing between
save sourcetransaddress;
and
save sourcetransaddress = 0;
v4.3b4 25 Nov 98
* Fix endian problems in netFlowMet,
reported by Kevin Hoadley.
v4.3b3 16 Nov 98
* Set up new CVS repository to make it
easier for co-developers to submit
code changes / suggestions.
v4.3b2 12 Nov 98
* Aufoconfigure changed to test for Motif,
since nifty requires Motif as well as X.
* Support for FreeBSD: changed source files
so as not to include malloc.h on systems
which don't have it!
* Documentation error for NeMaC. Command
line option -P specifies open-append-close
behaviour for the >>log<< files only.
It was previously documented (see below)
as doing this for flow data files only.
v4.3b1 23 Oct 98 Changes contributed by Nicolai Guba (BT Labs) ..
* Command-line help is dispayed if no options
are specified for
NeMaC, nm_rc
NeTraMet (Unix meters, not PC meters)
NetFlowMet
* -b mmm command-line option
Tells NeMaC and nm_rc to read the mib from
file mmm.
* The NeTraMet distribtion file, and the way
you install NeTraMet on a host has been
changed to make it more like the GNU programs.
The executable files are no longer in
separate directories. Instead (by default)
they are built in the src/ directories.
To install NeTraMet into directory xyz
you can simply
./configure
make install
OCxMON meter improvements ..
The NeTraMet meter now allocates as much of
its memory as possible when it starts up, so
as to minimise allocation overhead. Space for
rulesets is allocated at startup, with a default
maximum of 2000 rules total for all rulesets.
* New meter command-line option:
-u nnnn
allocates space for a maximum of nnnn rules
v4.2.2 16 Nov 98
* Correct bug in nmc.h (inconsistency
introduced when de-implementing 'detail'
as synonym for 'trans' in attribute names.
This caused NeMaC and friends to crash
v4.2.1 2 Oct 98 Patch release ..
* NeMaC crashed with Owner names longer than
six characters. This was because SET_STRING
only ever allocated RULE_ADDR_LEN chars!
* SRL programs which start with an imperative
statement now start with a GotoAct, Next
rule. Without this they don't work!
* fd_extract and fd_util now handle 64-bit
counter attributes (e.g. topdus) properly.
'Editorial' improvements have been made to
the fd_util manual.
* A memory leak has been fixed in the SNMP
snmpapi.c. Error logging has been added
for snmp error/info/debug messages; these
now go through log_msg(), as used for
other NeMaC errors.
v4.2 5 Aug 98
* The distribution file has been changed so
that it no longer has subdirectories for
the various operating systems. The best
way to install NeTraMet is to use autoconfig;
see the INSTALL file in the autoconf/
directory.
* The 'os-specific' directories are no longer
included in the distribution file. Users
must build the version they need using
configure in the autoconfig directory.
SRL Compiler
* The program srl is an optimising compiler
for SRL, the Simple Ruleset Language. SRL
is documented in an Internet Draft, available
from the NeTraMet and RTFM home page.
srl [options] source
compiles the file 'source', producing a rules
file ready to be used by NeMaC. Source files
will normally end with .srl and rules files
with .rules. For example
srl test-prog.srl
produces test-prog.rules.
Compiler options:
-l List source program
-s Syntax check only
-ann 'Assembler output' level N
nn=0, rules in numeric form only.
nnn Requires NeMaC v4.2.
nn=1, attributes and actions given
as words. This is the default.
nn=2, as for nn=1, but don't delete
intermediate files.
-Onn Optimisation level.
nn=0, no optimisation at all.
nn=1, peephole optimising to delete
redundant rules from intermediate
files. This is the default.
nn=2, optimise tests by mask length
within expressions (shortest
masks first, after allowing for
overlapping addresses/masks).
nn=3, as for nn=2, but optimise
expression between if clauses
and between statements.
* srl extends the language (as described in
the Internet Draft by adding a number of
extra statements:
include fffff ;
Will read all the text from file fffff.
includes may be nested (i.e. an include
file may include other files). srl looks
for the file in the same directory as the
source file.
optimise nn ;
optimise * ;
optimise ;
Allows you to change the optimisation level
as required for different parts of your
program. optimise ; resets the level to
the value specified on the command line.
optimise * ; is used to indicate breaks
between optimised expression groups .
set nn ;
format aaa .. aaa ;
statistics ;
These three statements are passed on (via
the output file) to NeMaC. String constants
in a format (specifying separators in flow
data files) may include C-style constants
(introduced with a \).
* A collection of SRL programs is provided in
the examples/srl directory.
v4.2b5 11 Jun 98
* Fix bug in getting reader_name. This
prevented NeMaC et al from reading any
flows from the meter!
* Use riFlowRecords instead of msNbrFlows for
ms->NbrFlows. This means that nifty will
display only the total flow for its current
ruleset; it used to display the total
number of flows for all rulesets.
v4.2b4 3 Jun 98
* Use LastTime instead of sysUptime to get
meter time in NeMaC, nm_rc and nifty.
* Fix bugs in SNMP library which caused
early timeout of some SNMP packets.
v4.2b3 22 May 98
* Implement better hashing algorithm for
flow table and rulesets. Multiplies bytes
of peer and trans addresses by small primes,
and uses larger primes as the size of the
various hash tables.
* Fix sundry bugs revealed in beta testing.
v4.2b2 11 May 98
NetFlowMet (NeTraMet + NetFlow = NetFlowMet):
* A new version of the meter has been added
to the distribution. This takes NetFlow
data from a Cisco Router (I've tested it
using a 7200) and uses this to build the
flow table.
To start NetFlow on a router (in brief):
- start NetFlow on each interface
[no] ip route-cache flow
- start exporting the NetFlow data
[no] ip flow-export <IP addr> <UDP port>
<IP addr> is the address of your NetFLowMet
meter, <UDP port> is the port NetFlowMet
will use to recieve the data.
You may specify the udp port number by
using the
-i pppp
option on NetFlowMet's command line.
If no -i option appears, port 9996 is used.
You may specify up to four port numbers
by giving a list of -i options, e.g.
-i 12001 -i 12002 -i12003
would listen for NetFLow data on UDP ports
12001, 12002 and 12003.
NetFlowMet provides five new attributes
which can be used in rulesets:
+ MeterId (8 bits, mask 255)
Index in -i option list, e.g. port
12002 above would produce flows with
MeterID = 2.
+ SourceASN, DestASN (16 bits, mask 255.255)
Autonomus System Numbers for source
and destination networks. These may
be "Origin" or "Peer" ASNs; you must
specify which when you start flow export
from the router.
+ SourcePrefix, DestPrefix (8 bits, mask 255)
Mask length for source and destination
IP addresses (i.e. SourcePeerAddress
and DestPeerAddress).
Changes in downloading rules:
+ A hashed search is used when translating
rulesets. This should speed up the
translation process by a factor of 10x to
20x (NeMaC).
+ Rules are now downloaded 10 at a time.
This dramatically reduces the time taken
to download rulesets (NeMaC).
+ A meter bug which prevented downloading of
rulesets with more than 32767 rules has been
fixed (NeTraMet).
Changes to NeTraMet:
+ When grabbing the value of an attribute from
a packet header, NeTraMet didn't check that
enough bytes were read. This could have
caused problems with TCP packets with lots
of IP options.
NeTraMet now checks the data is there before
grabbing values from it. If it's not, zero
is used instead.
Changes to NeMaC:
+ When NeMaC is shut down gracefully (by a
SIGTERM or SIGINT signal) it now shuts down
the tasks it is running on all its meters.
It used to leave them running, which matched
what happened with v3 meters and managers.
+ #EndData record added at end of every sample
in flow data files. This allows real-time
processing of flow data - without this one
had to wait until the next sample started.
+ The Unix SIGUSR1 signal is used as to
indicate that NeMaC should start a new flow
data file. This provides an alternative to
using a 'flag' file to do this.
+ The Unix SIGUSR2 signal is used to switch
testing on and off.
