NeTraMet Version History ======================== v5.2 18 Jan 07 Config files reworked to build on Mac OS X (10.4). A few compile warnings cleared up. v5.1b20 4 Jul 06 Added compile-time option to dump DNS response records > -Z bytes long to file specified by -G option. Caution: sets SNAPSIZE to 65535, which will increase libpcap memory/processing load! v5.1b19 1 May 06 Added 'wildcard' pcap tracefile names to meter's -i option, e.g. NeTraMet -i 'c/20060110/*' -i 'c/20060111/*' Up to four directory or filenames can have one or more '*' characters; NeTraMet searches the directory tree, writing a file_list.dat - a file listing the actual filenames, one per line. NeTraMet then reads all the files in sequence. fd_extract used a Bit8 field for attribute numbers; changed to Bit16 to handle current (much bigger) list of attributes. v5.1b18 21 Apr 06 NeTraMet equality test for adjacent addresses wasn't working; fixed by changing MAC_address from union to struct in pktsnap.h v5.1b17 4 Apr 06 Meter changes: libpcap: test whether source is a file, only call pcap_open_live() if it's not. That way you don't need su privilege to read a pacp file. Implemented -E flag to say "don't require req/ response match" for DNS datagrams Implemented -Znnn flag to log DNS records > nnn bytes Set payload_len for UDP packets to wire length - encapsulation headers - IP header. UDPlen field in UDP header isn't always set correctly! v5.1b16 27 Mar 06 pkt_extract() now sets p_p->pktinfo_sz correctly for UDP packets, instead of always returning 0. Modified Makefiles so they don't try to build or use code in src/bgp (now badly out of date). Updated ./configure so it can handle amd64 machines properly. Fixed (Bit32)counts[] bug in bump_dist(). counts[] are 64-bit counters, so don't cast! v5.1b15 16 Feb 06 Added To/From DNSRecordSize attributes. Added 'G' NeTraMet option to specifiy name of file written by write_data(). Default is dns.log or stats.log, as before. v5.1b14 18 Jan 05 Wrote fix-c-date.rb; used it to update copyright dates in NeTraMet's files. Added simple.srl to the example rulesets. v5.1b13 19 Dec 05 New distribution: TurnaroundTime for DNS over TCP. Also rewrote / tidied up the code in actual_count() for packet-pair matching. v5.1b12 3 Nov 05 bug fixes for 5.1b11 v5.1b11 2 Nov 05 make_distrib_list() did not allow you to save OAMdata for an OAM trigger flow, i.e. one with OAMident != 0. That restriction has been lifted, allowing you to collect OAMdata sub-records for a trigger flow, even if there were no other flows in that OAM group. v5.1b10 22 Jul 05 Implemented reading from a libpcap (BPF format) trace file. That required a re-work of much of the libpcap code, since reading from a file via pcap has different behaviour to reading from a live interface. #Statistics data (aps and mps) were giving incorrect for libpcap interfaces. That has been fixed. Bug in setLastTime(): code assumed that InactivityTimeout (s) and ic_LastTime (cs) were both in seconds. Result was that the InactivityTime was mostly being ignored (default 1.2s) - instead the actual incative timeout was 2*meter reading interval. This has been fixed. v5.1b9 15 May 05 Changed locking scheme for dynamic distributions. We now lock them all with a single mutex, both when we update them in check_events() and when we read them in met_vars.c. That cures problems with rulesets having several *rate distributions getting different numbers of values in a single reading. Fixed code error in receive(), which decided whether an SNMP packet came from a -A address. v5.1b8 22 Mar 05 Added some options to limit SNMP access to NeTraMet meter. -B binds SNMP server to localhost, i.e. only SNMP clients on localhost can reach it -A hostname specifies a client that the meter will accept SNMP requests from. You may specify up to 10 such clients. One of them may be localhost. Default (neither -B or -A is used) leaves the ` meter open for SNMP from any client anywhere! Note: -B overrides -A; don't try to use both options on the same command line! v5.1b7 15 Mar 05 Fixed bug in dynanmic distributions. When converting list of actual values to histogram, set new bounds UpperLim by mistake for UpperLimit. That meant the fdf file has the upper limit specified in the ruleset, i.e. much too high. 12 Jan 05 Changes to make NeTraMet configure/make properly on Mac OSX. Two problems at this stage: - don't know how to find amount of phys memory or nbr of processors - include file conflicts prevent Make for libbgp v5.1b6 7 Jan 05 Improved the libpcap implementation of NaTraMet. It can now read libpcap trace files as well as dag trace files. Improved NeTraMet's program structure for libpcap. Each interface is handled by a searate thread, input_merge() is run is a seperate thread. The same structure is used for Dag interfaces in dd_ntm. v5.1b5 16 Dec 04 Implemented minstreampdus, (ltminstreampdus) and (ltminstreamoctets) attributes. v5.1b4 21 Sep 04 Changes to make NeTraMet configure/make properly on OpenBSD v5.1b3 11 Aug 04 Implemented 'min packets for stream' feature for NeTraMet. NeTraMet -K nn option tells meter it should not match a stream, i.e. find out which flow(s) it matches, until nn packets have been seen for that stream. This means that flows are only created for 'large' streams, which is useful when you're collecting flows for usage accounting. NOTE: I'll implement an attribute which lets you specify MinStreamPDUs within a rulset - that way you can have one ruleset which only counts big streams, and a second which just counts all packets. The difference in PDU/Octet counts will tell you how many PDUs/Octets were not matched into flows. 9 Aug 04 When using Dag cards (dd_ntm meter), the meter's -l option was set by default, i.e. IP packet length was used for packet length. Now -l is set only when -g0 is used, i.e. for old ATM Dag cards, which couldn't report a packet's on-the-wire length. 8 Aug 04 Change/bug fix for meter_ux.c: for Dag cards we used to set use_ip_length by default, now we don't (if you use Dag cards on an ATM link you need to set it using the -l option for dd_ntm). pkt_from_dag_record() was using ntohl() to get the wlen value for Ethernet Dag cards, corrected that, now it uses ntohs()! 6 Aug 04 Bug fix for NeMaC: "bad attrib (-1)" message for formats with a trailing separator, then a space before the ; - e.g. ... ToBitRate ")" ; nmc_pars.c wasn't checking for ; when looking for the next attribute. 3 Aug 04 Change to meter garbage collection: always run garbage_collect at 2s intervals, set flows-to-test so as to test every flow twices during each meter reading interval. That allows the garbage collector to track peaks in the flow table, without doing lots of unneccessary testing. 2 Aug 04 Implemented -Y meter option, specifies OAM timestamps will be in sysup time; default is Unix epoch timestamps. Did that my making microseconds() work in Unix time, provided routine to convert that to sysup TimeTicks for Stream/Flow FirstTime and LastTime. 30 Jun 04 Rewrote command-line parsers for NeMaC and NeTraMet, using *ix getopt(), so as to provide better checking for missing parameters, etc. 27 May 04 Bug fix for NeMaC: -M option wasn't working, it was using ms->meter_minPDUs, should be ms->ci_minPDUs! (meter_minPDUs only means that the meter implements this feature, wheras ci_minPDUs is the value from the command line.) v5.1b2 26 Apr 04 released 2 Feb 04 Bug fix for dd_ntm: freebsd dag_offset was busy- waiting on reads, and next_dag_record() didn't check for 0 pkts read! It does now, and uses nanosleep(1.2ms) to wait before trying the read again. v5.1 31 Jan 04 released 5 Jan 04 NeMaC now has new options, as follows: -z Write gzipped flow data file -G FIS Set Gzip flush interval (seconds). Default is to flush every 30 minutes -T Write flow data to stdout (can't be a gzipped file) fd_filter now has new options, as follows: -z Read gzipped flow (and trailer) files -Z Write gzipped difference file -F DIF Write difference file to file DIF ./configure tests for zlib; if it's not installed NeMaC will build and run properly, but the gzip- related features won't work. Large files (LFS, i.e. > 2 GB): NeMaC and fd_filter will read and write these, provided the host OS supports it. To do this we set the O_LARGEFILE flag (from Linux fcntl.h) when we open() a flow data file. Bug fixes for 5.0: - NetFlowMet didn't work; thanks to Paul Rolland for his meticulous bug reports. - dd_ntm crashed after ~1.5 days; improved locking of flow table to prevent conflict between match() and garbage_collect(). v5.0 8 Dec 03 First release of NeTraMet++ v5.0b4 5 Dec 03 Implement TotalStreams, TCPStreams, UDPStreams and TwoWayStreams attributes. These are simple counters for a flow. Fix bug revealed by TwoWayStreams: lookup_stream_helper() didn't always set the direction value (ow) correctly. Allow 'public' to be used as an SNMP write community name. If you start a meter with -wpublic, the meter sets -rPUBLIC. v5.0b3 23 Nov 03 Users need to set a sensible -t value when starting a meter. Use 'S' at console to see how stream handling is going. Other small improvements: --help displays command-line options for NeTraMet, dd_ntm, NeMaC and nm_rc NeMaC and nm_rc use install default filename for the RTFM Meter MIB, i.e. /usr/local/share/NeTraMet/mibs v5.0b2 30 Oct 03 Fix bug in 'dynamic' distributions. In flowhash.c, failed to set pointer to distribution when copying first 100 data values back into bins. Result was to loose those values, or to write over memory causing meter to crash. Make NeMaC reset statistics for a meter only after reading the last of its rulesets to specify 'statistics;' Effect is that #Statistics records are consistent across rulesets. v5.0b1 2 Aug 03 Extended snmp handling in NeMaC et al to cope with SNMP PDUs greater than 1500 bytes. When nmc_snmp sees this, it splits the attribute list in two, and uses two SNMP reads to retrive the flow data. This allows you to retrieve more distributions with greater number of bins. However, it does this by doubling the number of SNMP reads - be careful when reading large numbers of flows! 