OpenLI 1.1.15

• Collector: fix buffer overflow bug in the GTP information element parsing code.
• Collector: fix crash if the RabbitMQ server is restarted while the collector is running.
• Mediator: enable RabbitMQ publisher confirms and some local buffering to reduce the possibility of ETSI records being lost if RabbitMQ is restarted during an active intercept.
• Collector: enable RabbitMQ publisher confirms when using RMQ to send ETSI records to the mediator(s) to reduce the possibility of records being lost if RabbitMQ fails during or shortly after publication.
• Mediator: fix crashes that can occur if the country code for an agency is not configured.
• Add option to choose the timestamp format to be used in encoded ETSI PSHeaders (either microsecondTimestamp or generalizedTime).
• Collector: fix bug where long running SIP calls would be incorrectly expired due to "inactivity".
• Collector: fix crash if the collector is configured to operate with zero SIP worker threads.
• REST API: fix bug where the 'lastseen' property for a mediator was being updated even when the mediator had disconnected.
• REST API: fix bug where it was not possible to change the destination mediator for an intercept via the REST API.
• Add ability to configure a retransmit window for agency handovers (i.e. the amount of handover data that should be retransmitted if the TCP session for that handover fails). Defaults to zero kilobytes.
• Add configuration option to specify how many seconds to wait between connection attempts for agency handovers. Defaults to 10 seconds.
• Add experimental support for including Integrity Check PDUs in the handover stream, as per Annex J of ETSI TS 102 232-1. By default, integrity checks are disabled but may be enabled on a per-agency basis.
• Provisioner: fix crash that occurred if using the REST API to modify intercept configuration when the configuration file was not writable.
• REST API: add information about the listening X2/X3 endpoints to the response to a 'collectors/' request.
• REST API: collector identifiers now include the operator ID, network element ID and intercept point ID -- this replaces the previous identifier which contained only the collector's IP address.
• Provisioner: fix crash when a collector reconnects to the provisioner, due to an idle timer for the previous collector instance that was remaining active even after a successful reconnection.
• Collector: fix 100% CPU loop when a forwarding thread failed to connect to a RabbitMQ broker.
• Payload encryption is now performed by the mediator(s) rather than by the collectors -- this change was required to support the integrity check feature.

OpenLI 1.1.14

Minor internal code changes to allow us to build OpenLI packages for Debian Trixie.

No actual feature additions, changes or bug fixes here, so don't stress about upgrading if you're already running 1.1.13.

OpenLI 1.1.13

• REST API: added new endpoints for collectors/ and mediators/ to provide basic details on existing collectors and mediators and
  when they were last active.
• X2/X3: a single intercept can now have multiple XIDs configured for it.
• Provisioner: fix bug where encrypt-intercept-config option was ignored if the provisioner was run with the -K option set.
• Provisioner: fix issue where bad encryption configuration would cause changes to the intercept configuration made via the REST API to not persist.

OpenLI 1.1.12

• Mediator: fixed the bad optimization that was causing CC records to be delivered over HI3 in bursts, rather than streamed as they arrived.
• Collector: fixed a similar issue where intercept records were published to the mediator in bursts.
• Collector: add support for receiving intercepted traffic via the X2 and X3 interfaces defined in ETSI 103 221-2 -- we currently only support the SIP and RTP PDU types, but more will be supported in future releases.
• Collector: improve handling of situations where a libtrace input encounters a fatal error.
• SIP: fix bug where RTP streams would not be intercepted if both the source and destination IP address were the same.
• Provisioner: add the ability to encrypt the running intercept configuration file.
• Mediator: add rabbitmq-server as a dependency to the provided mediator systemd file.
• Collector: fix issue where connections to a mediator are immediately terminated if inter-component connections were configured to use TLS.
• Collector: fix (very rare) assertion failure that could trigger if a SIP message is fragmented at the IP layer.

OpenLI 1.1.11

• SIP: fix crash when processing an INVITE where the SDP address is missing but the SDP username is present.
• SIP: add ability to extract target usernames from tel: URIs.
• RADIUS: fix memory leak when RADIUS sessions have multiple usable identities.
• Collector: add ability to use multiple threads for SIP parsing.
• Collector: merged capabilities of SMS threads into the new SIP parsing threads. Standalone SMS interception threads now no longer exist.
• Collector: add configuration option to specify a coremap for an individual input.
• Collector: improved packet processing thread performance by avoiding fragment offset calculations if the packet is clearly not a fragment.
• Collector: improved encoding performance by pre-encoding certain members of the IPAddress structure that are likely to occur frequently.
• Collector: improved TCP reassembly performance by replacing regular sorting of TCP segments with an in-order insertion.
• SIP: improved SIP parsing performance by avoiding CSeq extraction from responses when there are no relevant unresponded requests.
• Collector: improved TCP reassembly performance by automatically skipping ACKs without data.
• Collector: fix deadlock on exit problems caused when threads exited in a bad order.
• SIP: fix crashes when a TCP stream had to be reset due to packet loss.
• Collector: improved packet processing performance by skipping the static IP intercept code path for IP packets in situations where there
  were no static IP intercepts configured.