+ New command line option:
-Y logname tells NeMaC to send log messages
messages to syslog.
Specifying -L logname writes the log to the
file 'logname'. Specifying -Y logname writes
log messages to syslog, with 'logname' as the
identifying program name within syslog.
You may specify both -Y and -L; this writes
the messages to both places.
If no logging is specified, the log will be
written to a NeMaC.log.nnn file, as usual.
If you wish to use the -Y option, you must
modify the Makefile (probably
autoconf\manager\Makefile.in)
to define the variable LOG_LOCAL.
+ Changed behaviour when a meter fails to
respond to NeMaC's attempt to start it. NeMaC
used to ignore such meters; now it polls them
and will download rules when they restart.
+ Fewer messages for 'normal' running. Set
the 'verbose' option (-v) if you still wish
to see messages like 'xxx rules downloaded'
+ Fixed 'file handle leak' bug, which used to
cause NeMaC to crash after many attempts to
contact a non-responding meter.
v4.1 24 Nov 97 Production release 4.1
* Documentation files are now in PDF format on
the NeTraMet home page, i.e.
http://www.auckland.ac.nz/net/Accounting
* The PC executable files have been separated
out from the 'distribution' file. They're
in the file ntm41-pc.zip.
v4.1b15 22 Sep 97
* Use WORDS_BIGENDIAN and SIZEOF_LONG
defines to implement native Alpha code
for get and put of 64bit counters.
Use autoconfig to build this if you want
to try it (see below).
v4.1b14 9 Sep 97
* Fix 'endian' bug in nmc_c64.c (which
produced impossibly big counts in flow data
files when running NeMaC on linux).
These changes were implemented using the
WORDS_BIGENDIAN define in autoconfigure.
The recommended method of building NeTraMet
is to use autoconfig; see the INSTALL file
in the autoconf/ directory.
* Fix ASN1 OID encoding bug. Symptoms were
that the NeTraMet meter would run normally
for about 30 days, then start sending back
flow data packages for flows which hadn't
been active.
* Change PC meter to initialise uptime counter
before starting packet drivers.
v4.1b13 17 Jul 97
* Owner names for NeMaC, nm_rc and nifty
A new parameter, the 'owner name' has been
added for these programs. It is an
alphameric identifier, up to 16 chars long.
The owner name is used to identify rulesets,
manager tasks and meter readers in the
meter control tables; this is neccessary
when the meter is running more than one rule
set. The owner name follows the write
community name on the command line or
config file line.
* #Ruleset records in flow data files:
RuleSet numbers in flow data file records
no longer refer directly to the SET number
as they did in v3. Instead they refer to
a ruleset's row in the meter RuleInfo Table.
The flow data file includes a new # record
to indicate the SET number for RuleInfo
rows. Their format is as follows:
#Ruleset: x setname rfname owner
x is the RuleSet number, as it
appears in the flow data records
setname is the name from the SET statement
(for v3 AND V4.1 this is an integer)
rfname is the name of the rule file
owner is the owner name for this ruleset
v4.1b10 30 Jun 97
* New manager option:
-E nn Specifies the timeout (in seconds)
for rEeader rows. If collections
stop (e.g. because a manager has
failed), the meter will delete the
row after this time. The default
is 0, i.e. the row will never time
out.
* Change to manager option:
-h pp Specifies HighWaterMark for a manager
task. In v3 the meter default was
65 (percent). In v4.1 the default
is 0 (no test for high water).
* MatchingStoD attribute:
The attribute 'matchingStoD' is set by the
Packet Matching Engine. Its value is 1 if
the packet is being matched with its address
attributes in 'StoD' order, (i.e. as they
appear 'on the wire'), and 0 if the packet is
being matched with its addresses swapped.
See RFC 2063 for a detailed description of
packet matching.
* NeMaC keywords:
'nomatch' is now a synonym for 'retry.'
This name was discussed at the Montreal RTFM
WG session, and is used in the ruleset examples
given in RFC 2123, "Experiences with NeTraMet."
v4.1b4 22 May 97 SNMPv2, 32-bit PC meter
* NeTraMet and its manager/readers (NeMaC,
nm_rc, nm_st and nifty) all use SNMPv2
instead of SNMPv1. They now implement the
Meter MIB of RFC2064 (and the newer RTFM
Internet Draft which updates it).
The most significant effects of this are:
v4 meters can run multiple rulesets
simultaneously, and
64-bit counters are used for packet
and byte counters.
* v4 managers will work properly with v3
meters. v3 managers, however, will NOT
work with v4 meters. To change to using
v4 you should change your managers first,
then your meters.
* There are two changes to the format of
flow data file records:
Dates now use four digits for the year
(1997 instead of 97)
The integer values used for PeerTypes
have changed. You should not be
affected by this unless you have
analysis applications which use
PeerTypes to distinguish flows.
* The 32-bit version of the PC meter uses
all available memory. 16 MB of memory should
allow it to handle a table of 100,000 flows
or more.
The readme.txt file in the ntm41-b4.zip
file gives detailed setup instructions.
New options in Meters (PC and Unix):
-m pp specifies the IP port number to
use for SNMP. Default is 161
-l specifies that meter should use
the length field from IP headers
for the number of bytes in IP
packets. Default is to use the
MAC (hardware) packet size.
v3.5 6 Sep 96 Multiple ethernets for the PC meter:
* The PC meter (netramet.exe) can now handle
up to four interfaces. New command line
options allow you to specify the interfaces,
as follows ..
-i nn specifies that the packet driver
using software interface nn (decimal)
is to be metered.
e.g. -i96 would meter interrupt 0x60
-h nn as above, except that if you have a
packet driver which implements the
'high-performance' driver specification,
NeTraMet will take advantage of it.
-I nn as above, except that no metering will
be performed on this interface, instead
it will be used only for IP packets
to or from the meter.
If no interface is specified as 'IP only,'
the first interface appearing as a -i or
-h option will be used as the meter's IP
interface.
v3.4 8 Aug 96 nifty: an X/Motif 'flow analyser' program
* Presented to RTFM WG at the Montreal IETF
as 'NetFlow,' renamed to avoid confusion
with Cisco's 'Net Flow Switching.'
Changes to NeTraMet:
* NeTraMet can monitor up to four interfaces
instead of only one. Specify this with
a -i option for each one, e.g.
NeTraMet -inf0 -ile0 -wPASSWORD
* Meter performance statistics have been
implemented for the Unix meter. In
particular, aps and mps give average
and maximum packets per second, while
api and mpi give average and minimum
processor idle time percentage for
one-second intervals.
* NeTraMet has been restructured so as to
simplify the code for packet matching.
Make files for aix added.
* libpcap (current version) isn't implemented
for aix, so you can't (yet) build an aix
meter. NeMac, nifty, etc work properly.
Known problems:
* If you start NeMaC with write access to a
meter, and NeMaC is already running on the
same host with write access to the same meter,
the meter gets confused. In this situation
neither copy of NeMaC manages to read sensible
flow data from the meter.
Detour: before you start NeMaC, make sure it
isn't already running.
Cure: this will be addressed in version 4.1.
4.1. will implement the updated meter MIB
as set out in the current Internet Draft.
Bug fixes:
* Time for next collection have already
passed, e.g. because of network transit
delays in collecting flow data from many
meters. NeMaC will not attempts to make
such 'missed' collections.
* NeMaC now displays (and logs) the meter
name correctly when it fails to establish
contact when starting a meter, and when it
looses or regains contact with a running
meter.
* NeMaC could create invalid flow data files
if it failed to start a meter properly, or
if an active flow data file was deleted.
This has been corrected.
V3.3 8 Nov 95 nm_rc: a remote console for NeTraMet
* nm_rc (in the /manager/ directory) combines
NeMaC and fd_filter to provide a simple
display of 'live' flow data from a single
meter sorted into traffic order, busiest
flows first. (Briefly described in
doc/NeTraMet/rc-man.txt; a 'proper'
manual will be ready real soon now).
New example rule files (in examples/ directory)
* rules.two-adj-routers: Meters traffic through
and between two routers, specified by their
adjacent (Ethernet) addresses.
