Skip to content

Releases: OpenLI-NZ/openli

OpenLI 1.1.10

05 Nov 02:10
Compare
Choose a tag to compare
  • RADIUS: Accounting Response packets no longer need to be seen by the collector; session state updates are now inferred from Accounting Requests automatically without the need to see the matching Response.
  • Collector: using multiple forwarding threads now actually behaves as expected.
  • Collector: support the use of zero GTP, SMS, or email worker threads. Having no SMS worker threads, in particular, can increase collector performance for operators who do not require SMS interception.
  • Collector: reduce CPU usage in encoder worker threads when they are idle.
  • Collector: improve performance when copying packets to distribute to other worker threads.
  • Voice: fix bug where the RTP stream might not be intercepted if there are multiple intercepts configured for the same target.
  • Mediator: fix bug where a restarted mediator using RabbitMQ would never receive intercept records from a collector.
  • SIP: fix bug where SIP sessions using TCP keepalives would not be intercepted due to errors in the TCP reassembly code.
  • SIP: fix crash caused by incorrectly freeing a packet that had been claimed by the TCP reassembler.
  • SIP: fix bug where SIP messages that do not begin at the start of the TCP payload would not be intercepted or used to update the call state.
  • SIP: assume TCP packets for a stream are lost forever if the gap between the expected sequence number and the observed packets exceeds 64KB.
  • SIP: reset the SIP and TCP reassembly state for TCP streams where a packet has been lost or the SIP parser reported an error.
  • SIP: fix bug that caused an assertion failure in find_sip_message_end() when processing a TCP SIP stream after a packet was lost.

OpenLI 1.1.9

02 Oct 00:32
Compare
Choose a tag to compare
  • RADIUS: fix crash that can occur under very rare circumstances due to a dangling user record pointer in an old unmatched request.
  • RADIUS: fix bug where CINs for all RADIUS sessions were zero.
  • Fix potential silent exit in collector if a packet cannot be copied to be sent to another thread.
  • Mobile data: move processing of GTP traffic / sessions into separate worker threads.
  • Mobile data: add (experimental) support for intercepting GTP-U traffic for sessions where the GTP-C identity matches an intercept target.
    Only applies to GTPv2 sessions -- no CC interception is performed for GTPv1 sessions (i.e UMTS-CCs).
  • Mobile data: add support for intercepting GTP-C traffic for intercept targets and encoding it as either EPS-IRIs (for GTPv2) or UMTS-IRIs
    (for GTPv1).
  • Mobile data: IP-based mobile intercepts are now encoded as EPS-CCs, instead of UMTS-CCs.
  • Mediator: allow RabbitMQ internal password to be specified using either RMQlocalpass OR RMQinternalpass config options, so
    as to match the existing documentation.
  • SIP: fix bug where RTP would not be intercepted if the SIP traffic is proxied back to the original source IP.
  • SIP: fix assertion failure when reassembling TCP SIP traffic that happens to have trailing bytes (such as an extra \r\n sequence).
  • SIP: fix double frees that could occur when reassembling TCP SIP traffic.
  • Removed some internally defined OID consts and replaced them with ones defined by libwandder.

OpenLI 1.1.8

15 Aug 01:48
Compare
Choose a tag to compare
  • Collector: fix crash in sync_voip thread if an invalid SIP packet is encountered.
  • Collector: add a single zero byte to the list of recognised SIP keep alives.
  • Collector: fix crash that can occur if an IP is mapped to a RADIUS session more than once.
  • Add config option to specify the country where an agency has jurisdiction, which allows us to support country-specific requirements for HI1 operations and keep alive messages.
  • Keep alive messages for NL agencies now conform to the ETSI-IP.nl requirements.
  • Use -- instead of NA as the auth and delivery country code forkeep alives when we do not know the country code for the receiving agency.

OpenLI 1.1.7

23 Jul 22:33
Compare
Choose a tag to compare

From now on, we will not be automatically building .rpm packages for Fedora. Please contact us if this change is going to be a problem for you.

