Version v26.04

Changes in version v26.04

PaFoS. Added the ability to select TLS ClientHello packets from traffic flow and package them into sFlow.

Now PaFoS can send sFlow with data characterizing the TLS client and generate TLS fingerprints. Upon receiving each unfragmented TLS ClientHello packet, PaFoS packages it into sFlow and sends it to the Collector.

This data can later be used for analytics and detection.

Detect. Added the "hpd" action for the mechanism of counting traffic matching a rule.

Now the host protection detector in MITIGATOR can mark traffic to IP addresses for which a threshold exceeding from a rule was detected on Collector.

Metrics. Added the ability to retrieve key router metrics via SNMP.

Now on Collector you can specify a list of OIDs for metrics of interest to users, such as CPU load, HDD utilization, and others. Metrics from these OIDs will be stored in Clickhouse for subsequent visualization on graphs.

Support in MITIGATOR will be added later.

Metrics. Added visualization of zero points on Flow graphs.

Now if Flow is not received by Collector, graphs display 0 instead of missing data.

Report. Added the ability to build reports and filter data by BGP attributes.

Collector receives routes from a BGP neighbor with AS Path, Community, Nexthop attributes and allows building reports and graphs on Flow, as well as filtering, based on these attributes.

Report. Added the ability to build reports based on sFlow for passed traffic from MITIGATOR.

Now Collector can differentiate sFlow for passed traffic from sFlow for dropped and incoming traffic. A “Pass” widget category has been added to the “Flow Analysis” page. The widgets in this category display sFlow from MITIGATOR for passed traffic.

BGP. Added the ability to announce prefix lists to a BGP neighbor from Collector.

In particular, the ability to announce a static route to a BGP neighbor has been added. The announcement policy is configured via GRPC API.