* rules.two-ip-groups: Meters traffic through
and between two groups of IP networks,
specified in a subroutine by their peer
(IP) network numbers.
* rules.rc.pr+bc: Classifies traffic by protocol,
and looks at Ethernet broadcast packets in
detail.
* rules.rc.ports: Classifies IP, IPX and
EtherTalk traffic by port.
* rules.rc.ip: Classifies IP traffic by IP
address and port.
* rules.rc.ipx: Classifies IPX traffic by IPX
address and port.
New options for NeMaC:
* -x Don't write anything to the meter.
Use this if you use a second copy of NeMaC
(or nm_rc) to collect from a single meter.
Allowing two collectors to write allows
meter to recover flows after they've been
collected by only one of the two meters.
* -P For each collection flow data files will
be opened, flow data appended to them,
then they will be closed. If you move or
rename a closed data file a new one (with
the old name) will be created by the next
collection. This is an alternative to using
the old 'flag file' method.
* -p Open-append-close to NeMaC's log file as
well as to flow data files. Superset of -P
* -F name Specifies name of flow data file.
* -L name Specifies name of NeMaC log file.
* -c 0 Tells NeMaC to download rule file(s) to
the meter, then exit without collecting
and flow data.
* default values in NeMaC configuration file.
Since NeMaC command-line parameters can
displayed by any user via the Unix ps
command, you should specify write community
names in a configuration file. Each record
in a configuration file specifies meter
parameters which override the default values
or the ones specified on the NeMaC command
line. NeMaC now uses the meter name 'default'
to indicate that this record contains default
values for following records. For example ..
./NeMaC -f nm-config
tells NeMaC to read the file 'config,' which
contains the following records ..
-c900 -p -rrules.mynet default
meter1 write-1
meter2 write-2
-c300 meter3 write-3
This starts three meters; all run rules.mynet,
and append to their flow data files. meter3
is collected every 5 minutes, meter1 and meter2
are collected every 15 minutes.
Changes to NeTraMet options:
* PC & Unix meter: Option settings ..
Options no longer need spaces to separate
them from their arguments, e.g. -ile0
* PC & Unix meter: Read Communities ..
Only one read community can be specified.
Bug fixes:
* PC meter: -r option (to specify read community)
crashed meter.
* Solaris meter: FDDI interface didn't work.
pcap-dlpi.c didn't bind the dlpi stream
correctly. Fixed by new version of
pcap-dlpi.c from lbl (included in src/meter)
* Unix meter: pcap socket open didn't specify
a timeout; 250ms now specified. This prevents
Solaris from busy-waiting; allowing NeTraMet
to be run as a backround process.
* Linux meter: alters the timeout value of a
select() statement (this is a BSD feature).
Timeout value now reset to 250ms after each
select(); this prevents linux from
busy-waiting, allowing NeTraMet to be run
as a background process.
8 Sep 95 Bug fixes as follows:
* snmplib/asn1.c changed to get integers correctly
out of SNMP packets. Now works correctly
for OSF/1.
* PC meter: small memory model memcpy used to copy
strings from far memory. Now uses qmove.
This caused snmp network managers to get
garbage when GETting addresses from the flow
table.
* Bug in meter/met_vars overwrote part of the
SNMP object tables when responding to a
request for a non-existent MIB object. This
showed up as 'meter looses rule table when
a network manager such as OpenView probed
a meter's MIB.
* Ultrix Makefiles corrected. These can now be
used to build meter and manager for DEC OSF/1.
4 Jul 95 New options for NeMaC:
* -a sss Collections will be made with a time lag
of sss seconds. For example, 10-minute
collections with 30-second time lag will occur
at 1000'30, 1010'30, etc.
* -w nnn Specifies doWnload level. nnn=0 (the
default) downloads rules on collector startup
and after a meter restart. nnn=1 downloads only
after a meter restart, and nnn=2 never downloads.
Bug Fixes:
* PC NeTraMet returned bad string for interface name.
NeTraMet fixed to return 'eth0,' NeMaC modified
to check the string, and use 'eth0' instead of
a bad string (from an old meter).
V3.2 8 Jun 95 NeTraMet meter reworked to use libcap to get packet headers:
* libpcap:
- libpcap is a generalised packet interface written
by Steve McCanne, Craig Leres and Van Jacobson
as part of tcpdump.
- libpcap is available from
ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z
- to make NeTraMet you must first install it on
your Unix system so as to produce libpcap.a
The make files in the NeTraMet distribution
assume you have copied libpcap into the
same subdirectory as the Makefile.
- binary distribution files are provided for
linux (version 1.2.1) and Irix (5.2),
as well as Solaris (2.4) and SunOS (4.1.4).
- libpcap supports FDDI interfaces as well as
ethernet. This is still being tested (8 Jun 95).
* -i option has been implemented in NeTraMet.
This tells NeTraMet which interface to monitor.
For example, -i le0 will monitor the le0
interace. The interface name is displayed on
the NeTraMet console, and appears in the ##
header line of the flow data file. If you
don't specify an interface libpcap will
use its default one. The PC version of
NeTraMet doesn't allow you to specify the
interface name.
* 'other' packet handling has been extended.
'Other' packets set the SourcePeerAddress to
the packet's ether_type and the DestPeerAddress
to the packet's LSAP. This allows you to use
NeTraMet to find out what packet types are
active on your network.
* All the source code (including the CMU SNMP
library) has been tidied up so as to remove
most of the compiler warning messages. This
should make it easier to port to new systems.
Bug fixes:
* PC pointer problems cause PC Netramet to crash
at random times (from seconds to days). Finding
more places which should use 'huge' pointers
instead of 'far' pointers seems to have cleared
(or at least reduced) this problem.
* PC string compare routine error. Waterloo TCP's
qcmp routine compares two far pointers (same as
Unix memcmp). Implementation bug meant that strings
which were same length and differed only in the last
byte were reported as being the same. The effect
of this was masked because NeTraMet uses a hash
search of the flow table.
* NeTraMet crashed when it received an SNMP get
request for a MIB-1 objects which it didn't know
about. NeTraMet implements nearly all of the
Accounting Meter MIB objects, but only a few MIB-1
objects. The SNMP routines in met_vars.c have
been improved so as to give a 'no such OID'
response (and keep running).
* NeMaC didn't handle end-of-file properly for
its configuration file. This has been
corrected.
V3.1 16 Feb 95 New version using IANA-allocated MIB OID (mib-2 40):
* Rewritten and simplified MIB means that earlier
meters won't run with 3.1 NeMaC, and 3.1 meters
won't run with earlier NeMaCs. i.e. both meter
and manager must move to 3.1 together.
* Extended and simplified rule matching. Jumps
can be to the test or action part of the target
rule. Attribute values can be pushed from the
packet (as well as from a rule), hence aggregate
and tally flows are no longer needed. The
action table was only needed to support aggregate
and tally flows: it is no longer needed.
* Six new uesr-settable attributes are implemented.
SourceClass, DestClass, FlowClass and SourceKind,
DestKind, FlowKind allow a meter to pass information
gleaned during packet matching back to the flow
data file.
* NeMaC allows you to INCLUDE rule files into
other rule files.
* Emergency rule sets are implemented. The meter
will switch to its emergency rule set if the % of
active flows gets greater than HighWaterMark.
* Collection times are synchronised by default, i.e.
they happen at multiples of the collection interval.
For example 15-min collections are made at 0, 15,
30 and 45 minutes past the hour.
Bug fixes:
* Rule tables with more than 1350 rules now work
properly on the PC meter. This was a situation
where 'huge' pointers were required to reliably
access all of the rule table.
* IP fragment packets other than the first fragment
of a PDU produced garbage transport addresses (IP
port numbers). They now produce 0. The Accounting
Model defines attributes for each protocol, and
doesn't allow one to distinguish a 'first fragment'
from an unfragmented IP packet.
* A mistake in the code for optimised testing of
a group of rules could sometimes cause packet
matches to succeed when they should not. This
has been corrected.