28 Jul 03 Implelemented packet/byte density and stream count distributions in stream lifetime space. Added code to handle MPLS shim(s), these are simply skipped over. 22 Jul 03 Fixed bug in IPv6 packet decode. Wasn't handling next-headers properly, so didn't recognise packets with Destination Options headers. v5.0b0 9 May 03 Implemented stream-caching Implemented new interface attributes: - ObsInterface, to get one-way flows - PairInterface, synonym for SourceInterface, but allows stream caching. [Caution: use only when Interface is NOT used to define flows.] v4.5b10 9 Jun 03 v4.5b9 21 Oct 02 v4.5b8 21 Oct 02 fd_filter crashed when using a format with a \t separator following an address. get_value() in fd_parse.c now looks for space and \t as address delimiters. (Bug reported by Raymond Hughes) Implement -t option for fd_filter. Russell Fulton has re-written fd_filter, changing it's structure so that it can 'tail' a flow data file. For example fd_filter -t filter.flt flows.fdf > flows.dif will watch the input flow data file (flows.fdf). Whenever NeMaC writes more records to that file, fd_filter will compute differences and write their records to its output file (flows.dif). v4.5b7 13 Sep 02 Implement VLANid, Priority and ECNCodeBits attributes. These get the following data: VLANid 802.1q VLAN-id } Layer 2 802.1 Priority 802.1p Priority } tag (4 bytes) ECNCodeBits RFC 3168, Explicit Congestion Notification for IP In SRL you can test (e.g. if VLANid = 7 ..) and you can save VLANid, Priority and ECNCodeBits. This provides three attributes relating to QoS: DSCodePoint, ECNCodeBits and Priority. Note that since these three attributes appear only once in a packet, they can't be used to determine the direction of a flow! v4.5b6 26 Aug 02 Rework thread implementation, make sure linked structures are properly locked while being modified! Implement two-way input merge in separate thread for libpcap NeTraMet. This is needed for the Gigabit Ethernet meter so that it can observe both directions of a link via two (receive-only) interfaces. Implement ECNbits attribute. This holds the value of the ECN field (RFC 3148) from the first packet seen by the meter for a flow. Implement STREAM_TO_FLOW compile-time option in NeTraMet. One can now set Parameter1 for a FlowTime distrubution to a non-zero value, t. After one of the flow's streams has been active for t seconds, the meter will create a flow for it, and therafter update its counters. Implement TCPStreamData attribute. This provides information about the RTT (as observed by TCP) for a single stream. It can be read for flows created by STREAM_TO_FLOW (see above). Clarification for the To/From InterarrivalTime distributions. If the packet-pair matching parameter (Parameter1) is zero, i.e. no pair matching was specified, interarrival times are measured for all packets in the flow. If Parameter1 is 7 (PP_OTHER) interarrival times are measured for each stream within the flow, producing a distribution of interarrival times for all the streams within the flow. v4.5b5 13 Aug 02 NeMaC wasn't setting ciTimeMark, so OAM never read any OAMdata from the meter. Now, unless 'standard' MIB use is requested (NeMaC -S), TimeMark and MinPDUs (non-standard attributes, implemented for nifty) are always set. v4.5b4 3 Jul 02 Fix fd_data.h bug, conflict between oamdata and d_tooctets attribute numbers. Changed to use int for attribute numbers instead of unsigned char; reflected this change wherever attribute numbers were used. v4.5b3 2 Jul 02 Implement OAM attributes [Suggested by Thomas Lindh] 30 Jun 02 Improve NeTraMet garbage collector by walking along flow chains for each ruleset, rather than just doing linear passes through the flow table. v4.5b2 29 Jun 02 Make Source/Dest Interface 16-bit (it was 8), so that NetFlowMet works properly with interface numbers > 256. Interface numbers can be tested, saved, and can appear in format statements. [Patches provided by Hendrik Visage] 29 Jun 02 Patches to SRL compiler to - Allow defines to have > 10000 characters - Allow *Mask attributes to be used in format and save statements [Fix for problem reported by Riaz Nadeem] 28 Jun 02 Lots of miscellaneous fixes to correct glitches found by Compaq/Digital Unix cc compiler. 25 Jun 02 Write ##fd_filter: header record. Output file now records which filter and input file were used when fd_filter was run. 10 Jun 02 Change snmp apps snmptest, snmpbulkwalk, and snmpwalk to use -m to specify snmp port number (like NeTraMet and NeMaC) as a synonym for -p. 9 Jun 02 Fixed srl compiler bug; optimise 3 wasn't checking that all terms in an OR tested the same attribute. Result was a false 'duplicated in OR group' message, and bad code emitted (some terms were not being tested for!). 4 Jun 02 Fixed bug in asn_parse_int(). BER lengths between 128 and 255 gave an erroneous 'negative integer' error message, which appeared in NeMaC's log file as 'unparsable snmp PDU'. 3 Jun 02 active_flows() is called from one_second_process() It scanned the flow table counting active flows. Changed so that recoverable_flow counters are kept for each ruleset. They're counted during flow data collection, and decremented by garbage_collect(). This greatly reduced the percentage of processor time spent in active_flows(). v4.5b1 2 Jun 02 Multi-threaded meters. NeTraMet and dd_ntm can now be multithreaded. Both use separate threads for outer block (snmp request handling), packet matching and packet counting. dd_ntm runs a fourth thread to merge packets input from dag cards. I've used the Posix Threads semaphore library written by Tom Wagner (wagner@cs.umass.edu), see http://centaurus.cs.umass.edu/~wagner/ threads_html/tutorial.html To create threaded meters, specify -DMULTI in the meter Makefile. Note that a multi-threaded dd_ntm can't read a Dag trace file; you have to use a single-thread dd_ntm for that. 1 Jun 02 Changed log_msg() in nmc_pars.c to add trailing \n to message text (i.e. same as in met_vars.c). Changed log_msg() calls in libsnmp and manager programs to remove trailng \ns. 27 May 02 NeMaC wasn't recovering when a meter restarted. Changed nmc_snmp and nmc so that - failure to set reader LastTime doesn't clear write_OK for that meter - when NeMaC fails to set reader LastTime, it zeroes reader and ruleset indeces while calling meter_info(). These changes allow NeMaC to detect a restarted meter (download rulesets, start new readers), as distinct from an SNMP reachability failure (keep using current/standby readers/rulests). 7 Mar 02 Added LastActiveTime attribute to srl, NeMaC and fd_filter, as a synonym for LastTime. RFCs 2720, 2722 and 2723 all refer to this attribute as LastActiveTime! Add -M option to NeTraMet et al. -M /home/nevil/xxx.log specifies the filename for NeTraMet's log file (intriduced in 44b9). v4.4 20 Feb 02 SNMP security issues. I've tested NeTraMet's SNMP code using the PROTOS test suite. A test for negative lengths in the ASN.1 parsing code has been added - that was the only change needed. The SNMP routines (in snmplib/) perform a lot of parameter checks, and calls on an ERROR() define. By default ERROR does nothing. If you're tesing an SNMP manager against NeTraMet, you can turn those messages on by adding -DDEBUG to the CFLAGS= line in snmplib/Makefile and rebuilding the snmp library. Change 'interface number' attributes to use 16-bit integers instead of 8-bit. This can be useful when using NetFlowMet. v4.4b11 25 Nov 01 Implement -C option for nm_rc, exactly as in NeMaC. This allows you to use nm_rc to test rulesets against trace files being read by crl_ntm or dd_ntm. Sample commands to do this are: ./crl_ntm -T5 -m1234 -Strace_file -wW~com ./nm_rc -C -m1234 -rpeers.rules localhost W~com Note: you need CoralReef version 3.5 to build crl_ntm! Speed improvements in flowhash: - move code which doesn't need to be executed on every call outside blocks in match() - implement list of running rulesets, instead of doing serial searches of ri[] table - use 32-bit hash values for flow and stream hash