arpsponge (3.17.11) unstable; urgency=low

  [Steven Bakker <steven.bakker@ams-ix.net>]
    * Don't die in test mode if socket fails.

  [Marco d'Itri <md@linux.it>]
    * Update the debconf compatibility level to 9
      9 is the oldest non-deprecated level.
      It is supported by oldoldstable so it should be safe enough.
    * Fix typos in the sample configuration.
      It's "/etc/default", not "/etc/defaults".
    * Add a PERMISSIONS configuration variable.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 14 May 2018 17:18:46 +0200

arpsponge (3.17.10) unstable; urgency=low

  * Remove dependency on "perl-modules"
    Packages should depend on "perl", not on "perl-modules", as
    explained in https://packages.debian.org/jessie/perl-modules.

    The dependency on "perl-modules" broke installs on Debian 9,
    where "perl-modules" has been replaced with "perl-modules-5.24".

    (Reported by Rasmus Åberg <rasmus@sthix.net> from Stockholm
    Internet eXchange.)

 -- Steven Bakker <steven.bakker@ams-ix.net>  Fri, 12 Jan 2018 18:22:31 +0100

arpsponge (3.17.9) unstable; urgency=low

  * Fix README -> README.md
  * Remove more SVN keywords

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 29 May 2017 10:37:26 +0200

arpsponge (3.17.8) unstable; urgency=low

  * Remove extraneous "or return".

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 29 May 2017 10:26:19 +0200

arpsponge (3.17.7) unstable; urgency=low

  * Fix copyright notices
  * Remove SVN keywords from misc. files

 -- Steven Bakker <steven.bakker@ams-ix.net>  Fri, 05 Feb 2016 11:40:05 +0100

arpsponge (3.17.6) unstable; urgency=low

  * Get rid of $REVISION/svn keywords.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Fri, 06 Mar 2015 18:46:37 +0100

arpsponge (3.17.5) unstable; urgency=low

  * init script start/stop/status return codes
  * Switch around changelog/Changelog symlink.
  * Get rid of debian/files in MANIFEST.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Fri, 06 Mar 2015 18:35:07 +0100

arpsponge (3.17.4) unstable; urgency=low

  [2014-11-24] - steven (r348)
    => init.d/arpsponge.sh:
        * Fix "status" to exit with appropriate code when there's no
          sponge running. Also don't try to send a USR1 signal when not
          running as root.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 24 Nov 2014 15:12:52 +0100

arpsponge (3.17.3-2) unstable; urgency=low

  [2014-10-23] - steven (r346)
    => debian/arpsponge.init, debian/conffiles:
        * Fix init file reference.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 23 Oct 2014 10:19:45 +0200

arpsponge (3.17.3-1) unstable; urgency=low

  [2014-10-23] - steven (r343-r344)
    => init.d/arpsponge.sh:
        * Use "/bin/sh" instead of "/bin/bash" for init script.
    => defaults.sample.src, sbin/arpsponge.pl:
        * Add support/doc for LOGMASK init variable.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 23 Oct 2014 10:16:15 +0200

arpsponge (3.17.2) unstable; urgency=high

  [2014-10-22] - steven (r338)
    => lib/M6/ARP/Event.pm:
        * Export event_err instead of event_errr.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed, 22 Oct 2014 17:04:26 +0200

arpsponge (3.17.1) unstable; urgency=low

  [2014-10-07] - steven (r336)
    => sbin/asctl.pl:
        * Fix "Use of uninitialized value within %state_table" warning
          when reloading.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 07 Oct 2014 11:31:45 +0200

arpsponge (3.17) unstable; urgency=low

  [2014-09-23] - steven (r317-r319)
    => lib/M6/ReadLine.pm:
        * Ignore SIGPIPE when piping to the $PAGER.
    => lib/M6/ARP/Log.pm:
        * Export log_debug() as well.
    => sbin/arpsponge.pl:
        * Fix setting of log_level on startup.