Notes:
* Rule files will need to be converted from the
old (version 2.x) form to the new one. The
changes are straightforward, and are documented
in the file Converting.rules.ps
V2.3 25 Nov 94 Fourth full release, new features as follows:
* NeMaC now uses the names of flow attributes
as they appear in the meter MIB, i.e. TRANS
is used instead of DETAIL. NeMaC does this
by allowing DETAIL to be a synonym for TRANS.
Old rule files will still work properly, but
new rule files should use TRANS.
* Gopher (port 70) and WWW (port 80, i.e. html)
have been added to NeMaC's list of IP port numbers.
* If NeMaC notices that a meter has been restarted,
i.e. it's sysUptime has jumped backwards, NeMaC
will automatically download its specified rule
file. The check is made before each flow data
collection (intervals set by the -c option), and
at every 'keepalive' interval (set by the -k
option. This feature can be used to minimise the
amount of flow data lost by a meter after a
power-fail restart.
* NeMaC now allows different collection and keepalive
intervals for each meter. This is implmented by
allowing the -c and -k options to appear in NeMaC's
configuration file, and using an event queue
(instead of a simple idle loop) to order meter
activities.
* A mechanism for closing and reopening flow data
files has been implemented. NeMaC tests for a
file called NeMaC.flag. If it finds the flag
file it will close and reopen all its current
flow data files. A new section has been added
to the manual explaining how to use this feature.
Bug fixes:
* Various bugs in NeMaC's parsing of rule
files have been corrected.
* Bugs in fd_filter and fd_extract have been
corrected; they will now work as documented!
Notes:
* NeTraMet memory management has been improved.
'Active flows' is now used instead of 'flows
in use' for controlling garbage collection.
The garbage collector is called if a new flow
is needed and the are no free flows.
V2.2 19 Jul 94 Third full release, new features as follows:
* fd_filter and fd_extract included in
manager directories as utility programs
for flow data files. Documented in
fd_util.ps file.
* Port of both NeTraMet and NeMaC for Solaris,
using streams/dlpi instead of nit to watch
ethernet interface.
* Binaries for Solaris and Sunos available
via anonymous ftp.
* Make files for HPUX and linux added.
NeMaC has been ported to HPUX and linux.
* SamplingRate MIB variable implemented; allows
only 1 of every n packets to be processed.
* All four Novell IPX encapsulations now
recognised.
Bug fixes:
* PC NeTraMet now counts packets sent as well
as packets received.
Notes:
* NeMaC now gives sensible error messages if
it can't write meter variables. If NeMaC
only has read access (i.e. it was given the
read snmp community name instead of the write
one) it can still collect data, but such
collections will not be recorded by the meter,
and therefore be noticed by the meter's
garbage collector.
* Solaris 2.3 dlpi bug corrupts some packet
headers. Only affects CLNS handling by
Solaris version of NeTraMet. This is fixed
in Solaris 2.4 - see the ether_pc.c file
for details.
V2.1 14 Jan 94 Second full release, new features as follows:
* Subroutines in rule tables implemented,
making it much easier to write rules to
handle large numbers of networks.
* Labels implemented for rules and actions,
i.e. no need to keep track of rule and
action numbers by hand.
* CLNS protocol now understood by NeTraMet
* Packets for protocols not understood by
NeTraMet can be counted as PeerType 'Other'.
* Ethernet II and SNAP encapsulations for IPX
now recognised (as well as 'Raw 802.2').
* Full (10-byte) IPX addresses can be used
instead of just (4-byte) net numbers.
* Make files for Ultrix added. NeMaC has been
ported to Ultrix.
Bug fixes:
* MIB environment variable changed to MIBTXT to
match the documentation (was MIBFILE).
Notes:
* Make files changed to allow compilation with
Gnu C compiler, either by specifying gcc in
the make file, or by 'setenv CC gcc'.
* Documentation points out that NeTraMet write
community must have different name to read
communities, and that NeMaC must specify the
NeTraMet write community name.
28 Oct 93 New: NeMaC only displays 'Rule/Action added' message
every tenth rule/action.
22 Oct 93 Bug: NeMaC couldn't handle rule table with >255 rules.
V2.0 20 Oct 93 First full release of NeTraMet and NeMaC, with NeTraMet
Manual and full source code.
V1.0 Nov 92 Prototype meter using height-balanced trees instead of
rule table. Presented at Washington IETF.
=======
NeTraMet Version History
========================
v4.4b6 22 Feb 00 Change to using autoconf Configuration
Header File. The ntm_conf.h file (in the
base directory) is now included by all the
source programs. It contains all the options
detetected by autoconfigure, together with
some defines giving NeTraMet's version number.
One advantage of this is that there is a lot
less text displayind while Making Netramet.
When NeMaC is shut down gracefully (by a
SIGTERM or SIGINT) it will now collect the
flow data gathered since the last collection
for all the meters it is controlling.
[This change was suggested by
Robert Strycharczuk, 10 Feb 00]
NeTraMet (on Unix and Cygwin32) has been
extended so as to handle PPP interfaces.
PPP flows are assumed to be IPv4 (the most
likely possibility), they have AdjacentType
AT_PPP (i.e. 23) and AdjacentAddresses 0.
[This change was suggested by
Gerald Richter, 10 Dec 99]
When displaying domain names instead of IP
addresses, nifty may have to wait a long time
for the DNS response. It now displays a
'cross-hair' cursor while waiting on DNS.
nifty.srl has been modified to plots diamonds
instead of pluses for multicast flows.
Port NeTraMet to MS Windows, using the Cygwin32
environment and WinDump's BPF drivers
- ported libpcap to cygnus+windump
- changes to meter_ux for CYGWIN32 (can't
assume that pcap files work with select)
- changes to snmpapi.c and snmpclnt.c
(Cygwin32 doesn't have `timerset' defines)
>>>>>>> 1.1.1.2.2.4
v4.4b5 12 Jan 00 Allow fd_filter to have character constants
in tag specifications, e.g. DestKind = 'F';
Fix bugs relating to ASNs looked up using
OCX_BGP (i.e. in a bgp.txt file). These were
- Lookup wasn't being done if DestASN was
saved but not SourceASN
- S/D ASN attributes weren't being set to zero
if the IP Address lookup failed (i.e. when
we couldn't find its ASN).
Correct Makefile.in files to set GF variable
(it was $GF by mistake).
v4.4b4 16 Nov 99 Update mib.txt to use RFC2720 version.
Add support for NetBSD on Alpha:
* Use XtPointer in nifty source, cast
to IntFromPtr when values are used
* Set __unix__ = !defined(DOS)
in btypes/types.h
* Use POINTER_DATATYPE instead of Bit32 for
subnet pointer arithmetic in integrat/subnetd.h
* Cast bytes to counter64 in getcounter64()
in manager/nmc_snmp.c
* Recognise NetBSD in configure.in
* Change source to use !defined(DOS)
instead of defined(__unix__)
v4.3 30 Sep 99
Added a GFLAG variable to the configure.in
script and the Makefiles. By default this
is null. Set it to -g to build executeables
which have symbolic information for debugging.
Replaced mib/mib.txt with a new version, using
the 'Proposed Standard' RTFM Meter MIB.
Added config support for Alpha (Tru64 Unix) systems.
This corrects several bugs introduced since 4.2;
they only showed up on a 64-bit machine.
* The Tru64 C compiler is much more 'picky' than gcc!
Cleaned up the source so as to get rid of
warning messages
* Change snmp library so as to use Int32 for
ASN.1 INTEGERs and Bit32 for TIMESTAMPs.
The original CMU code used 'unsigned long'
for both. Made corresponding changes to
the meter and manager programs.
NeTraMet and NeMaC as daemons: -D option
* NeMaC
./NeMaC -D runs NeMaC in its own Unix session
* NeTraMet
./NeTraMet -D and ./NetFlowMet -D
runs the Unix and NetFlow meters in their own
Unix session. Before doing so it disables
the screen and keyboard, so -k -s are implied
by -D.
