-
Notifications
You must be signed in to change notification settings - Fork 861
/
CHANGES
1751 lines (1587 loc) · 77.9 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
Summary for 1.11.0 libpcap release (so far!)
Source code:
Use C99 fixed-width integer types, rather than self-defined
fixed-width integer types, in rpcap code.
Remove an always-false pointer test from snf_read().
Clean up DECnet address handling.
struct pcap: Update buffer type from "void *" to "u_char *".
Remove dead code that supported SITA ACN devices.
Remove the TODO file.
Merge four header files into gencode.c.
Remove DAG card support on Windows as Linux is the only
platform currently supported.
Remove code related to Riverbed TurboCap card.
Riverbed TurboCap hardware has reached EOA as of Jun 30 2014.
Remove dead code that supported Septel devices.
Remove outdated code related to AirPcap HW.
The Riverbed AirPcap Product has reached End of Availability
(EOA) as of December 31, 2017
Mind netmap support in pcap_lib_version().
Link-layer types:
Add LINKTYPE_ETW/DLT_ETW.
Add LINKTYPE_NETANALYZER_NG/DLT_NETANALYZER_NG (pull request
#1008).
Add LINKTYPE_ZBOSS_NCP/DLT_ZBOSS_NCP.
Add LINKTYPE_USB_2_0_LOW_SPEED/DLT_USB_2_0_LOW_SPEED,
LINKTYPE_USB_2_0_FULL_SPEED/DLT_USB_2_0_FULL_SPEED,
LINKTYPE_USB_2_0_HIGH_SPEED/DLT_USB_2_0_HIGH_SPEED
Add LINKTYPE_AUERSWALD_LOG/DLT_AUERSWALD_LOG.
Add LINKTYPE_ZWAVE_TAP/DLT_ZWAVE_TAP.
Add LINKTYPE_SILABS_DEBUG_CHANNEL/DLT_SILABS_DEBUG_CHANNEL.
Add LINKTYPE_FIRA_UCI/DLT_FIRA_UCI.
Rename LINKTYPE_IPMB_LINUX/DLT_IPMB_LINUX to
LINKTYPE_I2C_LINUX/DLT_I2C_LINUX, as it's really just an
encapsulation of I2C, and is also being used for HDMI DDC.
Keep DLT_IPMB_LINUX around as a #define for backwards
compatibility.
Packet filtering:
Add support for Block Ack Req and Block Ack frame types (pull
request #1039).
Deprecate pcap_compile_nopcap().
Add support for filtering packets encapsulated with VXLAN (pull
request #1273).
Eliminate trailing space in bpf_image() result.
Fix DECnet packet filtering on big-endian hosts.
Require "vpi" and "vci" values to be within valid ranges.
Initialize the scratch memory store to 0.
Require "[wlan] dir" integer value to be within range.
rpcap:
Support user names and passwords in rpcap:// and rpcaps:// URLs.
Add a -t flag to rpcapd to specify the data channel port; from
another incorporate-remote-capture project. (issue #1120)
rpcapd: Refine SSL options in printusage().
Fix a possible buffer overflow (Coverity CID 1619148).
Documentation:
Document a standard format for writing out BPF filter programs.
Add a README.hurd.md file.
Explain "any" device better in pcap_create(3PCAP).
Cross-reference some man pages better.
Actualize README.dag and make it Markdown.
Add a README.snf.md file.
pcap-filter(7): Clarify Ethernet, IPv4 and IPv6.
pcap_lib_version(3PCAP): Add details and examples.
Building and testing:
Apply GNU Hurd support patch from the Debian package.
CI: Introduce and use LIBPCAP_CMAKE_TAINTED.
Remove all remaining support for AOS (4.3BSD Unix), BSD/OS, DOS,
HP-UX before 10.20, IRIX, {OSF/1, Digital Unix, Tru64 Unix}, SINIX,
SunOS 3.x, 4.x and 5.x before 5.3.2, and Ultrix.
Add a new test program for pcap_activate().
Make NetBSD build warning-free.
Make Sun C build warning-free.
Make FreeBSD, Linux and macOS builds warning-free.
Print MAC addresses in findalldevstest.
Parameterize the interface name in reactivatetest.
When necessary, trust the OS to implement ffs().
At build time require a proof of suitable snprintf(3) implementation in
libc (and document Solaris 9 and MinGW as unsupported because of that).
Makefile.in: Update the .c.o build rule (Remove hacks for old SunOS 4).