  • Collector: fix file descriptor leak caused by timers in SMS worker threads.
  • Collector: fix bug where a forwarder thread would be unable to exit if the collector is trying to shut down due to an error.
  • Collector: fix another race condition that can cause a collector to hang when it is being halted.
  • Collector: VoIP sync thread now recognises more SIP keep alive payloads (including eXoSIP keep alives) so will no longer complain about invalid SIP payload when these KAs are observed.
  • Collector: fix segfault that can occur if an IP data session is assigned to more than 5 IP addresses.
  • Collector: fix segfault in VoIP sync thread if the expiry timer for a completed call cannot be properly created (e.g. if we run out of
    file descriptors).

OpenLI 1.1.6

15 Jul 07:08
Compare
Choose a tag to compare
  • Fix incorrect encoding of userLocationInformation field.
  • Add support for defining port ranges for SIP and RADIUS servers, rather than having to create a config entry for each individual port number.
  • Add support for IMSI and IMEI as target identifiers for mobile data (IP) intercepts.
  • Added new parameter for IP intercepts: mobileident -- this is used to indicate whether the user identifier for a mobile data
    intercept is an MSISDN, IMEI or IMSI.
  • Add support for including SIP packets in pcapdisk output for VoIP intercepts.
  • Fix bug where mediators receiving messages from a collector via RabbitMQ would be disconnected due to regular consumer timeouts.
    This in turn should resolve issues where old IRIs or CCs would be periodically retransmitted by a mediator to the LEA.
  • Fix memory errors when reassembling TCP segments in the collector libtrace threads.
  • Generate error log messages when a component (either mediator or collector) cannot publish to RabbitMQ due to the connection being
    blocked.

OpenLI 1.1.5

10 May 02:36
Compare
Choose a tag to compare
  • Pcap output: fix bug where files were not produced for IP intercepts using a vendor mirror ID.
  • Pcap output: fix bug where changing a running intercept to use the pcapdisk agency would not produce any pcap files.
  • Mediator: do not produce "pcap file opened" log messages if the file has not actually been created yet.
  • Collector: remove target identities from collector log messages
  • SMTP: add ability to match automatically forwarded email by finding the target address in a RFC822 message header. The set of headers to search for must be defined by the user in the collector configuration file using the emailforwardingheaders option.
  • Enable TCP keep alives on all inter-component communication sessions to avoid the sessions being timed out.
  • Collector: fix issue that meant any socket-level errors on the connection back to the provisioner were not correctly detected, and therefore the session would appear to be up but no messages would get through.
  • SIP: fix bugs in TCP reassembly code that would prevent large SIP messages from being properly reassembled.
  • SIP: add support for URLs that use the tel: URI.
  • RADIUS: remove assertion failure if a RADIUS session is missing a NASIdentifier AVP.
  • RADIUS: do not attempt to remove IP->session mappings that should never have existed in the first place.
  • Email: fix incorrect ETSI encoding of email recipient lists.
  • SIP: the identity that appears in the P-Preferred-Identity header can now be used for target identification (but only if sipallowfromident is enabled on the collector).
  • SIP: fix issues with interception failure if multiple TCP SIP sessions use the same IPs and port numbers.
  • Mediator: fix bug where duplicate CCs and IRIs could be mediated to the agency if a collector reconnects after a previous disconnection.
  • Mediator: fix memory leaks that can occur if a collector reconnects after a previous disconnection.
  • Collector: fix bug that prevented subsequent intercepts from producing CCs if an LIID is re-used.

OpenLI 1.1.4

24 Jan 22:42
Compare
Choose a tag to compare
  • Add support for intercepting SMS messages delivered via SIP (i.e. when transporting SMS using an IMS).
  • IPMMIRI: include targetLocation field if a P-Access-Network-Info field is in the SIP header and the location is provided as a
    3GPP-E-UTRAN-FDD. targetLocation is encoded as a UserLocationInformation element within an epsLocation element.
  • POP3: fix oversight preventing POP3 identities from being extracted for sessions using the AUTH command.
  • Email: fix segfault if no user identity has been found for an otherwise authenticated session.
  • IMAP/POP3: fix bug introduced in 1.1.3 that would produce duplicate IRIs when the intercept target was the sender of the email.
  • IMAP: fix bug where PLAIN AUTH credentials could be replaced with garbage if the maskimapcreds configuration option was disabled.
  • POP3: fix bug where maskpop3creds configuration option was ignored.
  • SMTP: include all recipients in email-receive IRIs, regardless of whether they are intercept targets or not.
  • IMAP: fix segfault when processing compressed IMAP messages.
  • IMAP: fix segfault when parsing an incomplete UID command.
  • IMAP: disable "unmatched reply" log messages.
  • IMAP: do not generate IRIs for FETCH commands that do not fetch mail content (e.g. fetching FLAGS ).
  • IMAP: fix bug where upload IRIs were not including the mail sender.
  • Email: fragmented IP packets are now reassembled by email workers before processing.
  • Email: fix double-free on collector exit if a default email domain had been configured.
  • Pcap output: do not generate IRIs for VoIP intercepts that are being written using the pcapdisk agency.
  • Pcap output: fix bug introduced in 1.1.3 that was causing IPMMCCs to not be written to the pcap files.