CAUTION: -d turns on diagnostic dumps of the
SNMP packets. Don't set this by mistake for -D!
Implemented command-line defines for srl.
For example
./srl -DW=16 "-Dext = DestPeerAddress/24" xxx.srl
defines w to be 16, and EXT to be DestPeerAddress/24.
Note the quotes around the second define; they are
required if the define text contains blanks.
Modified NeMaC ruleset parser to skip dots and
digits at the end of addresses. This allows it
to download rulesets produced by an srl compiler
compiled with the V6 option set even if NeMaC
was compiled with the V6 option not set.
v4.3b10 26 May 99
Support for IPv6
* Controlled by V6 option in the source files.
To enable this:
a) If you run autoconf to build the Makefiles
change AC_DEFINE(V6, 0)
to AC_DEFINE(V6, 1)
before running autoconf
b) Otherwise, in the configure script
change #define V6 0
to #define V6 1
before running ./configure
* The SRL compiler allows V6 addresses, as
specified in RFC 2373. Although v6 addresses
have a fairly simple form, it's easy to get
it wrong. The compiler tries very hard to
produce helpful error messages for them.
* The NeTraMet meter handles v6 packets,
returning them to the manager with
SourcePeerType = IPv6
(IP and IPv4 are synonyms for IP version 4)
* The managers (NeMaC, nm_rc and nifty)
display IPv6 addresses as per RFC 2373.
* fd_util and fd_extract handle IPv6
addresses properly.
Other changes
* SRL compiler will allow redefinition of
'built-ins,' i.e. well-known ports, address
families and transport types. A warning is
given telling the user what was declared.
* Lots of bugs fixed in SRL compiler handling
of syntax errors. These either crashed the
compiler or sent it into infinite loops
while reading the source program.
v4.3b9 16 Feb 99
* The distribution file now has TCP_ATR set
by default, so that the TCP-based attributes
are available for use. So as to minimise the
meter default memory requirements, several
new memory-allocation command-line options
have been implemented. The complete set of
these is now:
-f fff Max of fff flows
-u rrr Max of rrr rules
-b bbb Max of bbb TCP flows <<< NEW
-t ttt Max of ttt TCP streams <<< NEW
-v ddd Max of ddd distributions <<< NEW
-e eee Max of eee distrib events <<< NEW
* Implement ASN lookup in NeTraMet meter.
This uses Joel Apisdorf's bgp code from
OCxMON. The src/meter Makefile contains
variable USE_OCX_BGP, which is commented
out by default. Uncomment it, and make
will include ASN lookup in the meter.
To use it:
a) Set the environment variable DEFAULT_AS
(I set it to my own AS number)
b) The meter starts up by reading a file,
bgp.txt. You can create this file
for your own network using SHOW IP BGP
on a Cisco router. NOTE: a full bgp
routing table will take 5 to 10 MB of
memory space on the meter.
c) By default the meter looks up 'next-hop'
ASNs, i.e. the ASN the router would
send packets to. The command-line
option -o will look up 'owner' ASNs
instead.
v4.3b8 4 Feb 99
* Implement distribution-valued attributes
in fd_filter
* Fix memory management problems for TCP
subflows in meter. Implement TCP-related
distribution attributes in meter, NeMaC,
fd_filter and srl.
v4.3b7 8 Jan 99
* Implement TCPdata attribute in fd_filter
* Fix NEW_ATR vs TCP_ATR bugs in meter_ux.c
and nf_fwd.c
v4.3b6 23 Dec 98
* Fix bugs concerned with intermixing
of NEW_ATR and TCP_ATR
v4.3b5 26 Nov 98
* Fix bug in SRL compiler, which wasn't
distinguishing between
save sourcetransaddress;
and
save sourcetransaddress = 0;
v4.3b4 25 Nov 98
* Fix endian problems in netFlowMet,
reported by Kevin Hoadley.
v4.3b3 16 Nov 98
* Set up new CVS repository to make it
easier for co-developers to submit
code changes / suggestions.
v4.3b2 12 Nov 98
* Aufoconfigure changed to test for Motif,
since nifty requires Motif as well as X.
* Support for FreeBSD: changed source files
so as not to include malloc.h on systems
which don't have it!
* Documentation error for NeMaC. Command
line option -P specifies open-append-close
behaviour for the >>log<< files only.
It was previously documented (see below)
as doing this for flow data files only.
v4.3b1 23 Oct 98 Changes contributed by Nicolai Guba (BT Labs) ..
* Command-line help is dispayed if no options
are specified for
NeMaC, nm_rc
NeTraMet (Unix meters, not PC meters)
NetFlowMet
* -b mmm command-line option
Tells NeMaC and nm_rc to read the mib from
file mmm.
* The NeTraMet distribtion file, and the way
you install NeTraMet on a host has been
changed to make it more like the GNU programs.
The executable files are no longer in
separate directories. Instead (by default)
they are built in the src/ directories.
To install NeTraMet into directory xyz
you can simply
./configure
make install
OCxMON meter improvements ..
The NeTraMet meter now allocates as much of
its memory as possible when it starts up, so
as to minimise allocation overhead. Space for
rulesets is allocated at startup, with a default
maximum of 2000 rules total for all rulesets.
* New meter command-line option:
-u nnnn
allocates space for a maximum of nnnn rules
v4.2.2 16 Nov 98
* Correct bug in nmc.h (inconsistency
introduced when de-implementing 'detail'
as synonym for 'trans' in attribute names.
This caused NeMaC and friends to crash
v4.2.1 2 Oct 98 Patch release ..
* NeMaC crashed with Owner names longer than
six characters. This was because SET_STRING
only ever allocated RULE_ADDR_LEN chars!
* SRL programs which start with an imperative
statement now start with a GotoAct, Next
rule. Without this they don't work!
* fd_extract and fd_util now handle 64-bit
counter attributes (e.g. topdus) properly.
'Editorial' improvements have been made to
the fd_util manual.
* A memory leak has been fixed in the SNMP
snmpapi.c. Error logging has been added
for snmp error/info/debug messages; these
now go through log_msg(), as used for
other NeMaC errors.
v4.2 5 Aug 98
* The distribution file has been changed so
that it no longer has subdirectories for
the various operating systems. The best
way to install NeTraMet is to use autoconfig;
see the INSTALL file in the autoconf/
directory.
* The 'os-specific' directories are no longer
included in the distribution file. Users
must build the version they need using
configure in the autoconfig directory.
SRL Compiler
* The program srl is an optimising compiler
for SRL, the Simple Ruleset Language. SRL
is documented in an Internet Draft, available
from the NeTraMet and RTFM home page.
srl [options] source
compiles the file 'source', producing a rules
file ready to be used by NeMaC. Source files
will normally end with .srl and rules files
with .rules. For example
srl test-prog.srl
produces test-prog.rules.
Compiler options:
-l List source program
-s Syntax check only
-ann 'Assembler output' level N
nn=0, rules in numeric form only.
nnn Requires NeMaC v4.2.
nn=1, attributes and actions given
as words. This is the default.
nn=2, as for nn=1, but don't delete
intermediate files.
-Onn Optimisation level.
nn=0, no optimisation at all.
nn=1, peephole optimising to delete
redundant rules from intermediate
files. This is the default.
nn=2, optimise tests by mask length
within expressions (shortest
masks first, after allowing for
overlapping addresses/masks).
nn=3, as for nn=2, but optimise
expression between if clauses
and between statements.
* srl extends the language (as described in
the Internet Draft by adding a number of
extra statements:
include fffff ;
Will read all the text from file fffff.
includes may be nested (i.e. an include
file may include other files). srl looks
for the file in the same directory as the
source file.
optimise nn ;
optimise * ;
optimise ;
Allows you to change the optimisation level
as required for different parts of your
program. optimise ; resets the level to
the value specified on the command line.
optimise * ; is used to indicate breaks
between optimised expression groups .
set nn ;
format aaa .. aaa ;
statistics ;
These three statements are passed on (via
the output file) to NeMaC. String constants
in a format (specifying separators in flow
data files) may include C-style constants
(introduced with a \).
