v2.6: End of the line for darkstat 2 (Jean-Edouard Babin) DLT_PPP_SERIAL linktype Print warnings from pcap_open_live() Considerable source code clean-up Updated to gettext 0.11.5, autoconf 2.57, automake 1.7 Using ACX_PTHREAD macro in configure script (Daniel Lublin) WWW: Added title="..." to graph bars po: updated nl, added sk, added sr v2.5: (Stefan Haenssgen) DLT_PPP linktype (Maxim Golov) DLT_NULL linktype Added contrib/ Added clean in src/Makefile.am to remove darkstat.db and friends Changed graph initial positions (fixed 2.4 problem) Changed how rotation happens (fixed 2.4 over-rotation problem) Days now rotate at midnight, regardless of starting time Graphs now rotate even if no packets are coming in Broke DB format (yay!) Added --detach Fixed spylog timestamping again po: Added MS (Malay) WWW: (graph) Fixed bar label numbering WWW: (graph) Added column number to alt="" text v2.4: (AJR) Save and load starting time in database graph rotation is now correct between runs (AJR) WWW: Added bar labels on html_graph()s WWW: Improved headers Fixed spylog timestamping (it was off by a month) v2.3: Fixed gettext() stuff under Solaris 8 (thanks Fabrice) Fixed -lpthreads under Solaris 8 (thanks Fabrice) Stripped out stupid pthreads-config stuff Fixed binding to INADDR_ANY by default WWW: Added exact in/out values in html_graph WWW: Fixed graph crazyness (no more over-tall graphs) Fixed DLT_RAW linktype (thanks Ark) (Oleg) Added pidfile (Oleg) WWW: Added /info/ (Oleg) WWW: Improved redirection po: nl updated v2.2: Reordered the autoconf tests Added check and workaround for DLT_LINUX_SLL (used to trip up on older libpcaps) po: added ES, HU, NL Split accounting and spylog into separate threads Cleaned up threads and shutting down (Oleg) Added -P for non-promiscuous sniffing (Oleg) Added -e to pass bpf filter expression to acct_pcap v2.1: po: renamed Chinese translations to zh_CN, zh_TW po: added FR, pt_BR, SV po: added /* TRANSLATORS: */ hints in www.c Stats change - protocol accounting is done for in, out and "other" (this breaks DB format. again.) Better detection of what the local machine can and can't do with 64-bit numbers, more optimisations to bignum --spy now takes an interface name so you can capture HTTP requests on the LOCAL interface (and get the client's IP) --spy filtering done through libpcap (probably more efficient) Improved reporting of libpcap errors All ftp-data connections are treated as one port locally (jib) Match service names to ports (jib) v2.0: Rewrote bignum code (simpler and faster now) Stripped useless checks from configure.ac Fixed bind_textdomain_codeset problem with glibc 2.1 Improved HAVE_QUAD detection Split host_db into 256 class A tables for faster searching WWW: Added unique hosts count to frontpage Stats change - protocol accounting is done even if packets aren't bound for local IP. Updated manpage Rewrote saving/loading code, new binary DB format (breaks compatibility with old DB format) Added webspy functionality using --spy parameter (sniffs out HTTP requests and logs them) v1.31: (jumped 28 point releases in a single bound! -- it won't happen again) Should work on PPP links now (thanks to Brian May) Should compile on Solaris out-of-the-box (thanks to trnepal@papuasia for a shell) v1.3: Internationalization! WWW: Can be bound to a specified local IP using the -b parameter (thanks to Noam Sturmwind) WWW: Fixed rare-ish segfault in host sorting v1.21: Fixed broken 64-bit math on platforms that can't do native long longs (you know, like FreeBSD on i386) v1.2: Random bugfixes WWW: Sort hosts by IP or ports by number WWW: Added refresh on every page Fixed usage notice somewhat v1.1: Plays nice with an FDDI All protocols are accounted for, only those which have seen data get in the web report though. Quiet mode is now default, packet dumps with -v (verbose) v1.0: Fixed memory overflow in content.c when generating a very large report Optimized compile - default (disable with ./configure --disable-opt) Optimisation is soft because the FreeBSD GCC can generate bad code Added check for pcap/pcap.h (some RH distros like to misplace pcap.h) darkstat is installed into $PREFIX/sbin/ Fixed memory leaks in WWW header generation and port sorting v1.0p1: Compiles and runs under FreeBSD Better way of aborting execution and synchronising threads No more graph thread - rotation happens based on libpcap timestamps --> Far more accurate --> No more graph gaps due to time skew --> No gaps on platforms like FreeBSD where captured packets come through in bursts. Simpler and much more efficient way of accounting for protocols httpd is now single threaded - no more nested pthreads Using autoconf and automake for easier building Made graphs stacked and changed color scheme Made DNS control a little neater Minimum time requirement between DB saves to limit save-thrashing during high traffic