  [2014-09-24] - steven (r320-r333)
    => lib/M6/ARP/Const.pm:
        * Fix quoting in diagnostic message in parse_update_flags.
    => lib/M6/ARP/Log.pm:
        * Re-order some variable declarations. Use "reverse" to turn the
          int/string hash on its head.
    => sbin/arpsponge.pl:
        * The "M6::ARP::Sponge" object has no log_*() methods, so don't
          try to use them.
    => lib/M6/ARP/Log.pm:
        * Export print_log_level() as well.
        * Forgot the "reverse" the assignment to %STR_TO_LOGLEVEL.
    => lib/M6/ARP/Event.pm:
        * Add M6::Log::Event for event specific logging.
    => lib/M6/ARP/Control/Server.pm, lib/M6/ARP/Sponge.pm,
    => sbin/arpsponge.pl, sbin/asctl.pl:
        * Use the M6::ARP::Event module for event specific
          logging/filtering. Add asctl support for event filtering.
    => lib/M6/ARP/Control/Server.pm:
        * Use M6::ARP::Event.
    => lib/M6/ARP/Makefile:
        * Add Event.pm to Makefile.
    => lib/M6/ARP/Event.pm, lib/M6/ARP/Log.pm:
        * Remove prototypes where possible. Fix other prototypes to fold
          $fmt in @args.
    => sbin/arpsponge.pl:
        * Parse the loglevel argument before trying to set it...
    => sbin/asctl.pl:
        * Parse set_log_mask arguments based on the current log_mask, so
          we can do "set log_mask !alien" to subtract only "alien" from
          the current mask or "set log_mask +sponge" to add "sponge" to
          the current mask.
    => lib/M6/ARP/Event.pm:
        * When using the EVENT macros as keys in a hash, make sure to
          tack on "()", lest Perl will turn them into strings. Parse
          event mask against current setting.
    => sbin/arpsponge.pl, sbin/asctl.pl:
        * Add log_mask to POD info.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed, 24 Sep 2014 18:23:22 +0200

arpsponge (3.16) unstable; urgency=low

  [2014-07-21] - steven (r315)
    => defaults.sample.src, init.d/arpsponge.sh, sbin/arpsponge.pl:
        * Add "DISABLED" variable to init script and defaults. Fix
          arpsponge POD to sort the init script variables.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 21 Jul 2014 10:36:55 +0200

arpsponge (3.15.1) unstable; urgency=low

  [2014-06-10] - steven (r312)
    => MANIFEST:
        * Add TODO and debian/changelog.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 10 Jun 2014 13:50:27 +0200

arpsponge (3.15) unstable; urgency=low

  [2014-05-12] - steven (r304-r310)
    => sbin/arpsponge.pl, sbin/asctl.pl:
        * Update POD. Cross-reference ARP update flags between
          arpsponge and asctl.
    => init.d/arpsponge.sh:
        * Make "start" and "restart" do a re-read of the state table as
          well. Add a "flush" action to do a daemon restart with clean
          state table. Add "help" action to show more help.
        * Include SWEEP_AT_START option (--sweep-at-start).
    => sbin/arpsponge.pl:
        * Add --sweep-at-start option.
        * Tag manual and auto informs differently in the log.
        * Add SWEEP_AT_START to POD.
        * Make sure IP states are initialised with mtime of 0, so any
          initial sweep will sweep all silent IPs.
        * Live IPs are probed if their age is too high and they
          have no MAC address (regardless of --sweep-skip-alive).
    => lib/M6/ARP/Sponge.pm:
        * Add optional "time" argument to "set_state".

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 12 May 2014 13:44:37 +0200

arpsponge (3.14) unstable; urgency=low

  [2014-02-04] - steven (r299-r301)
    => Get rid of "given/when".
    => sbin/asctl.pl:
        * Check "arp_update_flags" on "inform" command.
    => lib/M6/ARP/Control/Base.pm:
        * Fix bad grammar in POD.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 04 Feb 2014 12:28:06 +0100

arpsponge (3.13.1) unstable; urgency=low

  [2013-06-03] - steven (r296)
    => Makefile:
        * Fix DIST target!