tables, use table size specified by user (rather than trying to pick a prime above it - that doesn't help, since we use a set of distinct primes for hashing) Use long long integers (8 bytes) for counter64 if the host supports them. Newer Pentiums do, this provides a useful speedup. Change 'shutdown' request character. It was a single ESC, but it's too easy to hit a key which sends an escape sequence! Now you have to type ESC ESC Return to shut down the meter. Fix little problems which gave warning messages when building NeTraMet on an alpha running Digital Unix. The configure script wasn't recognising the OS correctly; this didn't cause problems because none of the programs have defines testing this any more. MinPDUs gave compilation errors on alpha, fixed by adding c64geint() define. Linux kernel reset promiscuous mode when forking a NeTraMet daemon. Changed meter_ux.c to fork first, then open the interfaces. NeTraMet, NetFlowMet, LfapMet, crl_ntm, dd_ntm (i.e. all the meters) write error messages and summary information to a log file using log_msg(), in the same way as NeMaC. The name of the log file is meter.log, it will be written in the directory where the meter starts running. v4.4b10 23 May 01 LfapMet: RTFM meter for LFAP, code contributed by Remco Poortinga, Added files in src/meter - README_LfapMet Notes about LfapMet - lfapmet.h LfapMet globals - lfapmet.c LfapMet support routines Added two new MIB variables to reader row, MinPDUs (default 0) and TimeMark. A flow must have at least MinPDUs either to or from before it will be read by a meter reader. TimeMark is needed to associate an SNMP getnext request with a particular reader. MinPDUs can be set using the -M option. nifty default is -M20, NeMaC default is -M0 Improved save.sav so that it only saves the files we really need in the NeTraMet distribution. v4.4b9 11 Apr 01 Fixed bug in NeMaC include statement. getarg() no longer allows semicolon in an argument. Fixed srl compiler bug; optimise 3 wasn't recognising the end of AND expressions properly. NeMaC could fail to open a flow data file (e.g. because it already existed with no write access); it now reports this and doesn't try to run that meter/ruleset. NeTraMet Coral interface improved to handle two Dag cards properly. Reads blocks of cells from each then merges them by timestamp. NeTraMet uses -Siii to specify a Coral source (instead of -C'source iii' *****). v4.4b8 8 Aug 00 Fixed bug in fd_extract.c; needed to use attr_ix[a] when listing column info. Modified nmc_snmp so as to report (via log file) size of "only one package" SNMP pDUs. This required adding pdu_len to both snmp_pdu and internal_snmp_pdu in snmplib. srl compiler was warning when user redfined a well-known port, but ignored the new definition. This has been fixed, the new definition is used instead of the default well-known port number. Corrected ntm_conf.hin file so that it has ALL the defines tested for by configure.in. It was missing several, including WORDS_BIGENDIAN, Changed configure.in to improve matching of operating system name when setting the OS define. Fixed bug which prevented rate distributions from being collected (this worked properly in 4.3). A test that an event (to which the distribution could be linked) existed was wrongly implemented. Fixed bug reported by Dylan Hall, 31 May 00 NeTraMet -l options wasn't working because pp.p_len was being overwritten. Deimplemented TCP_ATR define. TCP attributes are now implemented as part of the new attributes, controlled by #define NEW_ATR. v4.4b7 22 May 00 Increased size of symbol and label tables in srl compiler, to allow compiling of *much* bigger programs. [Bug report and patches supplied by Carsten Schmoll, 15 Mar 00] fd_filter now allows != as well as == operators in tag descriptions. This allows you to create a tag for bidirectional flows, e.g. tag 3 ToPDUS != 0, FromPDUs != 0; The srl compiler now allows Ruleset names to be identifiers, not just integers, e.g. set my_big_ruleset; Ruleset names must be <= 16 characters long. A CoralReef version of the meter, crl_ntm, has been implemented. You can use crl_ntm to analyse CoralReef or tcpdump trace files. crl_ntm has tree new command-line options: -C'source fn' Tells meter to read file fn -T sss Specifies the NeMaC sample interval (default 10 seconds) -N nnn Specifies the number of intervals (default 0, i.e. process whole file) NeMaC has a new command-line option too: -C Tells NeMaC that this meter is runing from a Coralreef trace file v4.4b6 22 Feb 00 Change to using autoconf Configuration Header File. The ntm_conf.h file (in the base directory) is now included by all the source programs. It contains all the options detetected by autoconfigure, together with some defines giving NeTraMet's version number. One advantage of this is that there is a lot less text displayind while Making Netramet. When NeMaC is shut down gracefully (by a SIGTERM or SIGINT) it will now collect the flow data gathered since the last collection for all the meters it is controlling. [This change was suggested by Robert Strycharczuk, 10 Feb 00] NeTraMet (on Unix and Cygwin32) has been extended so as to handle PPP interfaces. PPP flows are assumed to be IPv4 (the most likely possibility), they have AdjacentType AT_PPP (i.e. 23) and AdjacentAddresses 0. [This change was suggested by Gerald Richter, 10 Dec 99] When displaying domain names instead of IP addresses, nifty may have to wait a long time for the DNS response. It now displays a 'cross-hair' cursor while waiting on DNS. nifty.srl has been modified to plots diamonds instead of pluses for multicast flows. Port NeTraMet to MS Windows, using the Cygwin32 environment and WinDump's BPF drivers - ported libpcap to cygnus+windump - changes to meter_ux for CYGWIN32 (can't assume that pcap files work with select) - changes to snmpapi.c and snmpclnt.c (Cygwin32 doesn't have `timerset' defines) v4.4b5 12 Jan 00 Allow fd_filter to have character constants in tag specifications, e.g. DestKind = 'F'; Fix bugs relating to ASNs looked up using OCX_BGP (i.e. in a bgp.txt file). These were - Lookup wasn't being done if DestASN was saved but not SourceASN - S/D ASN attributes weren't being set to zero if the IP Address lookup failed (i.e. when we couldn't find its ASN). Correct Makefile.in files to set GF variable (it was $GF by mistake). v4.4b4 16 Nov 99 Update mib.txt to use RFC2720 version. Add support for NetBSD on Alpha: * Use XtPointer in nifty source, cast to IntFromPtr when values are used * Set __unix__ = !defined(DOS) in btypes/types.h * Use POINTER_DATATYPE instead of Bit32 for subnet pointer arithmetic in integrat/subnetd.h * Cast bytes to counter64 in getcounter64() in manager/nmc_snmp.c * Recognise NetBSD in configure.in * Change source to use !defined(DOS) instead of defined(__unix__) v4.3 30 Sep 99 Added a GFLAG variable to the configure.in script and the Makefiles. By default this is null. Set it to -g to build executeables which have symbolic information for debugging. Replaced mib/mib.txt with a new version, using the 'Proposed Standard' RTFM Meter MIB. Added config support for Alpha (Tru64 Unix) systems. This corrects several bugs introduced since 4.2; they only showed up on a 64-bit machine. * The Tru64 C compiler is much more 'picky' than gcc! Cleaned up the source so as to get rid of warning messages * Change snmp library so as to use Int32 for ASN.1 INTEGERs and Bit32 for TIMESTAMPs. The original CMU code used 'unsigned long' for both. Made corresponding changes to the meter and manager programs. NeTraMet and NeMaC as daemons: -D option * NeMaC ./NeMaC -D runs NeMaC in its own Unix session * NeTraMet ./NeTraMet -D and ./NetFlowMet -D runs the Unix and NetFlow meters in their own Unix session. Before doing so it disables the screen and keyboard, so -k -s are implied by -D. CAUTION: -d turns on diagnostic dumps of the SNMP packets. Don't set this by mistake for -D! Implemented command-line defines for srl. For example ./srl -DW=16 "-Dext = DestPeerAddress/24" xxx.srl defines w to be 16, and EXT to be DestPeerAddress/24. Note the quotes around the second define; they are required if the define text contains blanks. Modified NeMaC ruleset parser to skip dots and digits at the end of addresses. This allows it to download rulesets produced by an srl compiler compiled with the V6 option set even if NeMaC was compiled with the V6 option not set. v4.3b10 26 May 99 Support for IPv6 * Controlled by V6 option in the source files. To enable this: a) If you run autoconf to build the Makefiles change AC_DEFINE(V6, 0) to AC_DEFINE(V6, 1) before running autoconf b) Otherwise, in the configure script change #define V6 0 to #define V6 1 before running ./configure * The SRL compiler allows V6 addresses, as specified in RFC 2373. Although v6 addresses have a fairly simple form, it's easy to get it wrong. The compiler tries very hard to produce helpful error messages for them. * The NeTraMet meter handles v6 packets, returning them to the manager with SourcePeerType = IPv6 (IP and IPv4 are synonyms for IP