periods. More correct headers in HTTPD for cacheability of GIFs v0.9: Native 64-bit arithmetic if the platform supports it --> must define HAVE_QUAD in version.h --> leads to much faster report generation (no constant malloc/free abuse) Correct accounting of NAT-mangled packets with Linux 2.4.x kernels WWW: got rid of dates in HTTP headers (unnecessary) v0.8: Fixed report sorting bug that only showed up after more than 4GB was transferred. Content optimisations WWW: optimisations WWW: tweaked no-cache HTTP headers DNS resolution can be toggled through the web interface DNS "cycling" for one-shot reverse-resolution sprees Fixed initialisation bug that would create a redundant localhost entry on restart Fixed segfault that would occur when run without root privileges v0.71: WWW: Numbers show up right-aligned - Willy Frissen says it looks better DNS resolution can be disabled with a commandline argument (Jason Whiting's idea) v0.7: Cleaner starting/stopping of threads darkstat will freakout() and dump db if it loses a child thread for no reason Raw IP support for devices that do it thanks to Sean MacLennan and his DSL modem Start capturing AFTER threads are up WWW: better html_graph() construction "Last 24 hours" no longer too thin WWW: cosmetic changes (CSS, linkbox) WWW: titles WWW: Port reports can be sorted and limited Lots of under-the-hood error checking (buffer overflows and such) WWW: More robust handling of high traffic --> send() will no longer raise SIGPIPE --> accept() will no longer kill all of darkstat on lost connection --> incomplete request no longer causes a segfault WWW: Faster, neater generation of reports v0.6: 'make opt' for an optimized compile with less debugging bloat and more inlining 'make clean' now deletes old database files Graph rotation doesn't skew any more (it's more accurate) More accolades WWW: Cleaned up header generation WWW: Doesn't generate line feeds in HTML -> smaller HTML output WWW: Added a navigation box to every page WWW: Added link to darkstat homepage WWW: Added "Running since" WWW: Prettied up generated reports (especially hosts) WWW: Child processes accept and close connections --> cleaner shutdown, hopefully no more stale connections stuck in "CLOSED" state WWW: REUSEADDR for restarting when there are TIME_WAIT state sockets still around WWW: Using pthreads instead of fork(), hopefully no more dead processes hanging around WWW: Better handling of requests, you can now do telnet GETs Commandline argument parsing --> specify a custom web interface port --> different way of specifying stats interface --> specify a directory for the darkstat database to reside in WWW: Host reports are sorted and can be limited (top 25 instead of whole db) v0.5: Apparently it's very easy to get darkstat to compile under Solaris 8 --> added hints to Makefile and main.c --> thanks go to Fabrice Gonton for pointing this out add_64bit now only needs a dword as the second argument (simpler) tagged a heap of functions as inline made an attempt to fix up header files - minimal #inclusion commandline -q now silences DNS and WWW threads and also packet totals fixed blank.gif in WWW (it loads properly now) overhaul of graph. added minute, hour, and day graphs. --> graphs are now kept as i64s instead of dwords (more capacity) --> graphs are loaded and saved like everything else load_db() is looking very ugly prettied up the WWW source a lot, it's looking much more legible now Added daily traffic logging for long-term stats Added commas in reported numbers for more legibility v0.4: fixed up number types fixed problem with printing numbers > 2^31 made i64 struct for 64-bit numbers (as a pair of 32-bit numbers) DNS resolver now loops over the host_db even if hasn't seen any new entries to ensure we resolve as much as possible optimised host_db searching to speed up stat gathering added uptime counter (how long we've been keeping stats) added network [ab]use graph --> last 60 seconds only, more graphs coming later v0.3: www interface slowly becoming less messed up now returns content-length and also generates and sends entire page at once --> less locking/unlocking mutexes, less network overhead No more UDP port stats (old datafiles are "incompatible") (i.e. they will be truncated) TCP ports are only added when the local host gets a connection (hooray for useful stats) TCP decoding: fixed flags, added seq and ack Fixed loopback sniffing (I hope) v0.2: darkstat now divines the local address of an interface itself Interface is passed on the commandline Changed the www no_proxy header Implemented tcpdump-esque console output while sniffing -q commandline argument to turn off console output (less CPU usage) Better handling of non-IP packets in output v0.1: Initial revision Doesn't compile without source modifications Lots of important settings hard-coded in well-hidden places all over the source "tree"