* A collection of SRL programs is provided in
the examples/srl directory.
v4.2b5 11 Jun 98
* Fix bug in getting reader_name. This
prevented NeMaC et al from reading any
flows from the meter!
* Use riFlowRecords instead of msNbrFlows for
ms->NbrFlows. This means that nifty will
display only the total flow for its current
ruleset; it used to display the total
number of flows for all rulesets.
v4.2b4 3 Jun 98
* Use LastTime instead of sysUptime to get
meter time in NeMaC, nm_rc and nifty.
* Fix bugs in SNMP library which caused
early timeout of some SNMP packets.
v4.2b3 22 May 98
* Implement better hashing algorithm for
flow table and rulesets. Multiplies bytes
of peer and trans addresses by small primes,
and uses larger primes as the size of the
various hash tables.
* Fix sundry bugs revealed in beta testing.
v4.2b2 11 May 98
NetFlowMet (NeTraMet + NetFlow = NetFlowMet):
* A new version of the meter has been added
to the distribution. This takes NetFlow
data from a Cisco Router (I've tested it
using a 7200) and uses this to build the
flow table.
To start NetFlow on a router (in brief):
- start NetFlow on each interface
[no] ip route-cache flow
- start exporting the NetFlow data
[no] ip flow-export <IP addr> <UDP port>
<IP addr> is the address of your NetFLowMet
meter, <UDP port> is the port NetFlowMet
will use to recieve the data.
You may specify the udp port number by
using the
-i pppp
option on NetFlowMet's command line.
If no -i option appears, port 9996 is used.
You may specify up to four port numbers
by giving a list of -i options, e.g.
-i 12001 -i 12002 -i12003
would listen for NetFLow data on UDP ports
12001, 12002 and 12003.
NetFlowMet provides five new attributes
which can be used in rulesets:
+ MeterId (8 bits, mask 255)
Index in -i option list, e.g. port
12002 above would produce flows with
MeterID = 2.
+ SourceASN, DestASN (16 bits, mask 255.255)
Autonomus System Numbers for source
and destination networks. These may
be "Origin" or "Peer" ASNs; you must
specify which when you start flow export
from the router.
+ SourcePrefix, DestPrefix (8 bits, mask 255)
Mask length for source and destination
IP addresses (i.e. SourcePeerAddress
and DestPeerAddress).
Changes in downloading rules:
+ A hashed search is used when translating
rulesets. This should speed up the
translation process by a factor of 10x to
20x (NeMaC).
+ Rules are now downloaded 10 at a time.
This dramatically reduces the time taken
to download rulesets (NeMaC).
+ A meter bug which prevented downloading of
rulesets with more than 32767 rules has been
fixed (NeTraMet).
Changes to NeTraMet:
+ When grabbing the value of an attribute from
a packet header, NeTraMet didn't check that
enough bytes were read. This could have
caused problems with TCP packets with lots
of IP options.
NeTraMet now checks the data is there before
grabbing values from it. If it's not, zero
is used instead.
Changes to NeMaC:
+ When NeMaC is shut down gracefully (by a
SIGTERM or SIGINT signal) it now shuts down
the tasks it is running on all its meters.
It used to leave them running, which matched
what happened with v3 meters and managers.
+ #EndData record added at end of every sample
in flow data files. This allows real-time
processing of flow data - without this one
had to wait until the next sample started.
+ The Unix SIGUSR1 signal is used as to
indicate that NeMaC should start a new flow
data file. This provides an alternative to
using a 'flag' file to do this.
+ The Unix SIGUSR2 signal is used to switch
testing on and off.
+ New command line option:
-Y logname tells NeMaC to send log messages
messages to syslog.
Specifying -L logname writes the log to the
file 'logname'. Specifying -Y logname writes
log messages to syslog, with 'logname' as the
identifying program name within syslog.
You may specify both -Y and -L; this writes
the messages to both places.
If no logging is specified, the log will be
written to a NeMaC.log.nnn file, as usual.
If you wish to use the -Y option, you must
modify the Makefile (probably
autoconf\manager\Makefile.in)
to define the variable LOG_LOCAL.
+ Changed behaviour when a meter fails to
respond to NeMaC's attempt to start it. NeMaC
used to ignore such meters; now it polls them
and will download rules when they restart.
+ Fewer messages for 'normal' running. Set
the 'verbose' option (-v) if you still wish
to see messages like 'xxx rules downloaded'
+ Fixed 'file handle leak' bug, which used to
cause NeMaC to crash after many attempts to
contact a non-responding meter.
v4.1 24 Nov 97 Production release 4.1
* Documentation files are now in PDF format on
the NeTraMet home page, i.e.
http://www.auckland.ac.nz/net/Accounting
* The PC executable files have been separated
out from the 'distribution' file. They're
in the file ntm41-pc.zip.
v4.1b15 22 Sep 97
* Use WORDS_BIGENDIAN and SIZEOF_LONG
defines to implement native Alpha code
for get and put of 64bit counters.
Use autoconfig to build this if you want
to try it (see below).
v4.1b14 9 Sep 97
* Fix 'endian' bug in nmc_c64.c (which
produced impossibly big counts in flow data
files when running NeMaC on linux).
These changes were implemented using the
WORDS_BIGENDIAN define in autoconfigure.
The recommended method of building NeTraMet
is to use autoconfig; see the INSTALL file
in the autoconf/ directory.
* Fix ASN1 OID encoding bug. Symptoms were
that the NeTraMet meter would run normally
for about 30 days, then start sending back
flow data packages for flows which hadn't
been active.
* Change PC meter to initialise uptime counter
before starting packet drivers.
v4.1b13 17 Jul 97
* Owner names for NeMaC, nm_rc and nifty
A new parameter, the 'owner name' has been
added for these programs. It is an
alphameric identifier, up to 16 chars long.
The owner name is used to identify rulesets,
manager tasks and meter readers in the
meter control tables; this is neccessary
when the meter is running more than one rule
set. The owner name follows the write
community name on the command line or
config file line.
* #Ruleset records in flow data files:
RuleSet numbers in flow data file records
no longer refer directly to the SET number
as they did in v3. Instead they refer to
a ruleset's row in the meter RuleInfo Table.
The flow data file includes a new # record
to indicate the SET number for RuleInfo
rows. Their format is as follows:
#Ruleset: x setname rfname owner
x is the RuleSet number, as it
appears in the flow data records
setname is the name from the SET statement
(for v3 AND V4.1 this is an integer)
rfname is the name of the rule file
owner is the owner name for this ruleset
v4.1b10 30 Jun 97
* New manager option:
-E nn Specifies the timeout (in seconds)
for rEeader rows. If collections
stop (e.g. because a manager has
failed), the meter will delete the
row after this time. The default
is 0, i.e. the row will never time
out.
* Change to manager option:
-h pp Specifies HighWaterMark for a manager
task. In v3 the meter default was
65 (percent). In v4.1 the default
is 0 (no test for high water).
* MatchingStoD attribute:
The attribute 'matchingStoD' is set by the
Packet Matching Engine. Its value is 1 if
the packet is being matched with its address
attributes in 'StoD' order, (i.e. as they
appear 'on the wire'), and 0 if the packet is
being matched with its addresses swapped.
See RFC 2063 for a detailed description of
packet matching.
* NeMaC keywords:
'nomatch' is now a synonym for 'retry.'
This name was discussed at the Montreal RTFM
WG session, and is used in the ruleset examples
given in RFC 2123, "Experiences with NeTraMet."
v4.1b4 22 May 97 SNMPv2, 32-bit PC meter
* NeTraMet and its manager/readers (NeMaC,
nm_rc, nm_st and nifty) all use SNMPv2
instead of SNMPv1. They now implement the
Meter MIB of RFC2064 (and the newer RTFM
Internet Draft which updates it).
The most significant effects of this are:
v4 meters can run multiple rulesets
simultaneously, and
64-bit counters are used for packet
and byte counters.
