[Coral-dev] CoralReef 3.7.5 released

Ken Keys kkeys at caida.org
Wed Mar 1 11:17:40 PST 2006 

CoralReef 3.7.5 is now available.  Both public and member versions can be
found at http://www.caida.org/tools/measurement/coralreef/.

CoralReef is a comprehensive software package from CAIDA for passive
monitoring normal network interfaces as well as special purpose ATM
and POS interfaces, and reading "crl", "tsh", pcap (tcpdump), and
dagtools tracefiles.  It includes FreeBSD drivers for Apptel POINT
(OC12 and OC3 ATM) and FORE FATM (OC3 ATM) cards, the ability to
work with drivers for Endace DAG (OC3, OC12 and OC48, POS and ATM)
cards on linux, programming APIs for C and perl, and software
applications for capture, analysis, and reporting of ATM, IP, and
TCP/UDP traffic.

Direct questions to coral-info at caida.org.

This version contains bugfixes and addition of some minor features.
Differences between the last version and this version include:

Version 3.7.5 (2006-02-28)
-------------
* Added -f option to crl_stats to not count flows.
* Changed behavior of spoolcat:  Added -M, -S, and -d options to specify
  move directory, statefile, and deletion, respectively.  Deletion is no
  longer the default, and even without the statefile, files will not be
  spooled twice in the same run.
* Added "ipzero" anonymization algorithm, which zeros-out bits of IPv4
  addresses in packet-reading applications.  Also added parameters to
  limit anonymization to subsets of addresses or parts of addresses.
  (Look for "anonymize" in the command usage documentation.)
* In libcoral, replaced *_PAnonymize[r] functions with *_anonymize[r]
  functions, to support new "ipzero" anonymization.
* Changed output format of crl_stats.
* Packet printer prints NOP in IP and TCP options, and prints window size
  for SYN packets in addition to ACK packets.
* Added -P option to t2_convert to specify port-mapping file for App Table
  conversion, but defaulting to the CoralReef example.
* Added options for Country Table/Matrix conversion to specify 2 or
  3-letter abbreviations.
* Removed spurious blank line in printing unknown/truncated DNS RR's.
* Fixed misinterpretation of file suffixes that were a leading substring of
  the common file suffixes ".crl", ".pcap", ".dag", ".tsh".
* Fixed definition of coral_read_pkt to avoid multiple definition errors when
  libcoral.h is included in multiple sources (in external code).
* Fixed: coral_to_dag produced corrupt output when writing an ethernet file
  to a pipe.
* Fixed bugs in recalculation of UDP checksum during IP packet anonymization:
  - was not recalculated if UDP datagram was 12 bytes or shorter
  - was recalculated even if checksum was originally 0
* Fixed fatal bug in handling multi-interface TSH files, introduced in 3.7.4.
* Added file rotation, interval support, and -o option for specifying
  output file to crl_print_pkt.
* Fixed bug that caused an infinite loop at end of an interval in rare cases
  on a live low-traffic interface.
* Fixed shared library build problem with gcc on 64-bit architectures
  ("relocation R_X86_64_32S can not be used when making a shared object").
* Fixed hardcoded references to "/usr/local/Coral" in Countries.pm
* Fixed: Countries.pm corrupted the include path of scripts that used it.

-- 
Ken Keys
CoralReef:  http://www.caida.org/tools/measurement/coralreef/

More information about the Coral-dev mailing list