version 4) * The managers (NeMaC, nm_rc and nifty) display IPv6 addresses as per RFC 2373. * fd_util and fd_extract handle IPv6 addresses properly. Other changes * SRL compiler will allow redefinition of 'built-ins,' i.e. well-known ports, address families and transport types. A warning is given telling the user what was declared. * Lots of bugs fixed in SRL compiler handling of syntax errors. These either crashed the compiler or sent it into infinite loops while reading the source program. v4.3b9 16 Feb 99 * The distribution file now has TCP_ATR set by default, so that the TCP-based attributes are available for use. So as to minimise the meter default memory requirements, several new memory-allocation command-line options have been implemented. The complete set of these is now: -f fff Max of fff flows -u rrr Max of rrr rules -b bbb Max of bbb TCP flows <<< NEW -t ttt Max of ttt TCP streams <<< NEW -v ddd Max of ddd distributions <<< NEW -e eee Max of eee distrib events <<< NEW * Implement ASN lookup in NeTraMet meter. This uses Joel Apisdorf's bgp code from OCxMON. The src/meter Makefile contains variable USE_OCX_BGP, which is commented out by default. Uncomment it, and make will include ASN lookup in the meter. To use it: a) Set the environment variable DEFAULT_AS (I set it to my own AS number) b) The meter starts up by reading a file, bgp.txt. You can create this file for your own network using SHOW IP BGP on a Cisco router. NOTE: a full bgp routing table will take 5 to 10 MB of memory space on the meter. c) By default the meter looks up 'next-hop' ASNs, i.e. the ASN the router would send packets to. The command-line option -o will look up 'owner' ASNs instead. v4.3b8 4 Feb 99 * Implement distribution-valued attributes in fd_filter * Fix memory management problems for TCP subflows in meter. Implement TCP-related distribution attributes in meter, NeMaC, fd_filter and srl. v4.3b7 8 Jan 99 * Implement TCPdata attribute in fd_filter * Fix NEW_ATR vs TCP_ATR bugs in meter_ux.c and nf_fwd.c v4.3b6 23 Dec 98 * Fix bugs concerned with intermixing of NEW_ATR and TCP_ATR v4.3b5 26 Nov 98 * Fix bug in SRL compiler, which wasn't distinguishing between save sourcetransaddress; and save sourcetransaddress = 0; v4.3b4 25 Nov 98 * Fix endian problems in netFlowMet, reported by Kevin Hoadley. v4.3b3 16 Nov 98 * Set up new CVS repository to make it easier for co-developers to submit code changes / suggestions. v4.3b2 12 Nov 98 * Aufoconfigure changed to test for Motif, since nifty requires Motif as well as X. * Support for FreeBSD: changed source files so as not to include malloc.h on systems which don't have it! * Documentation error for NeMaC. Command line option -P specifies open-append-close behaviour for the >>log<< files only. It was previously documented (see below) as doing this for flow data files only. v4.3b1 23 Oct 98 Changes contributed by Nicolai Guba (BT Labs) .. * Command-line help is dispayed if no options are specified for NeMaC, nm_rc NeTraMet (Unix meters, not PC meters) NetFlowMet * -b mmm command-line option Tells NeMaC and nm_rc to read the mib from file mmm. * The NeTraMet distribtion file, and the way you install NeTraMet on a host has been changed to make it more like the GNU programs. The executable files are no longer in separate directories. Instead (by default) they are built in the src/ directories. To install NeTraMet into directory xyz you can simply ./configure make install OCxMON meter improvements .. The NeTraMet meter now allocates as much of its memory as possible when it starts up, so as to minimise allocation overhead. Space for rulesets is allocated at startup, with a default maximum of 2000 rules total for all rulesets. * New meter command-line option: -u nnnn allocates space for a maximum of nnnn rules v4.2.2 16 Nov 98 * Correct bug in nmc.h (inconsistency introduced when de-implementing 'detail' as synonym for 'trans' in attribute names. This caused NeMaC and friends to crash v4.2.1 2 Oct 98 Patch release .. * NeMaC crashed with Owner names longer than six characters. This was because SET_STRING only ever allocated RULE_ADDR_LEN chars! * SRL programs which start with an imperative statement now start with a GotoAct, Next rule. Without this they don't work! * fd_extract and fd_util now handle 64-bit counter attributes (e.g. topdus) properly. 'Editorial' improvements have been made to the fd_util manual. * A memory leak has been fixed in the SNMP snmpapi.c. Error logging has been added for snmp error/info/debug messages; these now go through log_msg(), as used for other NeMaC errors. v4.2 5 Aug 98 * The distribution file has been changed so that it no longer has subdirectories for the various operating systems. The best way to install NeTraMet is to use autoconfig; see the INSTALL file in the autoconf/ directory. * The 'os-specific' directories are no longer included in the distribution file. Users must build the version they need using configure in the autoconfig directory. SRL Compiler * The program srl is an optimising compiler for SRL, the Simple Ruleset Language. SRL is documented in an Internet Draft, available from the NeTraMet and RTFM home page. srl [options] source compiles the file 'source', producing a rules file ready to be used by NeMaC. Source files will normally end with .srl and rules files with .rules. For example srl test-prog.srl produces test-prog.rules. Compiler options: -l List source program -s Syntax check only -ann 'Assembler output' level N nn=0, rules in numeric form only. nnn Requires NeMaC v4.2. nn=1, attributes and actions given as words. This is the default. nn=2, as for nn=1, but don't delete intermediate files. -Onn Optimisation level. nn=0, no optimisation at all. nn=1, peephole optimising to delete redundant rules from intermediate files. This is the default. nn=2, optimise tests by mask length within expressions (shortest masks first, after allowing for overlapping addresses/masks). nn=3, as for nn=2, but optimise expression between if clauses and between statements. * srl extends the language (as described in the Internet Draft by adding a number of extra statements: include fffff ; Will read all the text from file fffff. includes may be nested (i.e. an include file may include other files). srl looks for the file in the same directory as the source file. optimise nn ; optimise * ; optimise ; Allows you to change the optimisation level as required for different parts of your program. optimise ; resets the level to the value specified on the command line. optimise * ; is used to indicate breaks between optimised expression groups . set nn ; format aaa .. aaa ; statistics ; These three statements are passed on (via the output file) to NeMaC. String constants in a format (specifying separators in flow data files) may include C-style constants (introduced with a \). * A collection of SRL programs is provided in the examples/srl directory. v4.2b5 11 Jun 98 * Fix bug in getting reader_name. This prevented NeMaC et al from reading any flows from the meter! * Use riFlowRecords instead of msNbrFlows for ms->NbrFlows. This means that nifty will display only the total flow for its current ruleset; it used to display the total number of flows for all rulesets. v4.2b4 3 Jun 98 * Use LastTime instead of sysUptime to get meter time in NeMaC, nm_rc and nifty. * Fix bugs in SNMP library which caused early timeout of some SNMP packets. v4.2b3 22 May 98 * Implement better hashing algorithm for flow table and rulesets. Multiplies bytes of peer and trans addresses by small primes, and uses larger primes as the size of the various hash tables. * Fix sundry bugs revealed in beta testing. v4.2b2 11 May 98 NetFlowMet (NeTraMet + NetFlow = NetFlowMet): * A new version of the meter has been added to the distribution. This takes NetFlow data from a Cisco Router (I've tested it using a 7200) and uses this to build the flow table. To start NetFlow on a router (in brief): - start NetFlow on each interface [no] ip route-cache flow - start exporting the NetFlow data [no] ip flow-export is the address of your NetFLowMet meter, is the port NetFlowMet will use to recieve the data. You may specify the udp port number by using the -i pppp option on NetFlowMet's command line. If no -i option appears, port 9996 is used. You may specify up to four port numbers by giving a list of -i options, e.g. -i 12001 -i 12002 -i12003 would listen for NetFLow data on UDP ports 12001, 12002 and 12003. NetFlowMet provides five new attributes which can be used in rulesets: + MeterId (8 bits, mask 255) Index in -i option list, e.g. port 12002 above would produce flows with MeterID = 2. + SourceASN, DestASN (16 bits, mask 255.255) Autonomus System Numbers for source and destination networks. These may be "Origin" or "Peer" ASNs; you must specify which when you start flow export from the router. + SourcePrefix, DestPrefix (8 bits, mask 255) Mask length for source and destination IP addresses (i.e. SourcePeerAddress and DestPeerAddress). Changes in downloading rules: + A hashed search is used when