  [2013-12-28] - steven (r297)
    => lib/M6/ARP/Control/Base.pm:
        * When sending data on a control socket, temporarily force
          blocking to avoid socket overflow on large data buffers
          (causing the client to miss the READY marker and thus wait
          indefinitely).

          Found by Niels Bakker and Attilla de Groot, when running "show
          ip" on a /19.

          This is a stop-gap, really. A malicious client could
          connect, send many requests, and never read back the
          results, causing the socket to fill up and at some point,
          the arpsponge daemon to hang.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 02 Jan 2014 15:43:15 +0100

arpsponge (3.13) unstable; urgency=low

  [2012-09-12] - steven (r288)
    => sbin/asctl.pl:
        * If the input does not come from an interactive terminal, the
          $TERM object is not initialised, so we shouldn't try to call
          methods on it.

  [2012-10-08] - steven (r289)
    => Makefile:
        * Fix intermediate file creation in dist making.

  [2013-03-30] - steven (r290)
    => sbin/arpsponge.pl:
        * POD fixes, courtesy of Chris Caputo, SIX (Seattle Internet
          Exchange).

  [2013-05-01] - steven (r291-r293)
    => debian/control:
        * Fixed dependency on libnetaddr-ip-perl. Dependency was
          based on AMS-IX specific local install (which was newer for
          an unrelated reason). Dependency is now on the default
          squeeze version.
    => init.d/arpsponge.sh, lib/M6/ARP/Control/Server.pm,
    => sbin/arpsponge.pl, sbin/asctl.pl:
        * Added patch for "--sweep-skip-alive" by Chris Caputo (SIX).
          Also added controls for run-time setting. Updated asctl's POD.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed, 01 May 2013 16:31:47 +0200

arpsponge (3.12.2) unstable; urgency=low

  [2012-08-14] - steven (r285)
    => sbin/arpsponge.pl:
        * Don't give "-1" as a count argument in pcap_dispatch(). If the
          box is hammered with traffic (like, 100Mb/s non-stop), it will
          starve all other tasks on other file descriptors.

          Chose a reasonable default, that will still allow for some
          interactive response.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 14 Aug 2012 21:38:13 +0200

arpsponge (3.12.1) unstable; urgency=low

  man/Makefile:
    - Fixed POD building.
    - Fixed dist building.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 20 Sep 2011 13:59:00 +0200

arpsponge (3.12) unstable; urgency=low

  Changelog, debian/changelog
    - Replaced changelog with symlink to ../Changelog.
    - Changelog is now in Debian format.

  M6::ARP::Sponge:
    - Make the "pending:" log line the same as sponging/unsponging.

  Makefile, rules.mk:
    - Fixed "dist" target building.
    - Fixed dpkg building for "make dpkg".
    - Fixes for nroff targets. Automatic version determination.
    - Pre-format the "asctl" man page as well for the "dist" target.

  README:
    - Updated Perl requirements.
    - Re-tabbed.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 20 Sep 2011 13:32:36 +0200

arpsponge (3.11) unstable; urgency=low

  arpsponge:
    - Tiny, but significant bug in the code for sending ARP updates:
      we checked whether we had a MAC address in our ARP table for
      the target IP, but we didn't check whether it was actually ALIVE.

    - Added an early check for non-nullness of arp_update_flags(),
      to short-circuit the nested if()s in the code for sending ARP
      updates.

    - The "inform" command will send updates for DEAD addresses using the
      sponge's own MAC address, so we can issue "inform all about dead".

  asctl:
    - Improved feedback format of "inform" command.
    - Better time estimation for "inform".
    - Added possibility for "inform" command to take IP filters,
      rather than just IP ranges (e.g. "inform alive about dead").
    - Check for and avoid adjacent duplicates in history list. Fixed
      filtering for "show ip pending".

  M6::ARP::Sponge:
    - Log string for "sponging" consistent with "clearing" and
        "unsponging" now.