CMake: Skip snprintf(3) tests when cross-compiling; test whether
check_c_source_runs() with a trivial program and, if it doesn't
work, don't run tests that use it.
autogen.sh: Allow to configure Autoconf warnings.
autogen.sh: Delete all trailing blank lines at end of configure.
Autoconf: Add support for libnl-tiny with pkg-config.
Autoconf: Fix building of something-only libpcap.
CI: Implement "make check".
Fix autotools and CMake issues with snprintf test and sanitizers.
Fixes issue #1396.
Hurd:
Support network capture devices too.
Fix a few device activation bugs.
Count and timestamp packets better.
Add kernel filtering, fix userland filtering.
OpenBSD:
Use getprotobyname_r() correctly on OpenBSD.
DAG:
Always set PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE.
In dag_findalldevs() handle known errors better.
Trust dag_get_stream_erf_types() to be available.
Require the API to have 64-bit streams support.
Make device descriptions more useful, make dagN conditional.
Use PCAP_ERROR_NO_SUCH_DEVICE more in dag_activate().
Validate capture device names better.
Enumerate streams without trying to lock them.
If the environment variable ERF_FCS_BITS is set, require it to be either
0 or 16 or 32. Likewise for ERF_DONT_STRIP_FCS (either 0 or 1).
Remove FCS quirks specific to 4.2S and 4.23S.
Fix packet filtering with low snaplen.
Fix ps_drop for stream drop counters.
Add experimental packet transmit support.
SNF:
Fix packet filtering with low snaplen.
Require SNF_VERSION_API >= 0x0003.
Improve device descriptions and flags.
Fill pcap_if_t in more consistently.
DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
Summary for 1.10.6 libpcap release (so far!)
Source code:
Fix "tcpdump -i <n>" for something-only libpcap builds.
Remove some unneeded includes.
pcapint_find_function() changed to return "void *" to avoid
warnings.
gencode: Fix an undefined behavior in gen_mcode().
Packet filtering:
Make the chunk allocator's alignment more general and
platform-independent.
Linux:
Fix check for mac80211 phydev.
Don't create monitor-mode interface if we're capturing on one.
FreeBSD:
Fix detection and enablng of zero-copy supporrt.
Fix errors in the zero-copy code.
Solaris:
Fix not to ignore logical interfaces in fad-gifc.c and
fad-glifc.c.
D-Bus:
Fix message leak.
Capture file writing:
Don't close the output stream if it's stdout, just flush it.
Documentation:
Explicitly document that closing a pcap_t for a savefile opened
with pcap_fopen_offline() will close the standard I/O stream.
Building and testing:
Makefile.in: Include instrument-functions.c in the release tarball.
CMake: Fix libnl usage with pkg-config.
CMake: Fix build with CMake 3.31.
CI: Report CMake version in builds.
CI: Visual Studio 2022 builds added, including ARM64 builds;
Visual Studio 2015 builds dropped.
Don't build with sslutils.c if we don't have a TLS library.
Build on Windows with a newer version of OpenSSL.
CMake: generalize handling of non-x86 Windows architectures.
CI: use the -A flag for all Visual Studio generators.
Friday, August 30, 2024 / The Tcpdump Group
Summary for 1.10.5 libpcap release
Source code:
Spell WirelessHART details properly.
Mark pcap_vasprintf() as printf-like.
Finalize moving of bpf_filter.c. (GH #1166)
Remove an unneeded argument from gen_mcode6().
Don't do some Berkeley YACC workarounds with YACC releases not
requiring them.
Use correct data types rather than int in some cases.
Squelch compiler warning in grammar.c.
Fix findalldevtest compilation if IPv6 isn't enabled.
Rename helper routines for pcap modules to have names beginning with
pcapint_, to avoid namespace collisions for code linking statically
with libpcap.
Avoid casting hack for the Windows cleanup-on-exit routine.
Use %zu format for one case of printing a size_t.
Fix some Coverity errors.
Fix availabilities of some functions to match reality.
pcap: make the seconds and microseconds/nanoseconds fields unsigned.
Remove the unused pcap-rpcap-int.h header file.
Thread safety:
Make some static variables thread-local; fixes issue #1174.
Packet filtering:
Improve reporting of some invalid filter expressions.
Return an error from pcap_compile() if the scanner fails to initialize.
Optimizer fix from Archit Shah to recompute dominators after
moving code (#976); fixes #945 (although the resulting filter
isn't empty).
