User login

WAND Group

board
WAND is a research group at the University of Waikato Computer Science Department. The group is involved with a range of computer networks projects mostly focused around network measurement. The group has a strong international reputation and has close links, including collaborative research, with several other network measurement groups. These include CAIDA, Sprint and Agilent.

Our work includes collection of very long trace sets, network analysis and software to support this, active measurement systems, wireless networks for rural communities, rapid deployment networks, OS code based network simulation and network visualisation. Spinoffs from our work include Endace and Rural Link.

WAND Interesting Blogs

02

Jul

2018

Libtrace 4.0.4 has been released.

New features in this release include:
* Added reference counting API for keeping track of packets shared across multiple threads.
* Added new input format for receiving live streams of packets encoded using the ETSI LI standard.
* Libpacketdump can now also decode ETSI-encoded packets.
* Added CLI option to tracereplay to "speed up" replays by a given factor, i.e. set to 2 to replay at double speed.
* Added new trace_flush_output() API function to force a libtrace output to flush any buffered output.

There are also plenty of bug fixes in this release, including:
* Fixed problems with trying to have two ring: inputs active at the same time.
* Fixed missing subseconds in timestamps from pcapng: packets.
* Fixed bug that was causing poor ndag: performance.
* Fixed bug that prevented trace_pstop() from working correctly on some live inputs.
* tracereplay will now skip meta-data records rather than trying to replay them and failing.
* Fixed some buffer overrun issues in the pcapng reading code.

The full list of changes in this release can be found in the libtrace ChangeLog.

You can download the new version of libtrace from the libtrace website.

02

Mar

2018

Libtrace 4.0.3 has been released.

New features in this release include:
* A new capture format (dpdkndag:), which allows nDAG records to be intercepted and decoded using a DPDK interface.
* The message queue data structure API is now publicly exported, so can be used in user code.
* The toeplitz hasher data structure API is now publicly exported, so can be used in user code.
* Added a new API function: trace_get_perpkt_thread_id(), which will return the ID number of the running packet processing thread.
* Upgraded DAG code to use the 64 bit API, so libtrace will work with large streams.

The following bug fixes are also included:
* ERF provenance records will no longer cause libtrace to halt.
* Captures from GRE tunnel interfaces should now work correctly.
* Packets captured using DPDK will no longer lose any payload after the first 1024 bytes.
* Fixed a couple of nDAG packet corruption problems.
* Ensure all key fields are correctly initialised when doing DPDK output.
* Fixed assertion failure when libwandio has an unexpected error.

We've also further improved the performance of the nDAG format.

The full list of changes in this release can be found in the libtrace ChangeLog.

You can download the new version of libtrace from the libtrace website.

15

Nov

2017

Libtrace 4.0.2 has been released today.

This release adds two new input formats: pcapng and nDAG.

This release also includes the following bug fixes:
* Fixed bad IPv6 fragment offset calculation that would randomly cause IPv6 packets to be incorrectly parsed.
* Fixed bug where SIGINT would cause parallel programs to assert fail.
* Fixed compilation issues caused by inconsistent BPF presence checks.
* Fixed errors in IPv6 and SCTP libpacketdump decoders.
* Fixed bug where a short cryptopan key would cause traceanon to assert fail.
* Fixed compilation error when building traceanon against new versions of libssl.
* Fixed bug where DPDK would not be detected if it had been built as a shared library.
* Fixed bug where the wrong parallel read function would be used by libtrace.

The full list of changes in this release can be found in the libtrace ChangeLog.

You can download the new version of libtrace from the libtrace website.

09

Oct

2017

Libprotoident 2.0.12 has been released.

This release is mostly a protocol database update. We've added 26 new protocols and updated a further 33 others since the last release.

We've also added a new category for IP Camera protocols. Some already existing protocols have been moved into this category to better reflect their purpose.

The full list of updated protocols can be found in the libprotoident ChangeLog.

Download libprotoident 2.0.12 here!

28

Jun

2017

Libprotoident 2.0.11 has been released.

Firstly, this release updates the existing tools to be compatible with both libflowmanager 3 and parallel libtrace. This means that the tools can now take advantage of any parallelism in the traffic source, e.g. streams on a DAG card or a DPDK-capable NIC.

Secondly, we've added 61 new application protocols to our set of detectable protocols, bringing the total supported number of applications to 407. A further 25 existing protocols have been updated to better match new observed traffic patterns.

Finally, there have been a couple of minor bug fixes as well.

Note that this release will require both libflowmanager 3 and libtrace 4, which means that you will likely have to upgrade these libraries prior to installing libprotoident 2.0.11. If this is problematic for you but you still want the new application protocol rules, you can use the '--with-tools=no' option when running ./configure to prevent the tools (which are the reason for the upgraded dependencies) from being built.

The full list of updated protocols can be found in the libprotoident ChangeLog.

Download libprotoident 2.0.11 here!

02

Jun

2017

Libflowmanager 3.0.0 has been released today.

The libflowmanager API has been re-written to be thread-safe (and therefore compatible with parallel libtrace), hence the major version number change.

The old libflowmanager API has been removed entirely; there is no backwards compatibility with previous versions of libflowmanager. If you choose to install libflowmanager 3 then you will need to update your existing code to use the new API. This should not be too onerous in most cases, as most of the old global API functions have simply been replaced with method calls to a FlowManager class instance. The README and example programs demonstrate and explain the new API in detail.

Note that much of our other software that relies on libflowmanager, such as the libprotoident tools and lpicollector, have NOT yet been officially released with libflowmanager 3 support. If you are currently using any of this software, you should continue to use libflowmanager 2.0.5 until we are able to test and release new libflowmanager 3 compatible versions.

You can download both libflowmanager 3 and libflowmanager 2.0.5 from our website.

Syndicate content