Introduction
This article discusses the new features in Farsight’s latest release of theAdvanced Exchange Access (AXA) toolkit, version
1.2.0
.
For background on Farsight Security’s Security Information Exchange (SIE) and AXA itself,it is recommended that you be comfortable with the material in the followingFarsight Security Blog articles:
- Farsight’s Advanced Exchange Access, Part 1 of 3
- Farsight’s Advanced Exchange Access, Part 2 of 3
- Farsight’s Advanced Exchange Access, Part 3 of 3
Bug Fixes and New Features
The following new features and bug fixes are available in AXA
1.2.0
whichis available here and here.
- Add command
status: Added a status command to retrieve current connection details. Example:
sra> connect tls:,1021
* HELLO srad version 1.1.1 mschiffm AXA protocol 1
sra> status
connected to "srad version 1.1.1 mschiffm AXA protocol 1"
sra.sie-remote.net,1021
connected for: 3 seconds
TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384 zlib compression
0 packets remaining to print of 0 total
- Add support for new channels: In
1.2.0
etc/fields
- .
- Add pidfile support for
sratunnel
- : We addedan option to
sratunnel
- to allow the user to specify a pidfile. Thisallows for easy management of daemonized
sratunnel
- processes.
- Updated help: The help has been updated to be a bit clearer and easier toread.
- Fix
print_sie_newdomain()
- : There was a NULL pointer dereference thatresulted in a crash. The bug was triggered when a pathological
newdomain
- SOA message was printed in “non-verbose” mode.
- Fix
axa_str_to_cidr()
- : Patched to remove a false negative errorcondition.
- Fix
axa_get_token()
- ,
axa_vlog_msg()
- ,
dns_to_key()
- ,
trie_free()
- : Multiple corner-case bugs fixed.
Stay tuned for further updates!
Mike Schiffman is a Packet Esotericist for Farsight Security, Inc.
Heading