  Packaging:
    - Fixed binmode for utilities.
    - Remove dependency on libsys-syslog-perl, in preparation
      for debian-squeeze.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 23 Aug 2011 15:27:01 +0200

arpsponge (3.10-1) unstable; urgency=low

  * 3.10 production release.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 19 Jul 2011 10:36:24 +0200

arpsponge (3.10-0.20) unstable; urgency=low

  * 3.10-beta15

  asctl:
    - Parse a little more loosely on the status file. Initialize
      counters for STATIC as well.

  M6::ReadLine:
    - print_output should not append a newline if the text is
      all empty.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 07 Jul 2011 17:48:21 +0200

arpsponge (3.10-0.19) unstable; urgency=low

  * Added dependency on libterm-readkey-perl

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu,  7 Jul 2011 17:22:14 +0200

arpsponge (3.10-0.18) unstable; urgency=low

  * 3.10-beta14

    M6::ReadLine:
      - Use of $PAGER only if output is a terminal and we are
        using ReadLine.
      - Make sure print_output returns sensible values.

    asctl:
      - Dump status command can now also dump to arbitrary file; the
        client will take care of parsing and writing.

      - More appropriate exit status (in case of non-interactive run,
        exits with 0 only if the command was successful).

      - Better error formatting. Moved fmt_text from asctl to
        M6::ReadLine.

      - Added --quiet option.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 07 Jul 2011 16:39:31 +0200

arpsponge (3.10-0.17) unstable; urgency=low

  * 3.10-beta13

  init.d/arpsponge:
    - Dump status before stopping as well.

  asctl:
    - Fix reply mapping/splitting in asctl. Fix typo in comments in
      arpsponge.

  M6::ARP::Queue:
    - Added level of indirection in Queue data. Object hash was
      storing max_depth parameter and ip queues at the same level,
      causing problems when clear_all was called.


 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed, 06 Jul 2011 17:00:32 +0200

arpsponge (3.10-0.16) unstable; urgency=low

  * 3.10-beta12

  arpsponge:
    - Don't clear is_dummy() when running as a daemon.
    - It's $eth_obj->{dest_mac} instead of "dst_mac"...
    - The init_state() function is now called with an integer
      argument (i.e. already translated state), but was still trying
      to look up the state in a hash, resulting in state "undef" for
      all IPs (i.e. equivalent to state NONE).
    - Added note about status loading in POD.

  asctl:
    - Added "load status" and "dump status" to asctl.

  lib/M6/ReadLine.pm:
    - Add argument type "filename" and filename completion.
    - Added a "yesno" prompting interface:
        if (yesno("question", "yN")) { ... }

  init.d/arpsponge:
    - (Force-)reload now causes the state to be re-read.
    - Fixed use of "ls" to find files.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed,  6 Jul 2011 11:31:39 +0200

arpsponge (3.10-0.15) unstable; urgency=low

  *  3.10-beta11

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 23 Jun 2011 12:28:15 +0200

arpsponge (3.10-0.14) unstable; urgency=low

  * Minor fix for dummy mode.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 23 Jun 2011 12:18:56 +0200

arpsponge (3.10-0.13) unstable; urgency=low

  * 3.10-beta10

  lib/M6/ARP/Const.pm:
    - Added is_valid_state to the exportable functions list.

  debian/control:
    - Added extra dependencies.

  arpsponge:
    - Added extra info for arp spoofing log messages (dst mac).

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 23 Jun 2011 11:23:49 +0200

arpsponge (3.10-0.12) unstable; urgency=low

  * 3.10-beta9

  asctl:
    - Fixed POD and help.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed, 22 Jun 2011 10:50:14 +0200

arpsponge (3.10-0.11) unstable; urgency=low

  * 3.10-beta8 (see entry below)

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 14 Jun 2011 15:49:27 +0200

arpsponge (3.10-0.10) unstable; urgency=low

  * 3.10-beta7/beta8

  arpsponge, asctl:
    - Added arp_update_flags to specify how to force neighbor
      cache updates.
    - Added log_level to specify the minimum log level.
    - Split off some of the output from "show status" to new
      "show parameters".
    - Added "set log_level".

  asctl:
    - Parameter names for "set" now use underscores
      instead of hyphens.

