OpenLI 1.0.15

• Fix collector crash when SDP identities are shared amongst multiple Call-IDs.
• Fix bad logic that meant sipignoresdpo option was ignored by the collector in certain situations.
• Add DPDK 21.11 compatibility (via forcing libtrace 4.0.19 as a dependency)

OpenLI 1.0.14

• Fix bug where VoIP intercepts would stop collecting media traffic if an INVITE was issued during the ongoing call.
• SIP target usernames now support the use of a leading '*' as a wildcard (e.g. to represent different combinations of dialing codes that may precede a phone number identifier).

OpenLI 1.0.13

• RADIUS parser now copes with situations where an assigned IP is not included in the access-Accept message.
• SIP parser now copes with SIP URIs that are just "sip:" followed by an IP address.

Packaging:

• CentOS 8 is no longer supported, but we now build RPMs for Rocky Linux 8.5 and Alma Linux 8.4 instead.

OpenLI 1.0.12

• Fixed bugs where changes to certain intercept properties (either via the REST API or through configuration reloading) were not being correctly applied when encoding subsequent ETSI records.
• Fixed bug where the username property for a static IP intercept was not being encoded into the ETSI targetUsername field.
• Fixed bug where digest hashes added using our helper script were not able to be authenticated by the provisioner.
• Fixed collector crashing when processing a SIP message that spans multiple packets.

OpenLI 1.0.11

• Improved collector encoding performance by saving and reusing previously-encoded records that have the exact same layout.
• Also improved encoding performance at high packet rates by sending encoded records to the forwarding thread in batches.
• Mediators will now actively avoid splitting a record across multiple send calls wherever possible -- this fixes issues where a reconnecting LEA handover (e.g. tracepktdump) would complain about being unable to parse the data it receives upon reconnection.
• Fixed bug where a collector would simply stop forwarding records for an LIID on to the mediator for no apparent reason, especially when more encoder threads were being used.
• Fixed bug where encoding jobs would be lost without being seen by the encoder thread.
• Fixed performance-related issue where an overwhelmed mediator would never send data to its handovers.
• Fixed crash in mediator after a handover is disconnected for failing to send a keep alive response.
• BER encoding optimization has been removed -- it was not interoperable with some LEA software, and the new encoding performance enhancements are a better alternative anyway.
• Fix issue where collector memory usage would be extremely high when under load.

OpenLI 1.0.10

• Intercepts can now be configured with a start and/or end time (unix timestamp only).
• SIP-based VOIP intercepts will now check the P-Asserted-Identity and Remote-Party-ID fields for matches against the target identities.
• Added config option to allow the "From:" URI in a SIP packet to be used for target identification. Defaults to not allowed.
• Added config options to adjust pcap output filenames and compression levels.
• Fixed bug where the agencyID for an intercept could not be modified via the REST API.
• Fixed issues where the set of active pcap intercepts was not updated when intercepts were no longer active.
• Fixed various crashes and memory leaks when reloading the collector config file.
• Improve performance when analysing SIP traffic while having a large number of active VOIP intercepts.

OpenLI 1.0.9

• Reduce collector CPU usage when the forwarding thread is idle.
• Fix HI1Operation messages that were not able to be decoded by LEAs.
• Allow a BPF filter to be applied to any collector input.
• Remove dependency on rsyslog -- syslog-ng can now be used instead, if desired.
• Allow use of BER encoding for faster record encoding by the collector.

OpenLI 1.0.8

• Fixed bugs that were causing HI1 Operations messages to not be generated under certain circumstances.
• Fixed bugs that were causing HI1 Operations messages to have an incorrect sequence number, when generated following a reload of the intercept configuration file.

OpenLI 1.0.7

• Mediators will now correctly emit HI1 Operations messages (via HI2) whenever an intercept is added, removed or modified by the provisioner.
• Fixed bug where a reconnected mediator would no longer be sent any messages that are broadcast by the provisioner to the mediators (such as new or withdrawn LIID mappings).
• The mediator and provisioner binaries that are shipped in the OpenLI packages are now run as a separate openli user, rather than running as root. The collector still runs as root as this is required by some packet capture methods that we support.

OpenLI 1.0.6

• Added authentication layer to the provisioner REST API. If enabled, REST API requests must either provide a valid API key or use Digest Authentication to confirm that the request has been issued by an authorised party.
• Collectors may now use rabbitmq to "buffer" encoded records before sending them to their mediator. The records will be persistently buffered to disk, so we are not solely relying on memory to retain records for mediators that have failed or disappeared.
• Added RADIUS-friendly hashing option for collector input sources. This option should be used on all inputs that are going to receive RADIUS packets. Resolves issues with RADIUS packet ordering that required users to decrease the number of processing threads for their RADIUS inputs to 1.
• Added scripts (openli-prov-authsetup.sh and openli-prov-adduser.sh) to assist in the creation and management of user credentials for the provisioner REST API.
• Completely refactored mediator code to be easier to maintain. This in theory should have no impact on end users, but any code refactor may introduce new bugs so we want to make sure users know that we have done this.
• Fixed bug where multiple configuration changes to an agency handover would not be applied correctly on the mediator.
• Fixed crash when a RADIUS user has been removed but still had an outstanding request. The crash would occur if we then later saw the response.
• Fixed hanging when collector processes a RADIUS packet that has been padded to the minimum frame size.
• Fix provisioner crashes after expiring an unauthorised client that has connected to one of its listening ports.
• Components that are not using TLS will now immediately exit after connecting to a component that is using TLS (and vice versa).

Note: some existing packaged installs may find that your package manager will "hold back" the new OpenLI packages if you attempt an upgrade. This is because we have upgraded from using libwandder1 to libwandder2 for one of our dependencies. To resolve this, you can explicitly install the packages directly, e.g. apt install openli-collector, to force the upgrade of the underlying libwandder package.