Changes:
- Added sanity check in IPFIX code to avoid reading outside of our memory region
- Added sanity check in Netflow v9 code to avoid reading outside of our memory region
- Added safety check in IPFIX to avoid potential division by zero
- DoS: explicitly blocked zero length data templates for Netflow v9 as they have no sense
- DoS: explicitly blocked zero length options templates for Netflow v9 as they have no sense
- DoS: Added fix for FPE / division by zero in Netflow v9 logic when length of template is zero, CVE CVE-2024-56073
- Added explicit check about number of counter records in sFlow packet to reduce chances of DoS attack
- Added explicit check about number of flow records in sFlow packet to reduce chances of DoS attack
- Fixed DoS vulnerability in sFlow v5 plugin which crashed FastNetMon with specially crafted packet, CVE-2024-56072
- Added logic to correctly populate hostgroup for Flow Spec announces injected manually
- Moved current attack logic up in function to grant space for hsotgroup lookup
- Switched text/html to text/plain for Prometheus endpoint: https://github.com/prometheus/docs/blob/main/content/docs/instrumenting/exposition_formats.md
- Fixed bug with traffic buffer size reporting for IPv6: IPv6 traffic buffer is too small to generate attack_traffic_samples correctly and IPv6 traffic buffer is too small to generate hostgroup_traffic_samples correctly
- Added Kafka support for traffic export via configuration options kafka_traffic_export, kafka_traffic_export_topicm kafka_traffic_export_format, kafka_traffic_export_brokers for Kafka traffic export'