  general:
    - Logging split off into separate module (M6::ARP::Log).
        - Rename verbose/sverbose to log_verbose, log_sverbose.
    - State and update flag definitions defined in separate module
      (M6::ARP::Const), making it easier for server and client
      to share these values.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 14 Jun 2011 12:10:10 +0200

arpsponge (3.10-0.9) unstable; urgency=low

  * 3.10-beta6

    arpsponge:
      * The actual select/dispatch bit has been split off
        from packet_capture_loop() into handle_input().
      * Instead of calling sleep() between sending packets,
        the probe/sweep loops use handle_input() so they can
        still process packets/commands during their idle moments.
        This hopefully reduces the chances of missing ARP replies
        and keeps the sponge responsive during probe/sweep runs,
        even if the proberate is set low.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu, 09 Jun 2011 16:50:15 +0200

arpsponge (3.10-0.8) unstable; urgency=low

  * 3.10-beta5

    asctl:
      * Small fix in asctl for "ping" command arguments.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed,  8 Jun 2011 16:16:13 +0200

arpsponge (3.10-0.7) unstable; urgency=low

  * 3.10-beta4

 -- Steven Bakker <steven.bakker@ams-ix.net>  Fri, 13 May 2011 15:20:37 +0200

arpsponge (3.10-0.6) unstable; urgency=low

  * 3.10-beta3

    general:
      * Added dependency on Term::ReadLine::Gnu.

    asctl:
      * Always use STDIN and STDOUT as in/output in Term::ReadLine.
      * Fix verbosity in the face of interactiveness.
      * Non-interactivity implies no ReadLine.
      * Make sure history is read and written.
      * Match prefixes for commands and arguments.
      * Output/Error messages more consistent.

    arpsponge:
      * Control socket permissions.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 09 May 2011 15:19:15 +0200

arpsponge (3.10-0.5) unstable; urgency=high

  * 3.10-beta2

  Code cleanups all around.

  Major changes:

    * AV Feature request implemented.
    
      Some routers do not update their ARP cache when an
      IP gets unsponged. There are two cases in which this
      can happen:
      
        1.  A and B have a direct peering. A goes down, address gets
            sponged. B ARPs for A, gets the sponge's MAC and starts
            trying to set up BGP sessions to it (port 179 SYN). When
            A comes back, B for some reason does not update its ARP
            cache and continues to think A is behind the sponge's MAC.

            We're not sure why this happens. Normally, A would try to
            re-establish its peerings as well (often also sending out
            a gratuitous ARP), and B should quickly find out A's new address,
            since it's getting BGP SYNs from it. Perhaps A has its peerings
            configured in passive mode and doesn't send gratuitous ARPs, but
            then, most routers ARP for their peer before attempting to
            connect. In this case, B apparently doesn't ARP for A (or it would
            find out A's real address), but rather it seems to hold on to
            the cached (sponged) ARP entry until it times out.

        2.  There is no direct BGP session between A and B, but they exchange
            prefixes over a routeserver instead, AND the data flow is only in
            one direction (i.e. asymmetric routing):

                           ->-> [C] >->-
                          /             \
                         |               |
                  (data) | -<-<-<-<-<-<- |
                         |/             \|
                        [A]             [B]
                          \             /
                  (BGP)    -<-> [RS] <->

            If A gets sponged, RS loses the peering with A, and
            will withdraw A's routes, so B will stop sending
            traffic to A.

            Now, when A gets back, it will re-establish its direct
            peering sessions, updating its peers' ARP caches appropriately
            (including that of RS).

            If, however, for some reason, B got hold of the sponged
            mapping while A was down, it will start sending traffic
            to the sponge thinking it is using A as next-hop. It will
            continue doing so until its ARP entry for A times out.

            AFAICS, this can happen only for two reasons:

              * B's ARP entry for A timed out and it was somehow
                attempting to send traffic to A. This would indicate
                a (probably very) slow withdrawal of A's prefixes by
                RS, or (more likely), someone trying to ping A from
                behind B.

              * B picked up the gratuitous ARP from the sponge. When A
                came back it (A) did _not_ send a gratuitous ARP, so
                B still thinks A is at the sponge's HW address.

