Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
# LIBPCAP 1.x.y by [The Tcpdump Group](https://www.tcpdump.org)
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
**To report a security issue please send an e-mail to security@tcpdump.org.**
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
To report bugs and other problems, contribute patches, request a
|
|
|
|
|
feature, provide generic feedback etc please see the
|
|
|
|
|
[guidelines for contributing](CONTRIBUTING.md).
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
The [documentation directory](doc/) has README files about specific
|
|
|
|
|
operating systems and options.
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
|
|
|
|
Anonymous Git is available via:
|
|
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
https://github.com/the-tcpdump-group/libpcap.git
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
|
|
|
|
This directory contains source code for libpcap, a system-independent
|
|
|
|
|
interface for user-level packet capture. libpcap provides a portable
|
|
|
|
|
framework for low-level network monitoring. Applications include
|
|
|
|
|
network statistics collection, security monitoring, network debugging,
|
|
|
|
|
etc. Since almost every system vendor provides a different interface
|
|
|
|
|
for packet capture, and since we've developed several tools that
|
|
|
|
|
require this functionality, we've created this system-independent API
|
|
|
|
|
to ease in porting and to alleviate the need for several
|
|
|
|
|
system-dependent packet capture modules in each application.
|
|
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
```text
|
|
|
|
|
formerly from Lawrence Berkeley National Laboratory
|
|
|
|
|
Network Research Group <libpcap@ee.lbl.gov>
|
|
|
|
|
ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Support for particular platforms and BPF
|
|
|
|
|
For some platforms there are `README.{system}` files that discuss issues
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
with the OS's interface for packet capture on those platforms, such as
|
|
|
|
|
how to enable support for that interface in the OS, if it's not built in
|
|
|
|
|
by default.
|
|
|
|
|
|
|
|
|
|
The libpcap interface supports a filtering mechanism based on the
|
|
|
|
|
architecture in the BSD packet filter. BPF is described in the 1993
|
|
|
|
|
Winter Usenix paper ``The BSD Packet Filter: A New Architecture for
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
User-level Packet Capture''
|
|
|
|
|
([compressed PostScript](https://www.tcpdump.org/papers/bpf-usenix93.ps.Z),
|
|
|
|
|
[gzipped PostScript](https://www.tcpdump.org/papers/bpf-usenix93.ps.gz),
|
|
|
|
|
[PDF](https://www.tcpdump.org/papers/bpf-usenix93.pdf)).
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
|
|
|
|
Although most packet capture interfaces support in-kernel filtering,
|
|
|
|
|
libpcap utilizes in-kernel filtering only for the BPF interface.
|
|
|
|
|
On systems that don't have BPF, all packets are read into user-space
|
|
|
|
|
and the BPF filters are evaluated in the libpcap library, incurring
|
|
|
|
|
added overhead (especially, for selective filters). Ideally, libpcap
|
|
|
|
|
would translate BPF filters into a filter program that is compatible
|
|
|
|
|
with the underlying kernel subsystem, but this is not yet implemented.
|
|
|
|
|
|
|
|
|
|
BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
BSD, macOS, and Solaris 11; an older, modified and undocumented version
|
|
|
|
|
is standard in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the
|
|
|
|
|
packetfilter interface but has been extended to accept BPF filters
|
|
|
|
|
(which libpcap utilizes).
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
|
|
|
|
Linux has a number of BPF based systems, and libpcap does not support
|
|
|
|
|
any of the eBPF mechanisms as yet, although it supports many of the
|
|
|
|
|
memory mapped receive mechanisms.
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
See the [Linux-specific README](doc/README.linux) for more information.
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
### Note to Linux distributions and *BSD systems that include libpcap:
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
|
|
|
|
|
There's now a rule to make a shared library, which should work on Linux
|
|
|
|
|
and *BSD, among other platforms.
|
|
|
|
|
|
Import libpcap-1.10.4 (previous was 1.9.1)
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix inorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old umaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
2023-08-17 16:11:01 +03:00
|
|
|
It sets the soname of the library to `libpcap.so.1`; this is what it
|
|
|
|
|
should be, **NOT** `libpcap.so.1.x` or `libpcap.so.1.x.y` or something such as
|
Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
2018-09-03 17:43:43 +03:00
|
|
|
that.
|
|
|
|
|
|
|
|
|
|
We've been maintaining binary compatibility between libpcap releases for
|
|
|
|
|
quite a while; there's no reason to tie a binary linked with libpcap to
|
|
|
|
|
a particular release of libpcap.
|