* v4 managers will work properly with v3
meters. v3 managers, however, will NOT
work with v4 meters. To change to using
v4 you should change your managers first,
then your meters.
* There are two changes to the format of
flow data file records:
Dates now use four digits for the year
(1997 instead of 97)
The integer values used for PeerTypes
have changed. You should not be
affected by this unless you have
analysis applications which use
PeerTypes to distinguish flows.
* The 32-bit version of the PC meter uses
all available memory. 16 MB of memory should
allow it to handle a table of 100,000 flows
or more.
The readme.txt file in the ntm41-b4.zip
file gives detailed setup instructions.
New options in Meters (PC and Unix):
-m pp specifies the IP port number to
use for SNMP. Default is 161
-l specifies that meter should use
the length field from IP headers
for the number of bytes in IP
packets. Default is to use the
MAC (hardware) packet size.
v3.5 6 Sep 96 Multiple ethernets for the PC meter:
* The PC meter (netramet.exe) can now handle
up to four interfaces. New command line
options allow you to specify the interfaces,
as follows ..
-i nn specifies that the packet driver
using software interface nn (decimal)
is to be metered.
e.g. -i96 would meter interrupt 0x60
-h nn as above, except that if you have a
packet driver which implements the
'high-performance' driver specification,
NeTraMet will take advantage of it.
-I nn as above, except that no metering will
be performed on this interface, instead
it will be used only for IP packets
to or from the meter.
If no interface is specified as 'IP only,'
the first interface appearing as a -i or
-h option will be used as the meter's IP
interface.
v3.4 8 Aug 96 nifty: an X/Motif 'flow analyser' program
* Presented to RTFM WG at the Montreal IETF
as 'NetFlow,' renamed to avoid confusion
with Cisco's 'Net Flow Switching.'
Changes to NeTraMet:
* NeTraMet can monitor up to four interfaces
instead of only one. Specify this with
a -i option for each one, e.g.
NeTraMet -inf0 -ile0 -wPASSWORD
* Meter performance statistics have been
implemented for the Unix meter. In
particular, aps and mps give average
and maximum packets per second, while
api and mpi give average and minimum
processor idle time percentage for
one-second intervals.
* NeTraMet has been restructured so as to
simplify the code for packet matching.
Make files for aix added.
* libpcap (current version) isn't implemented
for aix, so you can't (yet) build an aix
meter. NeMac, nifty, etc work properly.
Known problems:
* If you start NeMaC with write access to a
meter, and NeMaC is already running on the
same host with write access to the same meter,
the meter gets confused. In this situation
neither copy of NeMaC manages to read sensible
flow data from the meter.
Detour: before you start NeMaC, make sure it
isn't already running.
Cure: this will be addressed in version 4.1.
4.1. will implement the updated meter MIB
as set out in the current Internet Draft.
Bug fixes:
* Time for next collection have already
passed, e.g. because of network transit
delays in collecting flow data from many
meters. NeMaC will not attempts to make
such 'missed' collections.
* NeMaC now displays (and logs) the meter
name correctly when it fails to establish
contact when starting a meter, and when it
looses or regains contact with a running
meter.
* NeMaC could create invalid flow data files
if it failed to start a meter properly, or
if an active flow data file was deleted.
This has been corrected.
V3.3 8 Nov 95 nm_rc: a remote console for NeTraMet
* nm_rc (in the /manager/ directory) combines
NeMaC and fd_filter to provide a simple
display of 'live' flow data from a single
meter sorted into traffic order, busiest
flows first. (Briefly described in
doc/NeTraMet/rc-man.txt; a 'proper'
manual will be ready real soon now).
New example rule files (in examples/ directory)
* rules.two-adj-routers: Meters traffic through
and between two routers, specified by their
adjacent (Ethernet) addresses.
* rules.two-ip-groups: Meters traffic through
and between two groups of IP networks,
specified in a subroutine by their peer
(IP) network numbers.
* rules.rc.pr+bc: Classifies traffic by protocol,
and looks at Ethernet broadcast packets in
detail.
* rules.rc.ports: Classifies IP, IPX and
EtherTalk traffic by port.
* rules.rc.ip: Classifies IP traffic by IP
address and port.
* rules.rc.ipx: Classifies IPX traffic by IPX
address and port.
New options for NeMaC:
* -x Don't write anything to the meter.
Use this if you use a second copy of NeMaC
(or nm_rc) to collect from a single meter.
Allowing two collectors to write allows
meter to recover flows after they've been
collected by only one of the two meters.
* -P For each collection flow data files will
be opened, flow data appended to them,
then they will be closed. If you move or
rename a closed data file a new one (with
the old name) will be created by the next
collection. This is an alternative to using
the old 'flag file' method.
* -p Open-append-close to NeMaC's log file as
well as to flow data files. Superset of -P
* -F name Specifies name of flow data file.
* -L name Specifies name of NeMaC log file.
* -c 0 Tells NeMaC to download rule file(s) to
the meter, then exit without collecting
and flow data.
* default values in NeMaC configuration file.
Since NeMaC command-line parameters can
displayed by any user via the Unix ps
command, you should specify write community
names in a configuration file. Each record
in a configuration file specifies meter
parameters which override the default values
or the ones specified on the NeMaC command
line. NeMaC now uses the meter name 'default'
to indicate that this record contains default
values for following records. For example ..
./NeMaC -f nm-config
tells NeMaC to read the file 'config,' which
contains the following records ..
-c900 -p -rrules.mynet default
meter1 write-1
meter2 write-2
-c300 meter3 write-3
This starts three meters; all run rules.mynet,
and append to their flow data files. meter3
is collected every 5 minutes, meter1 and meter2
are collected every 15 minutes.
Changes to NeTraMet options:
* PC & Unix meter: Option settings ..
Options no longer need spaces to separate
them from their arguments, e.g. -ile0
* PC & Unix meter: Read Communities ..
Only one read community can be specified.
Bug fixes:
* PC meter: -r option (to specify read community)
crashed meter.
* Solaris meter: FDDI interface didn't work.
pcap-dlpi.c didn't bind the dlpi stream
correctly. Fixed by new version of
pcap-dlpi.c from lbl (included in src/meter)
* Unix meter: pcap socket open didn't specify
a timeout; 250ms now specified. This prevents
Solaris from busy-waiting; allowing NeTraMet
to be run as a backround process.
* Linux meter: alters the timeout value of a
select() statement (this is a BSD feature).
Timeout value now reset to 250ms after each
select(); this prevents linux from
busy-waiting, allowing NeTraMet to be run
as a background process.
8 Sep 95 Bug fixes as follows:
* snmplib/asn1.c changed to get integers correctly
out of SNMP packets. Now works correctly
for OSF/1.
* PC meter: small memory model memcpy used to copy
strings from far memory. Now uses qmove.
This caused snmp network managers to get
garbage when GETting addresses from the flow
table.
* Bug in meter/met_vars overwrote part of the
SNMP object tables when responding to a
request for a non-existent MIB object. This
showed up as 'meter looses rule table when
a network manager such as OpenView probed
a meter's MIB.
* Ultrix Makefiles corrected. These can now be
used to build meter and manager for DEC OSF/1.
4 Jul 95 New options for NeMaC:
* -a sss Collections will be made with a time lag
of sss seconds. For example, 10-minute
collections with 30-second time lag will occur
at 1000'30, 1010'30, etc.
* -w nnn Specifies doWnload level. nnn=0 (the
default) downloads rules on collector startup
and after a meter restart. nnn=1 downloads only
after a meter restart, and nnn=2 never downloads.
Bug Fixes:
* PC NeTraMet returned bad string for interface name.
NeTraMet fixed to return 'eth0,' NeMaC modified
to check the string, and use 'eth0' instead of
a bad string (from an old meter).
V3.2 8 Jun 95 NeTraMet meter reworked to use libcap to get packet headers:
* libpcap:
- libpcap is a generalised packet interface written
by Steve McCanne, Craig Leres and Van Jacobson
as part of tcpdump.