            Given the usual configuration of a 4 hour ARP timeout,
            the first scenario is not so likely.

      In any case: in order to fix this, we need to update B's ARP cache.
      In order to do that, we need to know A's IP address. Unfortunately,
      in case "2" we cannot know that, since there is no BGP traffic
      between the two, so the destination IP is that of the final
      destination.
      
      In case "1" however, it's easy: the destination IP is that of A.

      Now, how do we update B's ARP cache?  One way is by sending a
      gratuitous arp on behalf of A.  However, this is yet another
      broadcast, which is exactly what we're trying to avoid.

      Therefore, we fake two unicast ARP packets from A. When
      misdirected IP traffic ends up at the sponge, it will
      send two ARP packets back to the source: a unicast reply
      followed by a unicast request in the hopes that one of these
      will trigger an update of the ARP entry at the other side:

        ARP <IP-A> IS AT <MAC-A>
        ARP WHO HAS <B> TELL <IP-A>@<MAC-A>

      Testing suggests that Linux's ARP cache responds to the unicast
      request, but not the reply. Still, the request above would result
      in a reply from B back to A (who actually didn't initiate the
      request). We could try:

        ARP WHO HAS <A> TELL <IP-A>@<MAC-A>

      I.e., a unicast proxy gratuitous ARP request :-)

    * UNIX control socket for the daemon.
        * asctl and aslogtail "clients" for the control socket.

    * Speed improvements:
        * IP and MAC addresses are kept as hexstrings internally.
        * Packet decoding now done using self-written code to prevent
          binary -> dotted-quat -> hex translations.

  arpsponge:

    * Signals are now masked with sigprocmask().
    * Reworked event loop for more accurate timing.
    * Fixed set_pending/incr_pending so it will log per
      pending update.
    * The "notify" socket has been removed. There is now a UNIX control
      socket that can be used to send commands and receive log events.
    * Default "rundir" (--rundir) used to set default values for
      statusfile, pidfile and control socket.
    * --daemon=pidfile replaced by --[no]daemon and --pidfile=file
    * Restored --verbose and --dummy functionality.

  asctl, aslogtail:

    * new

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 26 Apr 2011 16:52:17 +0200

arpsponge (3.10-0.4) unstable; urgency=high

  * 3.10-beta

 -- Steven Bakker <steven.bakker@ams-ix.net>  Fri, 22 Apr 2011 17:43:08 +0200

arpsponge (3.10-0.3) unstable; urgency=high

  * 3.10-alpha2

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 10 Aug 2010 17:03:35 +0200

arpsponge (3.10-0.2) unstable; urgency=high

  * 3.10-alpha

  * 17.nov.2010 - steven

    Backported fixes from mon-eun-014 for the signal handling.

    Notify FIFO no longer default on init startup.

    More robust init script. Don't execute the daemon if
    SPONGE_DEBUG or SPONGE_DUMMY is set.

  * 07.oct.2010 - steven

    Added flood protection by limiting the significance of
    ARP queries if they all come from the same source.

    Add src_ip to the queue as well, and when the queue is full, collapse
    entries of the same source if they are timed too closely together 
    (less than 1/$flood_protection_rate).

        * Take list:
            [t0, s1], [t1, s2], [t2, s2], [t3, s1], [t4, s2], [t5, s2]

        * Sort by SRC, then TIMESTAMP:
            [t0, s1], [t3, s1], [t1, s2], [t2, s2], [t4, s2], [t5, s2]

        * Reduce closely spaced entries from the same SRC:
            [t0, s1], [t3, s1], [t1, s2], [t4, s2]

        * Sort by TIMESTAMP again:
            [t0, s1], [t1, s2], [t3, s1], [t4, s2]

    Advantage: works even if multiple sources are spamming us with
    ARP queries. Flood protection overhead only kicks in when queue
    is full and apparent rate (i.e. pre-reduce) > max-rate.