translating rulesets. This should speed up the translation process by a factor of 10x to 20x (NeMaC). + Rules are now downloaded 10 at a time. This dramatically reduces the time taken to download rulesets (NeMaC). + A meter bug which prevented downloading of rulesets with more than 32767 rules has been fixed (NeTraMet). Changes to NeTraMet: + When grabbing the value of an attribute from a packet header, NeTraMet didn't check that enough bytes were read. This could have caused problems with TCP packets with lots of IP options. NeTraMet now checks the data is there before grabbing values from it. If it's not, zero is used instead. Changes to NeMaC: + When NeMaC is shut down gracefully (by a SIGTERM or SIGINT signal) it now shuts down the tasks it is running on all its meters. It used to leave them running, which matched what happened with v3 meters and managers. + #EndData record added at end of every sample in flow data files. This allows real-time processing of flow data - without this one had to wait until the next sample started. + The Unix SIGUSR1 signal is used as to indicate that NeMaC should start a new flow data file. This provides an alternative to using a 'flag' file to do this. + The Unix SIGUSR2 signal is used to switch testing on and off. + New command line option: -Y logname tells NeMaC to send log messages messages to syslog. Specifying -L logname writes the log to the file 'logname'. Specifying -Y logname writes log messages to syslog, with 'logname' as the identifying program name within syslog. You may specify both -Y and -L; this writes the messages to both places. If no logging is specified, the log will be written to a NeMaC.log.nnn file, as usual. If you wish to use the -Y option, you must modify the Makefile (probably autoconf\manager\Makefile.in) to define the variable LOG_LOCAL. + Changed behaviour when a meter fails to respond to NeMaC's attempt to start it. NeMaC used to ignore such meters; now it polls them and will download rules when they restart. + Fewer messages for 'normal' running. Set the 'verbose' option (-v) if you still wish to see messages like 'xxx rules downloaded' + Fixed 'file handle leak' bug, which used to cause NeMaC to crash after many attempts to contact a non-responding meter. v4.1 24 Nov 97 Production release 4.1 * Documentation files are now in PDF format on the NeTraMet home page, i.e. http://www.auckland.ac.nz/net/Accounting * The PC executable files have been separated out from the 'distribution' file. They're in the file ntm41-pc.zip. v4.1b15 22 Sep 97 * Use WORDS_BIGENDIAN and SIZEOF_LONG defines to implement native Alpha code for get and put of 64bit counters. Use autoconfig to build this if you want to try it (see below). v4.1b14 9 Sep 97 * Fix 'endian' bug in nmc_c64.c (which produced impossibly big counts in flow data files when running NeMaC on linux). These changes were implemented using the WORDS_BIGENDIAN define in autoconfigure. The recommended method of building NeTraMet is to use autoconfig; see the INSTALL file in the autoconf/ directory. * Fix ASN1 OID encoding bug. Symptoms were that the NeTraMet meter would run normally for about 30 days, then start sending back flow data packages for flows which hadn't been active. * Change PC meter to initialise uptime counter before starting packet drivers. v4.1b13 17 Jul 97 * Owner names for NeMaC, nm_rc and nifty A new parameter, the 'owner name' has been added for these programs. It is an alphameric identifier, up to 16 chars long. The owner name is used to identify rulesets, manager tasks and meter readers in the meter control tables; this is neccessary when the meter is running more than one rule set. The owner name follows the write community name on the command line or config file line. * #Ruleset records in flow data files: RuleSet numbers in flow data file records no longer refer directly to the SET number as they did in v3. Instead they refer to a ruleset's row in the meter RuleInfo Table. The flow data file includes a new # record to indicate the SET number for RuleInfo rows. Their format is as follows: #Ruleset: x setname rfname owner x is the RuleSet number, as it appears in the flow data records setname is the name from the SET statement (for v3 AND V4.1 this is an integer) rfname is the name of the rule file owner is the owner name for this ruleset v4.1b10 30 Jun 97 * New manager option: -E nn Specifies the timeout (in seconds) for rEeader rows. If collections stop (e.g. because a manager has failed), the meter will delete the row after this time. The default is 0, i.e. the row will never time out. * Change to manager option: -h pp Specifies HighWaterMark for a manager task. In v3 the meter default was 65 (percent). In v4.1 the default is 0 (no test for high water). * MatchingStoD attribute: The attribute 'matchingStoD' is set by the Packet Matching Engine. Its value is 1 if the packet is being matched with its address attributes in 'StoD' order, (i.e. as they appear 'on the wire'), and 0 if the packet is being matched with its addresses swapped. See RFC 2063 for a detailed description of packet matching. * NeMaC keywords: 'nomatch' is now a synonym for 'retry.' This name was discussed at the Montreal RTFM WG session, and is used in the ruleset examples given in RFC 2123, "Experiences with NeTraMet." v4.1b4 22 May 97 SNMPv2, 32-bit PC meter * NeTraMet and its manager/readers (NeMaC, nm_rc, nm_st and nifty) all use SNMPv2 instead of SNMPv1. They now implement the Meter MIB of RFC2064 (and the newer RTFM Internet Draft which updates it). The most significant effects of this are: v4 meters can run multiple rulesets simultaneously, and 64-bit counters are used for packet and byte counters. * v4 managers will work properly with v3 meters. v3 managers, however, will NOT work with v4 meters. To change to using v4 you should change your managers first, then your meters. * There are two changes to the format of flow data file records: Dates now use four digits for the year (1997 instead of 97) The integer values used for PeerTypes have changed. You should not be affected by this unless you have analysis applications which use PeerTypes to distinguish flows. * The 32-bit version of the PC meter uses all available memory. 16 MB of memory should allow it to handle a table of 100,000 flows or more. The readme.txt file in the ntm41-b4.zip file gives detailed setup instructions. New options in Meters (PC and Unix): -m pp specifies the IP port number to use for SNMP. Default is 161 -l specifies that meter should use the length field from IP headers for the number of bytes in IP packets. Default is to use the MAC (hardware) packet size. v3.5 6 Sep 96 Multiple ethernets for the PC meter: * The PC meter (netramet.exe) can now handle up to four interfaces. New command line options allow you to specify the interfaces, as follows .. -i nn specifies that the packet driver using software interface nn (decimal) is to be metered. e.g. -i96 would meter interrupt 0x60 -h nn as above, except that if you have a packet driver which implements the 'high-performance' driver specification, NeTraMet will take advantage of it. -I nn as above, except that no metering will be performed on this interface, instead it will be used only for IP packets to or from the meter. If no interface is specified as 'IP only,' the first interface appearing as a -i or -h option will be used as the meter's IP interface. v3.4 8 Aug 96 nifty: an X/Motif 'flow analyser' program * Presented to RTFM WG at the Montreal IETF as 'NetFlow,' renamed to avoid confusion with Cisco's 'Net Flow Switching.' Changes to NeTraMet: * NeTraMet can monitor up to four interfaces instead of only one. Specify this with a -i option for each one, e.g. NeTraMet -inf0 -ile0 -wPASSWORD * Meter performance statistics have been implemented for the Unix meter. In particular, aps and mps give average and maximum packets per second, while api and mpi give average and minimum processor idle time percentage for one-second intervals. * NeTraMet has been restructured so as to simplify the code for packet matching. Make files for aix added. * libpcap (current version) isn't implemented for aix, so you can't (yet) build an aix meter. NeMac, nifty, etc work properly. Known problems: * If you start NeMaC with write access to a meter, and NeMaC is already running on the same host with write access to the same meter, the meter gets confused. In this situation neither copy of NeMaC manages to read sensible flow data from the meter. Detour: before you start NeMaC, make sure it isn't already running. Cure: this will be addressed in version 4.1. 