- libpcap is available from
ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z
- to make NeTraMet you must first install it on
your Unix system so as to produce libpcap.a
The make files in the NeTraMet distribution
assume you have copied libpcap into the
same subdirectory as the Makefile.
- binary distribution files are provided for
linux (version 1.2.1) and Irix (5.2),
as well as Solaris (2.4) and SunOS (4.1.4).
- libpcap supports FDDI interfaces as well as
ethernet. This is still being tested (8 Jun 95).
* -i option has been implemented in NeTraMet.
This tells NeTraMet which interface to monitor.
For example, -i le0 will monitor the le0
interace. The interface name is displayed on
the NeTraMet console, and appears in the ##
header line of the flow data file. If you
don't specify an interface libpcap will
use its default one. The PC version of
NeTraMet doesn't allow you to specify the
interface name.
* 'other' packet handling has been extended.
'Other' packets set the SourcePeerAddress to
the packet's ether_type and the DestPeerAddress
to the packet's LSAP. This allows you to use
NeTraMet to find out what packet types are
active on your network.
* All the source code (including the CMU SNMP
library) has been tidied up so as to remove
most of the compiler warning messages. This
should make it easier to port to new systems.
Bug fixes:
* PC pointer problems cause PC Netramet to crash
at random times (from seconds to days). Finding
more places which should use 'huge' pointers
instead of 'far' pointers seems to have cleared
(or at least reduced) this problem.
* PC string compare routine error. Waterloo TCP's
qcmp routine compares two far pointers (same as
Unix memcmp). Implementation bug meant that strings
which were same length and differed only in the last
byte were reported as being the same. The effect
of this was masked because NeTraMet uses a hash
search of the flow table.
* NeTraMet crashed when it received an SNMP get
request for a MIB-1 objects which it didn't know
about. NeTraMet implements nearly all of the
Accounting Meter MIB objects, but only a few MIB-1
objects. The SNMP routines in met_vars.c have
been improved so as to give a 'no such OID'
response (and keep running).
* NeMaC didn't handle end-of-file properly for
its configuration file. This has been
corrected.
V3.1 16 Feb 95 New version using IANA-allocated MIB OID (mib-2 40):
* Rewritten and simplified MIB means that earlier
meters won't run with 3.1 NeMaC, and 3.1 meters
won't run with earlier NeMaCs. i.e. both meter
and manager must move to 3.1 together.
* Extended and simplified rule matching. Jumps
can be to the test or action part of the target
rule. Attribute values can be pushed from the
packet (as well as from a rule), hence aggregate
and tally flows are no longer needed. The
action table was only needed to support aggregate
and tally flows: it is no longer needed.
* Six new uesr-settable attributes are implemented.
SourceClass, DestClass, FlowClass and SourceKind,
DestKind, FlowKind allow a meter to pass information
gleaned during packet matching back to the flow
data file.
* NeMaC allows you to INCLUDE rule files into
other rule files.
* Emergency rule sets are implemented. The meter
will switch to its emergency rule set if the % of
active flows gets greater than HighWaterMark.
* Collection times are synchronised by default, i.e.
they happen at multiples of the collection interval.
For example 15-min collections are made at 0, 15,
30 and 45 minutes past the hour.
Bug fixes:
* Rule tables with more than 1350 rules now work
properly on the PC meter. This was a situation
where 'huge' pointers were required to reliably
access all of the rule table.
* IP fragment packets other than the first fragment
of a PDU produced garbage transport addresses (IP
port numbers). They now produce 0. The Accounting
Model defines attributes for each protocol, and
doesn't allow one to distinguish a 'first fragment'
from an unfragmented IP packet.
* A mistake in the code for optimised testing of
a group of rules could sometimes cause packet
matches to succeed when they should not. This
has been corrected.
Notes:
* Rule files will need to be converted from the
old (version 2.x) form to the new one. The
changes are straightforward, and are documented
in the file Converting.rules.ps
V2.3 25 Nov 94 Fourth full release, new features as follows:
* NeMaC now uses the names of flow attributes
as they appear in the meter MIB, i.e. TRANS
is used instead of DETAIL. NeMaC does this
by allowing DETAIL to be a synonym for TRANS.
Old rule files will still work properly, but
new rule files should use TRANS.
* Gopher (port 70) and WWW (port 80, i.e. html)
have been added to NeMaC's list of IP port numbers.
* If NeMaC notices that a meter has been restarted,
i.e. it's sysUptime has jumped backwards, NeMaC
will automatically download its specified rule
file. The check is made before each flow data
collection (intervals set by the -c option), and
at every 'keepalive' interval (set by the -k
option. This feature can be used to minimise the
amount of flow data lost by a meter after a
power-fail restart.
* NeMaC now allows different collection and keepalive
intervals for each meter. This is implmented by
allowing the -c and -k options to appear in NeMaC's
configuration file, and using an event queue
(instead of a simple idle loop) to order meter
activities.
* A mechanism for closing and reopening flow data
files has been implemented. NeMaC tests for a
file called NeMaC.flag. If it finds the flag
file it will close and reopen all its current
flow data files. A new section has been added
to the manual explaining how to use this feature.
Bug fixes:
* Various bugs in NeMaC's parsing of rule
files have been corrected.
* Bugs in fd_filter and fd_extract have been
corrected; they will now work as documented!
Notes:
* NeTraMet memory management has been improved.
'Active flows' is now used instead of 'flows
in use' for controlling garbage collection.
The garbage collector is called if a new flow
is needed and the are no free flows.
V2.2 19 Jul 94 Third full release, new features as follows:
* fd_filter and fd_extract included in
manager directories as utility programs
for flow data files. Documented in
fd_util.ps file.
* Port of both NeTraMet and NeMaC for Solaris,
using streams/dlpi instead of nit to watch
ethernet interface.
* Binaries for Solaris and Sunos available
via anonymous ftp.
* Make files for HPUX and linux added.
NeMaC has been ported to HPUX and linux.
* SamplingRate MIB variable implemented; allows
only 1 of every n packets to be processed.
* All four Novell IPX encapsulations now
recognised.
Bug fixes:
* PC NeTraMet now counts packets sent as well
as packets received.
Notes:
* NeMaC now gives sensible error messages if
it can't write meter variables. If NeMaC
only has read access (i.e. it was given the
read snmp community name instead of the write
one) it can still collect data, but such
collections will not be recorded by the meter,
and therefore be noticed by the meter's
garbage collector.
* Solaris 2.3 dlpi bug corrupts some packet
headers. Only affects CLNS handling by
Solaris version of NeTraMet. This is fixed
in Solaris 2.4 - see the ether_pc.c file
for details.
V2.1 14 Jan 94 Second full release, new features as follows:
* Subroutines in rule tables implemented,
making it much easier to write rules to
handle large numbers of networks.
* Labels implemented for rules and actions,
i.e. no need to keep track of rule and
action numbers by hand.
* CLNS protocol now understood by NeTraMet
* Packets for protocols not understood by
NeTraMet can be counted as PeerType 'Other'.
* Ethernet II and SNAP encapsulations for IPX
now recognised (as well as 'Raw 802.2').
* Full (10-byte) IPX addresses can be used
instead of just (4-byte) net numbers.
* Make files for Ultrix added. NeMaC has been
ported to Ultrix.
Bug fixes:
* MIB environment variable changed to MIBTXT to
match the documentation (was MIBFILE).
Notes:
* Make files changed to allow compilation with
Gnu C compiler, either by specifying gcc in
the make file, or by 'setenv CC gcc'.
* Documentation points out that NeTraMet write
community must have different name to read
communities, and that NeMaC must specify the
NeTraMet write community name.
28 Oct 93 New: NeMaC only displays 'Rule/Action added' message
every tenth rule/action.
22 Oct 93 Bug: NeMaC couldn't handle rule table with >255 rules.
V2.0 20 Oct 93 First full release of NeTraMet and NeMaC, with NeTraMet
Manual and full source code.
V1.0 Nov 92 Prototype meter using height-balanced trees instead of
rule table. Presented at Washington IETF.