    Disadvantage: more state to keep, more processing when queue is
    full.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 10 Aug 2010 17:03:35 +0200

arpsponge (3.9.5-3) unstable; urgency=high

  * 10.aug.2010 - steven
    - Added LSB headers for init script.
    - Added post/pre scripts to make initscript handling smooth.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Tue, 10 Aug 2010 17:03:35 +0200

arpsponge (3.9.4-1) unstable; urgency=high

  * 12.apr.2010 - steven
    Remove useless reference to Net::PcapUtils from Sponge.pm.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Mon, 12 Apr 2010 10:36:21 +0200

arpsponge (3.9.3-1) unstable; urgency=high

  * Signals set flags. These flags get evaluated before a packet is
    processed. This might solve the crashes since Debian Etch. 
    This change was made after a hint from dvorak.

 -- Steven Bakker <steven.bakker@ams-ix.net>  Thu,  8 Apr 2010 19:07:58 +0200

arpsponge (3.9.2-2) unstable; urgency=high

  * Changed architecture to "all" (instead of "any").

 -- Steven Bakker <steven.bakker@ams-ix.net>  Wed,  7 Apr 2010 22:52:35 +0200

arpsponge (3.9.2) unstable; urgency=high

  * See upstream Changelog.

 -- Arien Vijn <arien.vijn@ams-ix.net>  Sat, 26 Jan 2007 22:00:00 +0100

arpsponge (3.9.1) unstable; urgency=low

  * Pretty stupid bug in init.d script. Called the sponge with:

        --queuedepth=${QUEUE_DEPTH}
        --queuedepth=${RATE}

    Obviously, the second option should have been "--rate"; this
    caused the production install to run with a queue depth of 50,
    which works miraculously well. ;-)

  * Added the PROBERATE variable.

  * Added defaults.sample file.

  * Added some more info in do_status.

  * Fine-tuned logging information. For instance, a log entry is
    printed when we clear a pending entry.

 -- Steven Bakker <sb@ams-ix.net>  Wed, 26 Oct 2005 12:07:00 +0200

arpsponge (3.9) unstable; urgency=low

  * Something (syslog?) is causing clone() calls, which exit using
    EXIT{} block which tends to unlink() the PID file :-(
    Traces seem to indicate that the clone()-d process is connected
    to syslog, since it opens "/dev/console" which is typically a
    last resort for failed syslog() connections.

    As a first fix, I modified the EXIT{} block to only unlink()
    the pid file if the pid of the current process ($$) matches
    that of the master ($wrote_pid).

    Second, I modified the code a bit to also log when dumping
    status (if no filename is set, it will use /dev/null), and
    to log a summary of the status.

    Finally, the "probed 0 IP addresses" messages should have
    gone from the log now...

 -- Steven Bakker <sb@ams-ix.net>  Mon, 24 Oct 2005 15:23:00 +0200

arpsponge (3.8) unstable; urgency=low

  * Updated init script to move away from $SPONGE_OPTS and have a
    more flexible set-up using separate variables which can be
    overridden in the individual interface files.

    This breaks the old syntax! Instead of a single string
    in /etc/default/arpsponge/ethX (namely the network/prefix),
    we need to define "NETWORK=network/prefix". It is also possible
    to override the device "ethX" by setting "DEVICE".

  * Added POD documentation for the new init set-up.


 -- Steven Bakker <sb@ams-ix.net>  Wed, 19 Oct 2005 23:25:00 +0200

arpsponge (3.7) unstable; urgency=low

  * Fixed the f*cking call to f*cking Net::ARP::get_mac($dev, $mac).
    It never wanted a reference as the second parameter, which
    is bad enough in itself, but newer versions don't like an
    undef or empty value for $mac either :-(

 -- Steven Bakker <sb@ams-ix.net>  Fri, 30 Sep 2005 18:10:00 +0200

arpsponge (3.6.4-1) unstable; urgency=low

  * Dependency fixes.

 -- Steven Bakker <sb@ams-ix.net>  Fri, 30 Sep 2005 17:49:00 +0200

arpsponge (3.6.4) unstable; urgency=low

  * Fixed POD section for --init. In the OPTIONS section, it was
    missing the "NONE".