OpenLI 1.1.3

13 Nov 23:47
Compare
Choose a tag to compare

It is strongly recommended that you upgrade to this version if you are running OpenLI 1.1.0, 1.1.1 or 1.1.2, as the mediator performance issues that have been fixed are significant.

  • Fix poor mediator throughput caused by suboptimal RabbitMQ usage.
  • Improved performance when writing intercepts to pcap files on disk using the pcapdisk agency.
  • Fix issue where intercepted records for pcapdisk intercepts would not persist in RabbitMQ for more than 60 seconds.
  • Fix memory errors in the mediator that occur when a RabbitMQ message is larger than expected.
  • SIP: fix issue where an INVITE sent by the callee (e.g. a codec update) would prevent the following RTP from being intercepted.
  • SIP: fix issue where a target would not be correctly matched if there were additional parameters in the SIP username.
  • SIP: fix issue where RTP would not be intercepted if a 180 message was used to announce an RTP port.
  • VoIP: fix bug where an intercepted call over IPv6 would be described as IPv4 in the IRI.
  • Added support for Cisco Tap as a vendor mirroring format.
  • Fix high CPU usage by the mediator if a collector has disconnected from it.

OpenLI 1.1.2

10 Oct 21:57
Compare
Choose a tag to compare

There are numerous bug fixes and small enhancements in this release:

  • Email ingestion: add support for PART_ID field and attempt to reorder received messages based on PART_ID value.
  • Email ingestion: fix segfault that can occur if an incomplete multi-part message is received by the ingestion socket.
  • Email ingestion: fix parsing failure caused by packet segmentation.
  • IMAP: fix interception failures when the COMPRESS extension is used by a session.
  • REST API: fix segfaults when using PUT to modify existing intercepts / agencies.
  • IMAP: fix bad regex that was causing problems when intercepting mail content containing unbalanced parentheses.
  • REST API: added new openliversion/ endpoint which returns the version of the provisioner software.
  • SMTP: emit all SMTP messages and replies as CCs, not just the DATA message.
  • SMTP: produce "email-receive" IRI if a recipient is an intercept target, i.e. if the email comes from an external mail provider.
  • SMTP: if present, use AUTH to derive the sender identity. Include sender validity info in IRIs.
  • SMTP: improve handling of unexpected or bogus commands, so now interception won't cease if we see a command we don't understand.
  • SIP: fix issue where RTP would not be intercepted if the "c=" field in the SDP announcement is after the first "m=" field.
  • SIP: don't crash if an authorization field has an empty username.
  • SIP: CANCEL will now correctly move an intercepted call into the end state.
  • HI1 Operations: send HI1 operations messages for intercepts with specific start and end times at the expected time, not when the intercept is configured.

OpenLI 1.1.1

31 Jul 06:22
Compare
Choose a tag to compare

In this release:

  • Add ability to encrypt CC and IRI payload, as per Annex G of ETSI TS 102 232-1 (AES-192-CBC encryption only thus far).
  • Fix bug where certain intercept config changes were not always passed on to collectors if the changes occurred while the
    provisioner was down.
  • Fix double free bug when halting the VOIP sync thread for a collector.
  • Fix bug where a RADIUS session could produce CCs but not IRIs, if the Username AVP happened to match a target CSID.
  • Fix linking failure if the collector is built on its own.
  • Correct various problems with the IMAP parsing for FETCH replies.
  • Fix segmentation faults when the email ingestion socket receives an incomplete message.
  • Fix memory errors in the REST API when a field is assigned an empty string value.