Optimizer fix from Archit Shah to mark value as unknown when store
of that value is deleted (#972); fixes #143, #434, #436, #437,
and #1076.
Linux:
Properly return warnings.
Don't use DLT_LINUX_SLL2 for anything other than the "any" device.
Avoid 32-bit unsigned integer overflow in USB captures. Fixes
issues #1134 and #1205.
Fix a file descriptor leak.
Properly report warnings about unknown ARPHRD_ types.
Fix DLT_CAN_SOCKETCAN handling of CAN FD.
Add CAN XL support to DLT_CAN_SOCKETCAN.
Clean up the code that sets the "real" ("original") length for
isochronous USB transfers.
Avoid unnecessary blocking on recvmsg() in the Bluetooth monitor and
Bluetoth modules.
Solaris:
Handle BPF returning ESRCH for unknown devices.
List the "any" device if it's supported.
Report {non-existent zone}/{interface} errors appropriately.
Allow attaching to links owned by a non-global zone. (Based on
pull request #1202.)
Fix AF_LINK handling on illumos.
macOS:
Redid the availability macros to be closer to what Apple's doing
in recent SDKs, including tagging pcap-namedb.h routines.
Fix the install name of the installed shared library to have a
full path when building with CMake.
Fix universal builds.
Haiku:
Convert the module to C. Fixes issue #1114.
Address a few compiler warnings. Fixes issue #1114.
Fix various build problems. Fixes issue #1114.
Report non-existent devices correctly.
Fix handling of packet statistics.
Fix packet timestamping.
Fix packet filtering with low snaplen.
Improve connection status reporting.
Add support for promiscuous mode.
Detect DLTs and loopback capture support at run time.
Report IEEE 802.11 as PCAP_IF_WIRELESS.
Windows:
Fix internal handling of "not supported" error codes from NPF.
Work around a bug in Npcap 1.00 in case of driver version mismatch.
Don't call WSACleanup() when handling a failed WSAStartup().
BSD, macOS, AIX, Solaris 11, Linux:
Add a new error PCAP_ERROR_CAPTURE_NOTSUP, for use if a capture
mechanism is not present, in the hopes that, for example,
attempts to capture on Windows Services for Linux 1, in which
the NT kernel attempts to simulate Linux system calls but does
not support packet sockets, can get an error that better
indicates the underlying problem.
AirPcap:
Format an error message if we run out of memory.
nflog:
Fix count of dropped packets.
Make sure we don't overflow when rounding up the TLV length.
rpcap:
Handle routines removed in at least some OpenSSL libraries.
CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid
double frees in some cases.
Don't define SOCKET ourselves; instead, define PCAP_SOCKET as int
on UN*Xes and as SOCKET on Windows.
CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a
file:// URL with a path to a directory that cannot be opened.
Savefiles:
Handle DLT_/LINKTYPE_ mapping better, to handle some
OpenBSD-specific link types better.
Treat if_tsoffset as signed in pcapng files, as the spec says.
Don't try to fix the "real" length for isochronous USB
transfers if the number of USB descriptors is too large.
Reject pcap files where one of the reserved fields in the
"link-layer type plus other stuff" is non-zero.
Building and testing:
Add a configure option to help debugging (--enable-instrument-functions).
Improved tests and error reporting for uses of pkg-config, and
improve help message.
Fix Haiku build.
With CMake, install headers in CMAKE_INSTALL_INCLUDEDIR rather
than just include.
Build libpcap.a before building test programs.
Print address family numerically, as well as symbolically,
in findalldevstest.
Fail with suggestions, rather than failing over to no capture
support, if no capture mechanism was found. Fixes issue #1016.
Don't indent comments in Make, as that may cause them not to be
recognized as comments.
Don't check for libssl if we aren't going to use it.
Better handle enabling and disabling of sanitizers. Fixes issue
#1171.
CMakeLists.txt: Print "Symlinking: /some/path to ..." conditionally.
Evaluate CMAKE_INSTALL_PREFIX at install time.
cmake: Update the minimum required version to 2.8.12 (except Windows).
cmake: suppress CMP0042 OLD deprecated warning.
Makefile.in: Add the releasecheck target.
Cirrus CI: Add the "make releasecheck" command in the Linux task.
Makefile.in: Add the whitespacecheck target.
Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
Autoconf: Update config.{guess,sub}, timestamps 2024-01-01.
Autoconf: Update the install-sh script to the 2020-11-14.01 version.