4.1. will implement the updated meter MIB as set out in the current Internet Draft. Bug fixes: * Time for next collection have already passed, e.g. because of network transit delays in collecting flow data from many meters. NeMaC will not attempts to make such 'missed' collections. * NeMaC now displays (and logs) the meter name correctly when it fails to establish contact when starting a meter, and when it looses or regains contact with a running meter. * NeMaC could create invalid flow data files if it failed to start a meter properly, or if an active flow data file was deleted. This has been corrected. V3.3 8 Nov 95 nm_rc: a remote console for NeTraMet * nm_rc (in the /manager/ directory) combines NeMaC and fd_filter to provide a simple display of 'live' flow data from a single meter sorted into traffic order, busiest flows first. (Briefly described in doc/NeTraMet/rc-man.txt; a 'proper' manual will be ready real soon now). New example rule files (in examples/ directory) * rules.two-adj-routers: Meters traffic through and between two routers, specified by their adjacent (Ethernet) addresses. * rules.two-ip-groups: Meters traffic through and between two groups of IP networks, specified in a subroutine by their peer (IP) network numbers. * rules.rc.pr+bc: Classifies traffic by protocol, and looks at Ethernet broadcast packets in detail. * rules.rc.ports: Classifies IP, IPX and EtherTalk traffic by port. * rules.rc.ip: Classifies IP traffic by IP address and port. * rules.rc.ipx: Classifies IPX traffic by IPX address and port. New options for NeMaC: * -x Don't write anything to the meter. Use this if you use a second copy of NeMaC (or nm_rc) to collect from a single meter. Allowing two collectors to write allows meter to recover flows after they've been collected by only one of the two meters. * -P For each collection flow data files will be opened, flow data appended to them, then they will be closed. If you move or rename a closed data file a new one (with the old name) will be created by the next collection. This is an alternative to using the old 'flag file' method. * -p Open-append-close to NeMaC's log file as well as to flow data files. Superset of -P * -F name Specifies name of flow data file. * -L name Specifies name of NeMaC log file. * -c 0 Tells NeMaC to download rule file(s) to the meter, then exit without collecting and flow data. * default values in NeMaC configuration file. Since NeMaC command-line parameters can displayed by any user via the Unix ps command, you should specify write community names in a configuration file. Each record in a configuration file specifies meter parameters which override the default values or the ones specified on the NeMaC command line. NeMaC now uses the meter name 'default' to indicate that this record contains default values for following records. For example .. ./NeMaC -f nm-config tells NeMaC to read the file 'config,' which contains the following records .. -c900 -p -rrules.mynet default meter1 write-1 meter2 write-2 -c300 meter3 write-3 This starts three meters; all run rules.mynet, and append to their flow data files. meter3 is collected every 5 minutes, meter1 and meter2 are collected every 15 minutes. Changes to NeTraMet options: * PC & Unix meter: Option settings .. Options no longer need spaces to separate them from their arguments, e.g. -ile0 * PC & Unix meter: Read Communities .. Only one read community can be specified. Bug fixes: * PC meter: -r option (to specify read community) crashed meter. * Solaris meter: FDDI interface didn't work. pcap-dlpi.c didn't bind the dlpi stream correctly. Fixed by new version of pcap-dlpi.c from lbl (included in src/meter) * Unix meter: pcap socket open didn't specify a timeout; 250ms now specified. This prevents Solaris from busy-waiting; allowing NeTraMet to be run as a backround process. * Linux meter: alters the timeout value of a select() statement (this is a BSD feature). Timeout value now reset to 250ms after each select(); this prevents linux from busy-waiting, allowing NeTraMet to be run as a background process. 8 Sep 95 Bug fixes as follows: * snmplib/asn1.c changed to get integers correctly out of SNMP packets. Now works correctly for OSF/1. * PC meter: small memory model memcpy used to copy strings from far memory. Now uses qmove. This caused snmp network managers to get garbage when GETting addresses from the flow table. * Bug in meter/met_vars overwrote part of the SNMP object tables when responding to a request for a non-existent MIB object. This showed up as 'meter looses rule table when a network manager such as OpenView probed a meter's MIB. * Ultrix Makefiles corrected. These can now be used to build meter and manager for DEC OSF/1. 4 Jul 95 New options for NeMaC: * -a sss Collections will be made with a time lag of sss seconds. For example, 10-minute collections with 30-second time lag will occur at 1000'30, 1010'30, etc. * -w nnn Specifies doWnload level. nnn=0 (the default) downloads rules on collector startup and after a meter restart. nnn=1 downloads only after a meter restart, and nnn=2 never downloads. Bug Fixes: * PC NeTraMet returned bad string for interface name. NeTraMet fixed to return 'eth0,' NeMaC modified to check the string, and use 'eth0' instead of a bad string (from an old meter). V3.2 8 Jun 95 NeTraMet meter reworked to use libcap to get packet headers: * libpcap: - libpcap is a generalised packet interface written by Steve McCanne, Craig Leres and Van Jacobson as part of tcpdump. - libpcap is available from ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z - to make NeTraMet you must first install it on your Unix system so as to produce libpcap.a The make files in the NeTraMet distribution assume you have copied libpcap into the same subdirectory as the Makefile. - binary distribution files are provided for linux (version 1.2.1) and Irix (5.2), as well as Solaris (2.4) and SunOS (4.1.4). - libpcap supports FDDI interfaces as well as ethernet. This is still being tested (8 Jun 95). * -i option has been implemented in NeTraMet. This tells NeTraMet which interface to monitor. For example, -i le0 will monitor the le0 interace. The interface name is displayed on the NeTraMet console, and appears in the ## header line of the flow data file. If you don't specify an interface libpcap will use its default one. The PC version of NeTraMet doesn't allow you to specify the interface name. * 'other' packet handling has been extended. 'Other' packets set the SourcePeerAddress to the packet's ether_type and the DestPeerAddress to the packet's LSAP. This allows you to use NeTraMet to find out what packet types are active on your network. * All the source code (including the CMU SNMP library) has been tidied up so as to remove most of the compiler warning messages. This should make it easier to port to new systems. Bug fixes: * PC pointer problems cause PC Netramet to crash at random times (from seconds to days). Finding more places which should use 'huge' pointers instead of 'far' pointers seems to have cleared (or at least reduced) this problem. * PC string compare routine error. Waterloo TCP's qcmp routine compares two far pointers (same as Unix memcmp). Implementation bug meant that strings which were same length and differed only in the last byte were reported as being the same. The effect of this was masked because NeTraMet uses a hash search of the flow table. * NeTraMet crashed when it received an SNMP get request for a MIB-1 objects which it didn't know about. NeTraMet implements nearly all of the Accounting Meter MIB objects, but only a few MIB-1 objects. The SNMP routines in met_vars.c have been improved so as to give a 'no such OID' response (and keep running). * NeMaC didn't handle end-of-file properly for its configuration file. This has been corrected. V3.1 16 Feb 95 New version using IANA-allocated MIB OID (mib-2 40): * Rewritten and simplified MIB means that earlier meters won't run with 3.1 NeMaC, and 3.1 meters won't run with earlier NeMaCs. i.e. both meter and manager must move to 3.1 together. * Extended and simplified rule matching. Jumps can be to the test or action part of the target rule. Attribute values can be pushed from the packet (as well as from a rule), hence aggregate and tally flows are no longer needed. The action table was only needed to support aggregate and tally flows: it is no longer needed. * Six new uesr-settable attributes are implemented. SourceClass, DestClass, FlowClass and SourceKind, DestKind, FlowKind allow a meter to pass information gleaned during packet matching back to the flow data file. * NeMaC allows you to INCLUDE rule files into other rule files. * Emergency rule sets are implemented. The meter will switch to its emergency rule set if the % of active flows gets greater than HighWaterMark. * Collection times are synchronised by default, i.e. they happen at multiples of the collection interval. For example 15-min collections are made at 0, 15, 30 and 45 minutes past the hour. Bug fixes: * Rule tables with more than 1350 rules now work properly on the PC meter. This was a situation where 'huge' pointers were required to reliably access all of the rule table. * IP fragment packets other than the first fragment of a PDU produced garbage transport addresses (IP port numbers). They now produce 0. The Accounting Model defines attributes for each protocol, and doesn't allow one to distinguish a 'first fragment' from an unfragmented IP packet. * A mistake in the code for optimised