OpenLI 1.0.5

• Added HTTPS support to the REST API -- if you are using TLS to encrypt inter-component communication in OpenLI, then you will also now need to use HTTPS (and accept the provisioner's certificate) to use the REST API to provision intercepts.
• Added config option to disable the combining of VOIP calls with the same SDP O identifier into the same CIN, as this was a problem for some VOIP implementations.
• Improved IPv6 address handling in the RADIUS parser by adding support for Delegated-IPv6-Prefix AVPs.
• Fixed bug that caused erroneous "duplicate intercept" announcements.
• Added support for RADIUS sessions which announce both an IPv4 and IPv6 address to the same user session.
• Fixed log spamming caused by RADIUS Accounting-On messages.
• Fixed "bad file descriptor" bug in the mediator.
• Added ability to intercept multiple RTP streams (e.g. audio and video) from the same SIP session.
• Fixed crashes when RADIUS messages did not have a Username field.
• Fixed bugs in silent logoff detection when a RADIUS session has multiple identifiers (e.g. username and CS-ID).
• Fixed slow memory leak caused by RADIUS sessions expiring.
• Added more graceful detection and handling of OOM errors on the collector.
• Fixed bug where a reconnecting mediator would not receive the records that the collector had buffered while it was gone.
• Fixed bug where a second mediator running on the same host could "steal" intercepted records that were intended for another mediator.
• Fixed handling of SSL write failures due to the socket being too busy.
• Fixed bug where a disappearing provisioner would cause the collectors to drop all of their mediator connections, rather than continuing to intercept and forward to them.
• Fixed hanging bug when a collector is halted.
• Fixed small memory leaks on the collector when a provisioner disconnects and then reconnects.
• Fixed session map corruption when a user IP session was deleted.
• Fixed bug where a silent logoff detected for a single IP would destroy the session, even when there were other non-logged-off IPs still associated with it.

OpenLI 1.0.4

• Added update socket to the provisioner, which allows new intercept configuration to be pushed to the provisioner via a REST API. As part of this change, any intercept-related configuration (including IP and VOIP intercepts, RADIUS core servers, SIP servers and agency details) has now been moved into a separate configuration file, which will be managed directly by the provisioner. Configuration changes made using the REST API will be written into this file by the provisioner as soon as they are enacted. Any intercept-related configuration remaining in the provisioner configuration file after upgrading to 1.0.4 will be ignored.
• UMTS (mobile) intercepts are now supported, based on sessions established using GTP. GTP + the IP for the target's sessions must be fed into a collector, much like you would do for RADIUS + IP for a conventional IP intercept. The validity of the resulting encoded UMTS records is not yet confirmed with an LEA, so please consider this feature to still be "in beta". Feedback from both operators and LEAs on this feature would be more than welcome.
• Allow RADIUS Calling-Station-ID AVP to be used to determine the user identity for a RADIUS stream (either in addition to or in place of the standard Username AVP).
• Add configuration option to list "default" RADIUS usernames that should not be treated as genuine user identities (useful for operators relying on Calling-Station-ID for identity instead).
• If an LEA is withdrawn, the mediator will now disconnect its handovers to that LEA.
• Allow multiple concurrent RADIUS sessions for a given user (e.g. a concurrent IPv4 and IPv6 session should now each produce their own HI2 streams).
• Allow multiple concurrent IP intercepts for the same JMirror or ALUShim session.
• Fixed bug where starting a collector with systemd would fail if using a DPDK or DAG device as a packet source.
• Fixed memory leaks in the collector forwarding code.
• Fixed bug where CINs for Jmirror intercepts were inconsistent across HI2 and HI3.
• Fixed bug where mediators were accepting client connections after they had been told to halt.
• Fixed bug where a static IP range that was being stored by the collector could become invalid after being modified.
• Fixed bugs that were preventing large UDP SIP messages from being correctly reassembled.
• Improved logging of connection status between the mediator and handover clients.
• The keep alive response timeout must now be less than or equal to the keep alive frequency.
• Improve mediator performance by rate-limiting keep alive timer resets to one per second.
• Fix concurrency issues on the mediator related to newly-connected handovers.
• Fix crash when flushing a pcap output file that has not been given any packets to write yet.
• Fix excessive logging in mediator when an LEA has been disabled or removed by the provisioner.
• Fix bug where modifications to the configured LEA for an IP intercept would only remove the existing LEA and not add the new one.
• Fixed assertion failure that could trigger in the mediator if a client handover failed to respond to a keepalive.
• Prevent mediator from sending any new data to a client handover as long as there is an unanswered keepalive.
• Do not start the keep alive response timer until after a successful send() of the keep alive message.

OpenLI 1.0.3

• Added support for translating Jmirror intercepts into ETSI-compliant output, much like we already did for ALU.
• Added ability to encrypt inter-component communications using TLS (see the TLS documentation for more details).
• Better integration with systemd (especially on Debian / Ubuntu systems).
• Fixed bug that would allow the configuration of an IP intercept without a target identifier, leading to a failure to intercept relevant RADIUS packets.
• Fixed bug where in-progress VOIP intercepts would no longer work if the provisioner config was reloaded.
• Changing the configuration of an IP intercept would no longer lead to a temporary interruption in the intercept when the provisioner config is reloaded.
• Fixed bug where ALU intercepts would capture and export ARP traffic.
• Provisioner log messages now refer to collectors and mediators by their IP address rather than the file descriptor assigned to the socket.
• RPMs for Centos and Fedora are now built automatically as part of the release process.

OpenLI 1.0.1

This release fixes a number of bugs that were identified in the original OpenLI release.

• Fix broken ALU shim parsing code.
• Fix endless collector disconnects if ALU shim or username changes for an intercept without a corresponding LIID change.
• Fix various minor memory leaks that become problematic if a component misbehaves.
• Fix "null" mediation address bug on the provisioner.
• Fix zeromq deadlock in collector.
• RADIUS packets are now no longer considered candidates for an IP CC, improving performance under high RADIUS load.
• Improve documentation of ALU translation support.

OpenLI 1.0.0

The first official release of OpenLI!

See https://openli.nz for more details on what OpenLI is and an overview of how it works.

As this is an initial release, we expect that there may be a few issues / incompatibilities for new users, despite our best efforts to test the code as thoroughly as we could. Please be patient and report any problems to us (preferably via a Github issue) as soon as possible. With any luck, we should be able to get something pretty stable that works well for most people within a few months of this initial release.