Compile with '-Wnull-pointer-subtraction',
'-Wunused-but-set-parameter', and '-Wunused-but-set-variable' in
devel mode if supported.
Don't ignore spaces between CMAKE_C_FLAGS and DPDK_C_FLAGS with
CMake.
Use noreturn and __format__ with XL C 7.0 and later.
Check for the same -W flags in autotools and CMake.
Autoconf: Add autogen.sh, remove configure and config.h.in and put
these generated files in the release tarball.
Autoconf: Get the size of a time_t.
Fix propagation of cc_werr_cflags() output.
Makefile.in(s): Fix the depend target.
mkdep: Exit with a non-zero status if a command fails.
Fix HCI_CHANNEL_MONITOR detection with musl libc.
Extend "make shellcheck" onto mkdep too.
Add initial support for building with TinyCC.
Address all known compiler warnings specific to illumos, Linux, NetBSD,
Solaris and Sun C; in CI expect warnings specific to TinyCC only.
Documentation:
Update and fix pcap-filter man page.
Add a README.haiku.md file.
Document pcap-config better.
Man page formatting and prose fixes.
Rename doc/README.Win32.md to doc/README.windows.md.
Update pcap-savefile man page to match the Internet-Draft for
pcap.
Fix CMake issues for target used by other projects.
Explain "any" device better in pcap_open_live(3PCAP).
Update INSTALL.md.
Note in man pages that errbuf arguments must point to an error
buffer.
Note that if pcap_findalldevs() fails it sets *alldevsp to NULL;
there's no devices list to free.
Explain "other addresses" in pcap_findalldevs(3PCAP).
Document pcap_lookupnet(3PCAP) a bit better.
Friday, April 7, 2023 / The Tcpdump Group
Summary for 1.10.4 libpcap release
Source code:
Fix spaces before tabs in indentation.
rpcap:
Fix name of launchd service.
Documentation:
Document use of rpcapd with systemd, launchd, inetd, and xinetd.
Building and testing:
Require at least pkg-config 0.17.0, as we use --static.
Get rid of the remains of gnuc.h.
Require at least autoconf 2.69.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Thursday, January 12, 2023 / The Tcpdump Group
Summary for 1.10.3 libpcap release
Source code:
Sort the PUBHDR variable in Makefile.in in "ls" order.
Fix typo in comment in pflog.h.
Remove two no-longer-present files from .gitignore.
Update code and comments for handling failure to set promiscuous
mode based on new information.
Building and testing:
install: Fixed not to install the non-public pcap-util.h header.
pcap-config: add a --version flag.
Makefile.in: Add some missing files in the distclean target.
Saturday, December 31, 2022 / The Tcpdump Group
Summary for 1.10.2 libpcap release
Source code:
Use __builtin_unreachable() in PCAP_UNREACHABLE.
Use AS_HELP_STRING macro instead of AC_HELP_STRING in the
configure scripts, to avoid deprecation warnings.
Change availability tags in pcap.h to make it easier to
arrange for it to be used in Darwin releases.
Use AS_HELP_STRING for --enable-remote.
Fix some formatting string issues found by cppcheck.
Various small code and comment cleanups.
Use PCAP_ERROR (defined as -1) rather than explicit -1 for
functions the documentation says return PCAP_ERROR.
Remove unused code from the filter compiler.
Use _declspec(deprecated(msg)) rather than __pragma(deprecated)
for Windows deprecation warnings, so the message that was
specified shows up.
diag-control.h: define PCAP_DO_PRAGMA() iff we're going to use it.
Use "%d" to print some signed ints.
Use the Wayback Machine for a removed document in a comment.
Add some const qualifiers.
RDMA: Use PRIu64 to print a uint64_t.
"Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision():
Don't crash if pcap_breakloop() is called.
Savefiles:
Fix pcap_dispatch() to return number of packets processed, rather
than 0, even at EOF.
If we get an error writing the packet header, don't write the
packet data.
Put PFLOG UID and PID values in the header into host byte order
when reading a LINKTYPE_PFLOG file.
Put CAN ID field in CAN pseudo-headers for LINUX_SLL2, as we do
for LINUX_SLL.
Fix incorrectly-computed "real" length for isochronous USB
transfers when reading savefiles.
Don't crash if pcap_can_set_rfmon() is called.
Fix pcap_offline_read() loop.
Capture:
Never process more than INT_MAX packets in a pcap_dispatch() call,
to avoid integer overflow (issue #1087).
Improve error messages for "no such device" and "permission
denied" errors.