 -- Steven Bakker <sb@ams-ix.net>  Thu, 28 Jul 2005 12:41:00 +0200

arpsponge (3.6.3) unstable; urgency=low

  * See upstream Changelog.
  * Fixed POD comments regarding LEARN state. Added check for
    --dummy and --daemon (mutually exclusive). Added comment
    about this in POD.
  * Added some verbosity in M6::ARP::Sponge::set_alive().

  * Fixed verbosity in do_learn.


 -- Steven Bakker <sb@ams-ix.net>  Wed, 20 Jul 2005 13:11:00 +0200

arpsponge (3.6.2) unstable; urgency=low

  * Fixed "rate" calculation. Off-by-one error spoiled the calculation :-(

 -- Steven Bakker <sb@ams-ix.net>  Mon, 11 Jul 2005 13:11:00 +0200

arpsponge (3.6.1) unstable; urgency=low

  * Four ways to initialise the program:
    * --init=DEAD
    * --init=ALIVE
    * --init=PENDING
    * --init=NONE

  * LEARN state does not probe, only listen.


 -- Steven Bakker <sb@ams-ix.net>  Mon, 27 Jun 2005 14:01:34 +0200

arpsponge (3.5) unstable; urgency=low

  * Incorporated Arien's ideas:
  
    * Start in LEARN state, where we probe every second or so, for
      "--learn" times. During this period, we do not sponge addresses,
      we only probe and learn.
    * Rewrote the handling of pending addresses. Pending addresses are
      now probed once per second for max_pending times. The previous
      behaviour was to probe a pending IP whenever an ARP query for it
      came in. If the incoming rate is high enough, we exhaust our pending
      probes before the target IP has a chance to answer.

  * Added ARP rating through the "--proberate" option. Throwing ARP
    queries at the interface at full CPU speed causes many packets to
    be dropped, whether it's at the interface, the LAN (switch), or
    the receiving end. Besides, broadcast storms are the very thing
    we are trying to avoid here.

  * --dummy now sends probes, but never sponged answers. Previously
    it was not sending probes either, making it difficult to test the
    sweeping/probing code.


 -- Steven Bakker <sb@ams-ix.net>  Thu, 12 May 2005 16:35:00 +0200

arpsponge (3.4.1-1) unstable; urgency=low

  * Logging fixes. One log line for a sponge event.
  * Also log/notify for "pending" states.
  * Various POD fixes.

 -- Steven Bakker <sb@ams-ix.net>  Tue, 10 May 2005 14:25:00 +0200

arpsponge (3.4-2) unstable; urgency=low

  * Renamed to "arpsponge" to prevent lawsuits :-)
  * Cleaned up a bunch of stub files in the debian directory.

 -- Steven Bakker <sb@ams-ix.net>  Mon, 09 May 2005 18:03:00 +0200

arpsponge (3.3.2-1) unstable; urgency=low

  * "misfit" ARPs now get their src MAC logged as well.

 -- Steven Bakker <sb@ams-ix.net>  Tue, 03 May 2005 13:15:00 +0200

arpsponge (3.3.1-1) unstable; urgency=low

  * Added check for "misfit" ARPs and logging of those.

 -- Steven Bakker <sb@ams-ix.net>  Tue, 03 May 2005 13:15:00 +0200

arpsponge (3.3-1) unstable; urgency=low

  * Added "HUP" signal to arpswiffer. Added README file.

 -- Steven Bakker <sb@ams-ix.net>  Tue, 03 May 2005 11:48:00 +0200

arpsponge (3.2-1) unstable; urgency=low

  * Sponge.pm "set_alive" needs to check for local IP, otherwise the
    state table gets contaminated.

 -- Steven Bakker <sb@ams-ix.net>  Sun, 01 May 2005 11:48:00 +0200

arpsponge (3.1-1) unstable; urgency=low

  * Properly Debianized.
  * Added code to recognize the duplicate detection packets from
    DHCP clients.

 -- Steven Bakker <sb@ams-ix.net>  Sat, 30 Apr 2005 22:43:05 +0200