testing of a group of rules could sometimes cause packet matches to succeed when they should not. This has been corrected. Notes: * Rule files will need to be converted from the old (version 2.x) form to the new one. The changes are straightforward, and are documented in the file Converting.rules.ps V2.3 25 Nov 94 Fourth full release, new features as follows: * NeMaC now uses the names of flow attributes as they appear in the meter MIB, i.e. TRANS is used instead of DETAIL. NeMaC does this by allowing DETAIL to be a synonym for TRANS. Old rule files will still work properly, but new rule files should use TRANS. * Gopher (port 70) and WWW (port 80, i.e. html) have been added to NeMaC's list of IP port numbers. * If NeMaC notices that a meter has been restarted, i.e. it's sysUptime has jumped backwards, NeMaC will automatically download its specified rule file. The check is made before each flow data collection (intervals set by the -c option), and at every 'keepalive' interval (set by the -k option. This feature can be used to minimise the amount of flow data lost by a meter after a power-fail restart. * NeMaC now allows different collection and keepalive intervals for each meter. This is implmented by allowing the -c and -k options to appear in NeMaC's configuration file, and using an event queue (instead of a simple idle loop) to order meter activities. * A mechanism for closing and reopening flow data files has been implemented. NeMaC tests for a file called NeMaC.flag. If it finds the flag file it will close and reopen all its current flow data files. A new section has been added to the manual explaining how to use this feature. Bug fixes: * Various bugs in NeMaC's parsing of rule files have been corrected. * Bugs in fd_filter and fd_extract have been corrected; they will now work as documented! Notes: * NeTraMet memory management has been improved. 'Active flows' is now used instead of 'flows in use' for controlling garbage collection. The garbage collector is called if a new flow is needed and the are no free flows. V2.2 19 Jul 94 Third full release, new features as follows: * fd_filter and fd_extract included in manager directories as utility programs for flow data files. Documented in fd_util.ps file. * Port of both NeTraMet and NeMaC for Solaris, using streams/dlpi instead of nit to watch ethernet interface. * Binaries for Solaris and Sunos available via anonymous ftp. * Make files for HPUX and linux added. NeMaC has been ported to HPUX and linux. * SamplingRate MIB variable implemented; allows only 1 of every n packets to be processed. * All four Novell IPX encapsulations now recognised. Bug fixes: * PC NeTraMet now counts packets sent as well as packets received. Notes: * NeMaC now gives sensible error messages if it can't write meter variables. If NeMaC only has read access (i.e. it was given the read snmp community name instead of the write one) it can still collect data, but such collections will not be recorded by the meter, and therefore be noticed by the meter's garbage collector. * Solaris 2.3 dlpi bug corrupts some packet headers. Only affects CLNS handling by Solaris version of NeTraMet. This is fixed in Solaris 2.4 - see the ether_pc.c file for details. V2.1 14 Jan 94 Second full release, new features as follows: * Subroutines in rule tables implemented, making it much easier to write rules to handle large numbers of networks. * Labels implemented for rules and actions, i.e. no need to keep track of rule and action numbers by hand. * CLNS protocol now understood by NeTraMet * Packets for protocols not understood by NeTraMet can be counted as PeerType 'Other'. * Ethernet II and SNAP encapsulations for IPX now recognised (as well as 'Raw 802.2'). * Full (10-byte) IPX addresses can be used instead of just (4-byte) net numbers. * Make files for Ultrix added. NeMaC has been ported to Ultrix. Bug fixes: * MIB environment variable changed to MIBTXT to match the documentation (was MIBFILE). Notes: * Make files changed to allow compilation with Gnu C compiler, either by specifying gcc in the make file, or by 'setenv CC gcc'. * Documentation points out that NeTraMet write community must have different name to read communities, and that NeMaC must specify the NeTraMet write community name. 28 Oct 93 New: NeMaC only displays 'Rule/Action added' message every tenth rule/action. 22 Oct 93 Bug: NeMaC couldn't handle rule table with >255 rules. V2.0 20 Oct 93 First full release of NeTraMet and NeMaC, with NeTraMet Manual and full source code. V1.0 Nov 92 Prototype meter using height-balanced trees instead of rule table. Presented at Washington IETF. -------------------------------------------------------------------- There was peace and harmony in the home of the Reverend Taylor. An air of neatness and prosperity was about his four-room adobe house. The mocking-bird that hung in a willow cage against the white wall, by the door, whistled sweet mimicry of the cheep of the little chickens in the back yard, and hopped to and fro and up and down on his perches, pecking at the red chili between the bars. From the corner of his eyes he could peek into the window, and it was bright with potted geraniums, white as the wall, or red as the chili, or pink as the little crumpled palm that patted against the glass to him. It was the first scene of the closing act of the tragic comedy of the Geronimo campaign. That wily old devil, weary temporarily of the bloodshed he had continued with more or less regularity for many years, had[Pg 297] sent word to the officers that he would meet them without their commands, in the Ca?on de los Embudos, across the border line, to discuss the terms of surrender. The officers had forthwith come, Crook yet hopeful that something might be accomplished by honesty and plain dealing; the others, for the most part, doubting. The two rival Ministers of England became every day more embittered against each other; and Bolingbroke grew more daring in his advances towards the Pretender, and towards measures only befitting a Stuart's reign. In order to please the High Church, whilst he was taking the surest measures to ruin it by introducing a popish prince, he consulted with Atterbury, and they agreed to bring in a Bill which should prevent Dissenters from educating their own children. This measure was sure to please the Hanoverian Tories, who were as averse from the Dissenters as the Whigs. Thus it would conciliate them and obtain their support at the[19] very moment that the chief authors of it were planning the ruin of their party. This Bill was called the Schism Bill, and enjoined that no person in Great Britain should keep any school, or act as tutor, who had not first subscribed the declaration to conform to the Church of England, and obtained a licence of the diocesan. Upon failure of so doing, the party might be committed to prison without bail; and no such licence was to be granted before the party produced a certificate of his having received the Sacrament according to the communion of the English Church within the last year, and of his having also subscribed the oaths of Allegiance and Supremacy. The earliest martial event of the year 1760 was the landing of Thurot, the French admiral, at Carrickfergus, on the 28th of February. He had been beating about between Scandinavia and Ireland till he had only three ships left, and but six hundred soldiers. But Carrickfergus being negligently garrisoned, Thurot made his way into the town and plundered it, but was soon obliged to abandon it. He was overtaken by Captain Elliot and three frigates before he had got out to sea, his ships were taken, he himself was killed, and his men were carried prisoners to Ramsey, in the Isle of Man. "I see you've got a cow here," said a large man wearing a dingy blue coat with a Captain's faded shoulder-straps. "I'm a Commissary, and it's my duty to take her." Suddenly they heard little Pete's voice calling: "Stop your ranting and tell me how the hogs got you." "Hold, Lord de Boteler," interrupted Father John, calmly; "the threat need not pass thy lips: I go; but before I depart I shall say, in spite of mortal tongue or mortal hand, that honor and true knighthood no longer preside in this hall, where four generations upheld them unsullied." HoMEСÃ÷¿´¿´Ì¨ÍåÊÓƵ·¢²¼ ENTER NUMBET 0017
lusi7.com.cn
ljwl.net.cn
sxgnzr.com.cn
www.banri5.com.cn
www.xyjbyl.com.cn
www.taike8.com.cn
www.hehen1.net.cn
dgfsbl.com.cn
158zyw.net.cn
www.artzhl.com.cn
