| 2022-05-26 08:03:30 |
Pavel Odintsov |
description |
Hello!
I'm Pavel Odintsov, author of FastNetMon tool: https://github.com/pavel-odintsov/fastnetmon/
I would like to kindly ask SRU for our package "fastnetmon".
FastNetMon is a part of Debian unstable https://packages.debian.org/sid/fastnetmon and we have active Debian backport for Debian 11 Bullseye.
Previous versions of FastNetMon (1.1.3 and 1.1.4) were a part of Ubuntu Bionic and Ubuntu Focal: https://packages.ubuntu.com/bionic/fastnetmon
After that due to multiple FTBFS issues our project was kicked out from Debian and we did not make it in stable Ubuntu LTS distribution which is the main distribution for us and most popular one among our customer base.
We did extensive work with out Debian maintainer and we addressed all FTBFS issues and improved our integration with Debian and upgraded FastNetMon to latests version 1.2.1 in Debian.
After that I can see that we made it to Kinetic: https://packages.ubuntu.com/kinetic/fastnetmon
May I kindly ask to re-add FastNetMon package for Ubuntu 22.04?
Below you can find SRU bug template filled as requested.
[Impact]
* Our users with Ubuntu LTS have no access to latest version of package and use very outdated version inherited from their installation during Ubuntu Focal and Ubuntu Bionic times
* Previous versions of FastNetMon (before 1.1.5) use very old and security risky parsers for Netflow and sFlow protocols. We completely rewrote them (https://github.com/pavel-odintsov/fastnetmon/blob/master/src/libsflow/libsflow.cpp and https://github.com/pavel-odintsov/fastnetmon/commit/7f214ccd2a025bebe32f90b158a541dd90ef2fbf) in releases starting from 1.1.5 using best security practices with solid test coverage.
* Missing IPv6 support in old version which exposes network to attacks which involve this protocol
* New algorithms required to detect modern DDoS attacks are missing in old versions
* To address lack of FastNetMon in official Ubuntu repositories we offer our own packages to customers from third party repositories which do not offer all benefits of official Ubuntu's repositories and we consider it only as temporoary solution.
[Test Plan]
* Our stable release 1.2.1 is based on long battle tested 1.2.0 which has more then 1000 active installation and we're not aware about any critical issues in this release.
[Where problems could occur]
* We expect potential issues with dependencies but we did extensive testing with Debian 11 during work on backports package.
* To reduce risk of potential dependency issues we decided to drop multiple features in our product which relied on software which was known to cause such issues (nDPI, Netmap and PF_RING). Instead, we moved on capabilities available in native Linux kernel such as AF_PACKET which offers great support on all wide range of platforms.
[Other Info]
* We will ba happy to assist Ubuntu security teams in case of any security issues with our product.
Let me know if you need more information.
Thank you for your time. |
Hello!
I'm Pavel Odintsov, author of FastNetMon tool: https://github.com/pavel-odintsov/fastnetmon/
I would like to kindly ask SRU for our package "fastnetmon".
FastNetMon is a part of Debian unstable https://packages.debian.org/sid/fastnetmon and we have active Debian backport for Debian 11 Bullseye.
Previous versions of FastNetMon (1.1.3 and 1.1.4) were a part of Ubuntu Bionic and Ubuntu Focal: https://packages.ubuntu.com/bionic/fastnetmon
After that due to multiple FTBFS issues our project was kicked out from Debian and we did not make it in stable Ubuntu LTS distribution which is the main distribution for us and most popular one among our customer base.
We did extensive work with out Debian maintainer and we addressed all FTBFS issues and improved our integration with Debian and upgraded FastNetMon to latests version 1.2.1 in Debian.
After that I can see that we made it to Kinetic: https://packages.ubuntu.com/kinetic/fastnetmon
May I kindly ask to re-add FastNetMon package for Ubuntu 22.04?
Below you can find SRU bug template filled as requested.
[Impact]
* Our users with Ubuntu LTS have no access to latest version of package and use very outdated version inherited from their installation during Ubuntu Focal and Ubuntu Bionic times
* Previous versions of FastNetMon (before 1.1.5) use very old and security risky parsers for Netflow and sFlow protocols. We completely rewrote them (https://github.com/pavel-odintsov/fastnetmon/blob/master/src/libsflow/libsflow.cpp and https://github.com/pavel-odintsov/fastnetmon/commit/7f214ccd2a025bebe32f90b158a541dd90ef2fbf) in releases starting from 1.1.5 using best security practices with solid test coverage.
* Missing IPv6 support in old version which exposes network to attacks which involve this protocol
* New algorithms required to detect modern DDoS attacks are missing in old versions
* To address lack of FastNetMon in official Ubuntu repositories we offer our own packages to customers from third party repositories which do not offer all benefits of official Ubuntu's repositories and we consider it only as temporary solution.
[Test Plan]
* Our stable release 1.2.1 is based on long battle tested 1.2.0 which has more then 1000 active installation and we're not aware about any critical issues in this release.
[Where problems could occur]
* We expect potential issues with dependencies but we did extensive testing with Debian 11 during work on backports package.
* To reduce risk of potential dependency issues we decided to drop multiple features in our product which relied on software which was known to cause such issues (nDPI, Netmap and PF_RING). Instead, we moved on capabilities available in native Linux kernel such as AF_PACKET which offers great support on all wide range of platforms.
[Other Info]
* We will ba happy to assist Ubuntu security teams in case of any security issues with our product.
Let me know if you need more information.
Thank you for your time. |
|