OpenLI 1.1.10

• RADIUS: Accounting Response packets no longer need to be seen by the collector; session state updates are now inferred from Accounting Requests automatically without the need to see the matching Response.
• Collector: using multiple forwarding threads now actually behaves as expected.
• Collector: support the use of zero GTP, SMS, or email worker threads. Having no SMS worker threads, in particular, can increase collector performance for operators who do not require SMS interception.
• Collector: reduce CPU usage in encoder worker threads when they are idle.
• Collector: improve performance when copying packets to distribute to other worker threads.
• Voice: fix bug where the RTP stream might not be intercepted if there are multiple intercepts configured for the same target.
• Mediator: fix bug where a restarted mediator using RabbitMQ would never receive intercept records from a collector.
• SIP: fix bug where SIP sessions using TCP keepalives would not be intercepted due to errors in the TCP reassembly code.
• SIP: fix crash caused by incorrectly freeing a packet that had been claimed by the TCP reassembler.
• SIP: fix bug where SIP messages that do not begin at the start of the TCP payload would not be intercepted or used to update the call state.
• SIP: assume TCP packets for a stream are lost forever if the gap between the expected sequence number and the observed packets exceeds 64KB.
• SIP: reset the SIP and TCP reassembly state for TCP streams where a packet has been lost or the SIP parser reported an error.
• SIP: fix bug that caused an assertion failure in find_sip_message_end() when processing a TCP SIP stream after a packet was lost.

OpenLI 1.1.9

• RADIUS: fix crash that can occur under very rare circumstances due to a dangling user record pointer in an old unmatched request.
• RADIUS: fix bug where CINs for all RADIUS sessions were zero.
• Fix potential silent exit in collector if a packet cannot be copied to be sent to another thread.
• Mobile data: move processing of GTP traffic / sessions into separate worker threads.
• Mobile data: add (experimental) support for intercepting GTP-U traffic for sessions where the GTP-C identity matches an intercept target.
  Only applies to GTPv2 sessions -- no CC interception is performed for GTPv1 sessions (i.e UMTS-CCs).
• Mobile data: add support for intercepting GTP-C traffic for intercept targets and encoding it as either EPS-IRIs (for GTPv2) or UMTS-IRIs
  (for GTPv1).
• Mobile data: IP-based mobile intercepts are now encoded as EPS-CCs, instead of UMTS-CCs.
• Mediator: allow RabbitMQ internal password to be specified using either RMQlocalpass OR RMQinternalpass config options, so
  as to match the existing documentation.
• SIP: fix bug where RTP would not be intercepted if the SIP traffic is proxied back to the original source IP.
• SIP: fix assertion failure when reassembling TCP SIP traffic that happens to have trailing bytes (such as an extra \r\n sequence).
• SIP: fix double frees that could occur when reassembling TCP SIP traffic.
• Removed some internally defined OID consts and replaced them with ones defined by libwandder.

OpenLI 1.1.8

• Collector: fix crash in sync_voip thread if an invalid SIP packet is encountered.
• Collector: add a single zero byte to the list of recognised SIP keep alives.
• Collector: fix crash that can occur if an IP is mapped to a RADIUS session more than once.
• Add config option to specify the country where an agency has jurisdiction, which allows us to support country-specific requirements for HI1 operations and keep alive messages.
• Keep alive messages for NL agencies now conform to the ETSI-IP.nl requirements.
• Use -- instead of NA as the auth and delivery country code forkeep alives when we do not know the country code for the receiving agency.

OpenLI 1.1.7

From now on, we will not be automatically building .rpm packages for Fedora. Please contact us if this change is going to be a problem for you.

• Collector: fix file descriptor leak caused by timers in SMS worker threads.
• Collector: fix bug where a forwarder thread would be unable to exit if the collector is trying to shut down due to an error.
• Collector: fix another race condition that can cause a collector to hang when it is being halted.
• Collector: VoIP sync thread now recognises more SIP keep alive payloads (including eXoSIP keep alives) so will no longer complain about invalid SIP payload when these KAs are observed.
• Collector: fix segfault that can occur if an IP data session is assigned to more than 5 IP addresses.
• Collector: fix segfault in VoIP sync thread if the expiry timer for a completed call cannot be properly created (e.g. if we run out of
  file descriptors).

OpenLI 1.1.6

• Fix incorrect encoding of userLocationInformation field.
• Add support for defining port ranges for SIP and RADIUS servers, rather than having to create a config entry for each individual port number.
• Add support for IMSI and IMEI as target identifiers for mobile data (IP) intercepts.
• Added new parameter for IP intercepts: mobileident -- this is used to indicate whether the user identifier for a mobile data
  intercept is an MSISDN, IMEI or IMSI.
• Add support for including SIP packets in pcapdisk output for VoIP intercepts.
• Fix bug where mediators receiving messages from a collector via RabbitMQ would be disconnected due to regular consumer timeouts.
  This in turn should resolve issues where old IRIs or CCs would be periodically retransmitted by a mediator to the LEA.
• Fix memory errors when reassembling TCP segments in the collector libtrace threads.
• Generate error log messages when a component (either mediator or collector) cannot publish to RabbitMQ due to the connection being
  blocked.