荒木琪琪色 人体裸体metcn庄媛 黄色扣扣号删除 WWW.MMTT88.COM WWW.CCC911.COM WWW.720BB.NET WWW.DSO9.COM WWW.ZY021.COM WWW.36094.COM WWW.LO03.COM WWW.ATZ5.COM WWW.ZPJX168.COM WWW.GDGJ13.COM WWW.CQANT.COM WWW.HHH217.COM WWW.LINUXSEE.COM WWW.08III.COM WWW.YOUXIXJ.COM WWW.YX988.COM WWW.BS0086.COM WWW.102SE.COM WWW.30JIE.COM WWW.QKDQT.COM WWW.BLZ38.COM WWW.ZGBXFZ.COM WWW.MM105.COM se94semoc 38ybyb改成啥了 鲍陌生人 古风性爱故事 www小明影视 鲍鱼12p 在线av20gan 色㏄影院 插姐妹抱妹妹嫩妹妹图 日妣漫画 550022com 小浪逼网站 hentai屁股 日本最大胆照片体图 玛丽罗斯3d同人动画h在线看 4k4cnav 网姨成人小说网 东方在线Ar av视频在线现在就能看 h片网站登入 操老婆妹子 人体艺术人妻小说 两男一女激情小说 影音先锋强奸影片 蝌蚪窝软件下载 wwwpp398comVR 熟女制服丝祙 日本骚货的鲍鱼逼 1111kf李宗瑞 在野外日妈妈 伦理电影小说 成人驴 做爱图贴吧 羽月希在线Av 无极影院美腿丝袜 www98mmcom 法国极品在线看 黄片西瓜影音 儿子性虐妈妈乱伦成人av在线免费观看 久久女人撸视频 人妻乱伦赤裸色宫小说 国产寂寞少妇推油高潮 1818lucow 妻子与大学生黑子 秋侠影视网 不用播放器放的日本AV 444-乱伦小说 色小姨子影院 自拍自慰免费观看视频 男女上床私照 超碰在线视频91在线视频XIAAV在线视频 欧美私处艳照 巳剥开的女孩阴辱图片 139那个黄色网站是多少 288bb 97gan裸体美女 人与动物天堂网站大全 校园激情人妻 秋霞小说另类 蔡淑华magnet 变态性交大合集 欧美亚洲制服强奸乱伦 妞妞基地在线视频 swww22bbmmcom 97caopao abn300c0m 好阿姨社区mp4 奶大性爱基地 白皙美女被干 人妻交换图文小说 日本成人视频制片公司 久久热精品在线视频 久草在线青青草福利 激情做爱乱轮小说 S666AVCO 偷拍自拍第一页46 成人电影亚洲欧美偷拍视频网站 操欧洲女人小说 潮吹套图收纳全球最精美潮吹套图 日韩不卡av影院 在线视频主播AV av爱vav大帝 度巴拉斯电影在线观看 和妈妈一起乱伦九城社区 性之听吧小苮儿 木村泓野 做爱动态图片黄色片 终极强奸 插小穴淫 高清炮大美女在较外 家庭乱伦色电影 丝袜少妇被插 狂操少妇逼图 狠狠曰图 骚逼yaoyao 操性感白领少妇小说 黄色撸撸一级片 大乳房美女人体 美女裸照操逼照 色中王 日本美女美鲍人体图片 大黑吊妈妈 色尼玛夜射猫成人在线视频 guo外人体艺术 公媳激情小说挟 胖老太太肏屄 叫公公操了 母子同欢 美女人体馒头 苍井空电影全集55小说 舔足h 人体陈佳丽 WWW_4B6666_COM WWW_178HE_COM 快播摞摞 我和熟女的性爱 鸡巴插少女的逼 北京公交车线路 一本道草碧二区 幼香阁幼幼交妈妈 人体做爱写真 美国黄丰满强奸 色bb的电影 无需播放器操逼视频 三级经典成人影音先锋 天狗肏屄内容介绍 欧美性爱区色吧第一页 得得日在线视频 WWW51MM520COM 国产自拍图片区国产区小说区 淫女乱伦群交 强奸同学母小说 先锋影音自慰 欧美大屁屁黄 怎么用bt撸影院 kk四四kk 我爱看片免装版 情系社区五月天 哥哥玩弄弟媳的嫩穴 无码少妇尸体 WWWNIGHTLIFECOM sao370 伦理另类电影 操逼高潮呻吟 偷靑家庭乱伦小说 我插的美女好爽啊无约定香甜 WWW9SKBCOM 东北火车道银镯子 中国阴茎勃起从小到大图 两男干一个漂亮人妖 韩国艳照门视频影音先锋 脱男孩子的裤子视频 把老婆操出白沫 67成人熟女图片 731部队电影全集 在线阅读有个疯狂做爱的小说 8080av 制服诱惑色妹妹校园春色 黑寡妇黄色小说 外国黄色人体艺术 女主播淫荡小说 911色色色中文成人激娱乐网 撸波波rrr777 美女制服诱惑男女 奥特曼苍伦理在线 av角色扮演论坛 www三级片大全网 爆乳欲室在线观看 蒋雪儿大奶子 www785eihdj 丝袜乱伦撸色在线 43脳ecom 日本色倩女星波多野结衣 水中色婷婷 裸体毛网站 91pron自拍福利网 公狗肏女人屄视频 美女姝孑囡 丁香伊人 外国性交电影wwwzzzz20com 公司熟妇杨阿姨43 久久热久久色淫涩帝国 诱惑网日本翁媳乱伦 射雕英雄传插曲 离婚少妇的秘密 吉吉影音乱伦小说 天天影视av最新版 台湾妹4xpxp中文网 七色色色久久桃花综合 www19fffcom升级网址 好屌色qqc 灯草和尚无修版百度云 美女BB打炮 先锋三级片ed2k 人与猪小说 澳门新葡京国外在线视频 国产熟女人人操色图 吉吉资源变态 拍揄自揄网 a插妹妹AV 日逼图欧美 芭芭拉有声小说吧 淫有声小说mp3 可以用的h网 www酷狗www酷狗 www酷goucn 酒色网一生酒色 40岁看黄片 四门成人网 好色姨妈电影 淫骚影视A片 anima兽交 赤裸宫殿谁有E谁有G adultbig影院 去干网 色人格阁姐妹爱 天天基金每日净值表 狠很橹图片 涩情网站 色综合资源平台 色猫电影乱码 人人福利网址 avhd110 淫的的方式程在线观看 91大神教兽极品 苍井空的大尺度AV片资源 乱伦视频app 美国推油A片 搞B电影吧 国产自拍换 孙迪A4U 熟女w中出福利视频 小清午夜视 小姐操逼免费看视频 小姐上位性视频 小黄片在线 曰~本av翘臀熟妇 日韩少妇日逼潮吹视频 www5151HHCOM 拔插拔插8x8x7987 香椎りぁ大全 288影院 两穴同入在线 屄的视频无毛 宅男视频 跟52sihu一样的网站 97怡红院快播 黑丝做爱插死她电影网 秘拍福利 娜美 h 里番 acg 中文无码强奸无码 天堂2014手机在线丝袜 啪啪影院车震 国产自拍 看片 在线播放欧美性爱 九州资源永久免费视频 欧美90后性交免费视频 丝袜美腿亚洲视频BT下载 福利网自拍 五色月色婷婷综合 阿v2014天堂网手机网 r任你日 594kkcom直播app aiaifulidaohang 犬屋敷 影院 被窝电影网wwwgaoavcc 国产精品 泷泽萝拉 i色大姐 春暖花开 日本 迅雷下载 大学生 磁力下载 xofuli福利社视频在线观看 xxx肛交视频 国产自拍三级 下载 中国一级片迅雷种子 罗曼诺 (443) -(双肩包女) 伦理国产小视频 一本道d d高清在线播放 ii69 欧美成人凹凸视频播放 自拍偷拍 澳门 国产女生自拍网址 成人看片小视频 影音先锋中文字幕亚洲综合小综合 超碰 日本av sdde398手机观看 初中生在线视频91 大桥恸哭的教师在线观看 mxgs234 欧美真人性爱视频直播 高清无码在线播放。 国外顶级福利导航 台湾女优番号 黄色视频小说网站 【劲爆!浙江少妇被黑人老板直接口暴!】 潮吹迅雷磁力链接 国产开档丝袜 成人色色v 棚户区卖暗视频 播放 周晓琳花生牛奶在线 欧美v5成人性爱视频 有哪些h的网站 先锋影音成电人影 血色国度在线 性交黄色视频网站 国产自啪精品 97午夜免费神马福利影院 真正的操逼视频 K色频道 狼国激情 吴藏雨自慰视频 色琪琪AV永久观看 97碰碰碰超视频视频 想插进去影院 有声老湿爱爱视频 午夜影院福利十二点 邪恶少3d欧美里番工 深圳同居换夫 午夜大黄视频播放 泷泽萝拉在线电影 里番OAC 北 条麻妃无码电影 操逼小故事 不穿内裤西瓜影音 日本伦理片100部老表 波多野结衣大5战黑人 地铁xoxo 白石茉莉地狱挑战 在线 荒野女人色 东方亚洲Av在线 爆乳操逼视频 操逼逼爽 啊啊啊视频 病态爱慕百度云 【PPPD-376】催眠で寝取られ中出しされた爆乳人妻 JULIAin京香ju www26yjjcom 在大街上穿着裙子没带自慰棒视频。 avtv866 日韩经典 第十页 sowo999换成什么网站了 Xartbreeonmyown链接 乱伦骚爽视频、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、 aqy777 混血大眼小仙女楼道在线观看 啪啪成人影院动漫 美女黑森林 magnet 黄片,高潮不停 日本大黄片狠狠干免费看看 www154nte 周晓琳视频40p 迪丽热巴三部曲在线播放鲁爽 站长推荐磁力下载 mp4 秽色福利小视频 竹内真琴 在线观看 嘿嘿嘿迅雷 波多野结衣末剪版在线观看 騲寡妇影院 本地爱爱视频 草i碰在线视频 vod视频国产 在线熟女导航 757ys视频合集 日姘黃片動著 圣窝美女受拘束 女王调教sm视频全集 国产自拍 小辣椒 不穿内裤运动无码 一本道69 手机看片你憧的 亚洲东方无码 橘梨纱AV在线观看 l伦理电影五月天 四虎激情速播 国产精品w4w 日本黑帮强奸 人妻众大香蕉视频在线播放了 五十路熟妇专区磁力链接迅雷 726伦理片 六度小视频黄色视频 精厕 教室里唡腿偷偷夹笔杆 福利点云视频 青草影院在线视频 超碰人人很很操图片 ribezhenrenxingjiao 人鲁做爱 角斗士成人版百度云 奇优电影院 爆菊花视频 青虹资源搜索平台 红楼吧视频网在线 很漂亮的美女口爆吞精视频 黄色视频日本无码404 红衣军 狐狸视频美女脱衣服 黄色美女赤裸裸直播下载 日B-美女免费 四虎院视频影 近亲相x系列番号ed2k 超碰在线 黑丝 酒井千波肛交 伦理聚合在线兔费观看 feifeishijei 欧美重口味 mp4 fuck yeah 片桐手机在线资源 84pa澳门普京 下身插入b射精视频 能让我下面流水的黄文视频 韩国美女vip视频在线观看老司机影院 国产自拍第9页 韩国在线自拍 国内自拍hd 国产自拍sw 呆哥北京酒店爆操背着老公偷情的漂亮良家少妇2,趴在窗台让行人看着自己被操, 老司机综合影院 国庆 厕所视频 opud279 秋霞无码理论欧美电影 杨颖啪啪的视频完整版 中国无码黄片 新加坡人美国艳星口交视频 欧美畜生伦理 我们轮奸了同学的姐姐 男女性交图163网 仓井空百度视频 偷拍真实性交照片 我日了翠翠不不庇 偷拍真人免费做爱 欧美成年人黄色pp 一条真生先锋影音 免费的皇瑟图片 母性本能在线播放 香港艺术片电影 男人肏母狗小说 李宗瑞最全照片 我和熟女的爱恨离别 小女裸体社美人艺术 东北娘们0809操逼操网站 美女和男人靠b视频要色 四p三男战一女干到不会走路 梦露人体艺术 日日影院 屄喝啤酒 人与兽全集1 李宗瑞 自拍偷拍 性生活录音 btwohenainailuanlunxiaoshuo 北原美香子bt 什么样的女人最性服 轮奸三姐妹 明吾岛 uu人体导航 人妖zzz女人 欧美bt区 电视能播放图片吗 妹妹被吸奶子 大鸡吧操美女屁眼 韩国色图无码 很很撸欧美色图 亚洲春暖花开 中文字幕三级农夫 野外爱爱现场视频 in 性吧 欧美女人狠狠插 轮奸多毛女影音先锋 人体艺术中心图片 抽插网站 熟女和小伙做爱 吹屄癖 鬼魂图片 男性露私人体艺术照 日本乱伦 一女多男 群交 毛毛片性爱做爱视频 簧片高清在线观看删除 秦汉近况 btav种子下载 影音先锋色片插屈眼护士 哪有骚逼可肏 日圣酒 酒店偷情鸡巴操逼快播 葡萄牙人体 尿尿淫淫 矮人的性生活 mesubuta被患者袭击的美人护士君野纱枝 撸sese xxxsex24 搜狗meicaobi 名门小妹 美女的蝴蝶穴 WWW_988SE_COM 淫荡漫画 粉色骚逼 抽插熟女撸 三级成人色影院 瑟瑟图片 WWWXBX9COM 成人电影网址youjizz 做爱吧波多 日本虐奶头电影 dy4480影院 国内莫航空公司空姐性爱视频合集影音先锋 兽交岳母 求网址www55 自拍露阴毛 爱裸睡的丹丹全文阅读 三屄色图图片 苍井空老师动作片视频 为什么日本女孩子那么矮 草老婆逼免费视频 日本阳道美女图片 李宗瑞6是 手机快播看a片的网址 欧美大逼50p 性感大奶阿姨 女性交艺术 tradesmarter中文网站 少女做爱偷拍自拍18 wwwbaiduxxx 黑人性生活类视频 男操女逼啥意思 日本裸身护士 大胆展示人体秘密 千干射 亚性夜夜干 玖玖爱资源站www52014zyzcom 护士宝贝内射12p 视频裸聊女同骚逼 美女丝袜的诱惑写真视频搜狗搜索 涩涩爱图片图图新闻 人妻按摩在线成人免费 综合色站小说 好色人妻的有关小说 多毛美女做爱 色波小说 办公桌下舔总裁13p图片 97在线视频超碰91免费zsptmdcomwww78p78info 开埠夫妻床上做爱黄片儿 亚洲电影wwwyytt2012com 日本公公强奸乱伦久草电影 川崎理惠的唯美情 日韩做爱套图 人体四元穴在哪里 天天日天天看在线影院365ahnet 绝色干综合网 狠狠日天天干色色撸 手机极速云播在线电影 乳汁女优 射墙上黄色网站 干骚逼性交视频 福利电影wwwnj6zcom ca0bi zzji直播 欧美妓女乱干视频 大香蕉堵场 国产成绫合 WWW3344BH 日本吃精射精颜射在线视频观看 黄色乱伦母乳 欧美av19ufcomwww39ppppcom 欧美老大爷给美女开苞 秋霞福利小说书 插插动 天堂天天操逼 福利视频最干净 肉棒调教 小女孩的AV资源 操逼美女10p 经典有声插插中和网 性交口交天天撸 裸体模特在雪中 gexxxncm 肉蒲电影完整版qvod 强奸社长qvod 大胆日本女优 车上那个操舅妈 性爱丰满呻吟 林心如人体艺术照 黑泽爱迅雷种子 wwwhhmmcom 武汉玩小姐 扶她av资源 强奸乱伦嫂子的 簧片在线观看网站 wwwav186pp 性爱视频小说 b站加密房间是什么 在线看免费视频同志 谢依霖个人资料 人妻Av伦奸 lululuse 亚洲性爱欧美色图乱伦 play海量av图片 老大妈性爱视频 a片玛利亚 987he www5777ddcom下载 涩涩综合 口交av免费视频 妹妹狠狠搞 国产黄瓜自慰视频 日本盗撮在线视频 美女全裸直插 成人电影网站成人片免费收看 日本空姐三片 有电影有小说网站推荐你懂 www,100av,com 车牌号网址 乱伦性爱技巧小说 成人三级图 chengrenjiqingwangzhan 毛毛战队 母娘乱馆在线免费观看 121四虎 国产女神学生 色萝莉网 欧美性爱之幼女 末世贱淫 青青草av久草yjhmwcnwww668eyymcn ww77pao 好深好大18p图 自慰视频成人 性色影视 haole第四色 大香蕉成人网dxj998com 淫姐姐手机影院 一个释放的蝌蚪窝超碰 狠狠干胖妞 一本道网A片 123CTCTCOM 涩涩网影音先先锋 撸二哥男人在线迅雷看看 国产v成人 80性爱网 亚洲妞妞 美女直播自摸 俄罗斯伦理电影 制服诱惑丝袜美腿成人自慰 去色人阁 两穴先锋 大岛优香在线超碰 西西大胆专业幼女模特人体 夫妻白天爱爱自拍 日月操妹av电影 579bbee 欧美图片亚洲伦理 色色成人9797aa 清纯妹子三级 小说人妻系列 操奶奶丝袜小说 74xc影院 欲奴zxgk 像av帝国一样 a片毛毛网 日韩不卡av影院 久久禁典 91avi视频 柳箐箐人体艺术作品大全 色工厂qvod百度诱惑 新片 www080secom 百合女如何做爱 西瓜影音小姨子乱伦 苍井空全裸无马赛克 偷偷撸1删除 美女被双插 偷拍色老大导航400色导航 快播a片女人和狗 巨乳做爱电影 ggmmkkcom 亚洲色图欧美色图少 妇 熟 女 奶牛丑婆等着您 找人狠狠操老婆舔逼 波多野结衣洗澡做爱 3p美妇到高潮 国产淫人妻操白嫩的桃子奶少妇 www357vvcom 丝袜脚撸阴茎 � 大阴茎 苍井空 闪现君打阿乐 李宗瑞快播2 533hh kaobi动作片 制服美女性交图 回家开门时被人强行拖进家中强奸中的女优 av女明星做爱的图片 不穿戴任何衣物的大奶美女 红稠成人网 白嫩观音坐莲 50岁女人给我口交 织里吧 办公笔记本 重庆话学习网 哈尔滨美容院 jialefu 色青五月天兽交 外国人操逼视频成人视频 日本裸照丑文 美女扒b图片 免费观看杨思梅 操逼出水动态se图 亚洲美女写真做爰网 搞穴影音先锋 14岁少女的美腿玉足 露b热舞 日本德田与孙女性交照 偷拍做爱爱 波多野结衣迅雷下载地址 学园2淫虐の図式 伦乱激情家庭 性感丝袜美女图库欧美色图欧美色图 h亚洲成人电影狠狠地插 视频五十岁老女人女人乱伦 欧美美女30p视频 一本道女同 爱爱谷色导航网 华娱花花世界 亚洲狼 鸡鸡插 大帝av大帝在线视频成人 亚洲女优访谈 三个大奶妈同吃一跟大鸡巴 女人服十精丸 snis191手机在线观看 熟女做爱色图15p 丰乳肥臀迅雷 骚妹妹qq有木有 美国黄色人兽a片 3p老婆肉文 曰本操操操成人电影 亚洲欧美小说动漫成人在线 第四色影视厅 吴江同人 2222znet 丝袜乱伦撸色在线 与淫荡女医生做爱 古典黄蓉武侠 相内司合集 91pron自拍福利网 26uuudi四色 大奶湘妹子 千百惠露点 胖女人拳交 假阳具扩肛自慰在线视频 成人视频社区逼爽 福利影院童话村 对白淫荡的母子乱伦妈妈 哥也色人格得得爱色奶奶撸一撸 处女约清新味 wwwhaoa01cm 性吧图片亚洲色图 淫逼逼成人 优优人体大胆少妇鲍鱼qqrtyscom 2017色偷偷偷免费视频 狼人综干合小说下另类小说 冰漪大尺度私拍 爱爱谷张悠雨大胆 少妇酒店掰穴自拍 春色满元 樱井莉亚壁纸图 www酷六cn 开心五月天最新网站 东京热快播图片 有名的黄色小说 漂亮妈妈唐雅婷 迷魂迷奸水 淫贱五月天 俺去也电影网 女厕偷拍工具 真?巨乳帝国 色女无罪成人网 斗转星移合成王国 超碰在线 来摸我 色和尚资源网资源站 惠美梨接线员番号 mp4 不要向下看天天影院 留守山野女人欲火难消 黑丝紧身衣电影 祼露毛片 偷拍自拍乱论小说 青草防屏蔽视频在线观看最新完整版 秋霞影视eu 翘臀性感蕾丝兔 日韩在现无马视频 日本女优视频在线 在线操逼视频网站 美国女孩成人免费视频 剧情之王sw036 澳门赌场毛片 国产自拍56页 激情影院体验服 品色影院 偷偷自拍 香港在线 超清优酷伦理影院 董美香ol 美肉流刑地2西野翔在线视频 黄篇免费人人干视频 乱伦性爱视频在线播放 美女互相自慰视频 69人体鲍鱼与真 九儿福利影院100合成。 曰韩男女性活自拍 thunder://QUFtYWduZXQ6P3h0PXVybjpidGloOkJFM0M4REIzNDgyMzYwMEFCN0M5RUNEMj 偷拍自拍播放 东方影库300 幼自拍 初犬 无码 91影院午夜福利大合集 爆菊电影种子迅雷下载 艳照门eu2k www4445f 影视先锋大众 汤姆影院网址在线播放 穿越时空的爱恋兔费看 秋霞eusses极速播放 色小说综合网 久久影院的网址多少 好国产自拍 jappinesemilking 玩官太太骚B 福利757午夜云播 丁香女色婷婷 亚洲射域网 上原亚衣无码 在线 a片91视频 xo影院在线观看免费观看 俺也去激情5月丁香 紧急通知成人影院 63uuu 大学女生厕所 百度云 X 影片名:网红美女演绎学生看到老师穿着高跟丝袜很性感就尾随跟到家里和老 磁力链微信无码小视频 大胆二嫂和闺蜜3龙2凤5p大战真担心二嫂这单薄的身子骨受不了对白清晰 国产区视频美日本一本道 日逼视频免费看完 狂播小视频 金发天国无码磁力种子 在线约炮 孙雅种子 mp4 俺播 526成人网 23riri新地址 九州av–男人的天堂! 操逼处女自拍在线 嬴荡女老师视频在线观看 影音先锋大胸无码 找女模特种子下载 wpvr-108 先锋影音 免费看黄尤美 亚洲狼人干狼人伊人 欧美老人大屁股在线 偷拍嫩逼 国产开档丝袜 www4438XC0m WWW路4422 mp4 色噜噜一级综合 e80se 濑亚美莉 播放 影院 午夜福利真实 佛爷与美容院老板娘约炮 黑人巨屌 学院派女神翘课和富二代男友开房真会玩舔脚趾屁眼射了好多影音先锋 香草在线精品视频 小峰由衣视频无码 小姐打飞机尻视频 协和影视 JUY 颜射美女大学生 XXOO黄片视频 午夜黄页老师影院避孕套 韩国漫画肉肉片段 猪猪快播电影天堂us sdde318先锋影音 夜色奇趣 国产自拍91在线caoporn 操逼视频播放器 前田希美在线无码 最全面的成人网 国产自拍手机电影 能看r级电视的app iptd694无码截图 绑着做爱爽爽的视频 168D罩杯初次试镜娇喘连连 avavsese 雪音亚里沙 先锋影音 selangwoshipinzaixian 超级长发女神宾馆开房被狂操钱没白花一辈子玩一次死也值了还说不要不要我 sae精品自拍分享福利视频 sm男虐女地下室调教视频在线 超碰在线AV sw312在线观看 超碰人人o操 开平虐女视频 免费的小黄片视频 树凛花在线 亚洲无码第1页_亚洲无码av天堂_亚洲系列_亚洲av电影_亚洲av在线 东方在线1677 曰本亚洲三级视频 日韩SM高清 午夜小视院 尻逼视频美国 什马影院的午夜 自拍偷拍在线视频微拍福利 那有小姐操逼视频 久久草在线免费自拍 不堪欺辱的小林初花磁力链 国内自拍超人碰碰网 操B小X视屏 国产超碰在线福利看看 夏馨雨大尺度外阴展 4女性毛多 伦理片2012EEUS Freepornvideos-1 西瓜影音 大奶女神自慰视频 1212AV 猫咪av社区 rctd WWW*CC36*C0M 前台湿了的 香椎 ipz141在线播放 媽媽視頻胖女人性愛視頻 加勒比系列无码连接 强我电影线观看台湾 情欲丛林电影免费播放 激情大尺度迷奸片段片段 漂亮的主播成为性奴 ck在线仙桃影视肉片 紫藤·伊莉娜h动画 侵犯素人 magnet 空姐自慰视频在线观看 青娱乐午夜福利视频 令人惹火的邻家美眉 影音先锋 math40s小黄网 正在播放91大神dr哥 酒店爆肏白嫩 91dzdzcom 啪啪在线电视免费资源 女同av影片在线观看 黄色无码动漫视屏 快播高清播放器 吉泽明步人妻系列在线播放 伦理在线图片 国内自拍 欧美成人性交在线视频直播 带丝袜三级伦理电影有什么 一本道亚洲在线 我要色女社区 色虫网在线视频 狼成人网 美国成人制服 ジェマ解禁 卫生间强奸种子 【正在播放:女神的娇喘大鸡巴无套内射烟台96白嫩美小骚穴【日本免费av毛片在 高中生自拍在线 艹b动态图 成人福利伦理片 muziliangcaonila 川村まや痴汉 操弄揉 面接澜21 国内自拍女厕小便 三人做人爱免费视频免费视顽 国产野战修车皮裤美女 麻生希水三级 1级图片日韩 母子无码bt种子 xfplay变态另类 口交口爆p 母乳诱 人体掰b艺术 成人激情乱伦大集合 裸体美女私处裸露人体艺术 那里招越晋加弹工 影音先锋资源同性 美淫母亲的秘密 苍井空激情in 人与动物兽交第一页