SITA: Fix a typo in a variable name.
Packet filtering:
Get PFLOG header length from the length value in the header.
Support all the direction, reason, and action types supported by
all systems that support PFLOG.
Don't require PFLOG support on the target machine in order to
support PFLOG filtering (also fixes issue #1076).
Expand abbreviations into "proto X" properly.
gencode.c: Update a comment about the VLAN TPID test.
Add the minimum and maximum matching DLTs to an error message.
Linux:
Fix memory leak in capture device open (pull request #1038).
Fix detection of CAN/CAN FD packets in direction check (issue
#1051).
Fix double-free crashes on errors such as running on a kernel with
CONFIG_PACKET_MMAP not configured (issue #1054).
Use DLT_CAN_SOCKETCAN for CANbus interfaces (issue #1052; includes
changes from pull request #1035).
Make sure the CANFD_FDF can be relied on to indicate whether a
CANbus packet is a CAN frame or a CAN FD frame
Improve error message for "out of memory" errors for kernel
filters (see issue #1089).
Fix pcap_findalldevs() to find usbmon devices.
Fix handling of VLAN tagged packets if the link-layer type is
changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 (see issue #1105).
Always turn on PACKET_AUXDATA (see issue #1105).
We require 2.6.27 or later, so PACKET_RESERVE is available.
Make sure there's reserved space for a DLT_LINUX_SLL2 header
when capturing.
Correctly compute the "real" length for isochronous USB transfers.
Don't have an eventfd descriptor open in non-blocking mode, so as
not to waste descriptors.
netfilter: Squelch a narrowing warning (To be look at before 2038).
BPF capture (*BSD, macOS, AIX, Solaris 11):
Fix case where a device open might fail, rather than falling back
to a smaller buffer size, when the initial buffer size is too
big.
Use an unsigned device number to iterate over BPF devices, to
squelch a compiler warning.
NetBSD:
Fix handling of LINKTYPE_HDLC/DLT_HDLC.
rpcap:
Fix unaligned accesses in rpcapd (pull request #1037).
Fix code to process port number.
Clean up findalldevs code in rpcapd.
Clean up bufferizing code.
Fix a file descriptor/handle leak in pcap_findalldevs_ex()
(Coverity CID 1507240).
Improve error messages for host and port resolution errors.
Fix connect code not to fail if both IPv4 and IPv6 addresses are
tried.
Improve connect failure error message.
Provide an error message for a bad authentication reply size.
For link-layer types with host-endian fields in the header, fix
those fields if capturing from a server with a different byte
order.
Suppress temporarily the warnings with "enable remote packet capture".
Windows:
Add support for NdisMediumIP (pull request #1027).
Don't require applications using pcap to be built with VS 2015 or
later.
Use the correct string for the DLL VersionInfo.
Remove unnecessary DllMain() function.
Correctly handle ERROR_INVALID_FUNCTION from
PacketGetTimestampModes() (indicate that WinPcap or an older
version of Npcap is probably installed).
Fix use-after-free in some cases when a pcap_t is closed.
Make sure an error is returned by pcap_create_interface() if
PacketOpenAdapter() fails.
Return an error if the driver reports 0 timestamp modes supported.
Close the ADAPTER handle for some errors in
pcap_create_interface().
Get rid of old unmaintained VS project files.
Fix deprecation warning for pcap_handle().
Npcap is now at npcap.com, not npcap.org.
Make sure "no such device" and "no permission to open device"
errors show up in pcap_activate(), not pcap_create() (fixes,
among other things, tcpdump -i <interface-number>).
npcap: squelch deprecation warnings for kernel dump mode.
Haiku:
Implement pcap_lib_version(), as now required.
Handle negative or too-large snaplen values.
Fix various build issues and warnings.
Building and testing:
Update configure-time universal build checks for macOS.
Update config.guess and config.sub.
If we look for an SSL library with pkg-config in configure script,
try pkg-config first.
If we have pkg-config and Homebrew, try to set pkg-config up to
find Homebrew packages.
Handle some Autoconf/make errors better.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Fix compiling on Solaris 9/SPARC and 11/AMD64.
Address assorted compiler warnings.
Fix cross-building on Linux for Windows with mingw32 for Win64
(pull request #1031).
Properly set installation directory on Windows when not compiling
with MSVC.
Fix configure script checks for compiler flags.
Give more details if check for usable (F)Lex fails.
Fix compiling with GCC 4.6.4.
Don't use add_compile_options() with CMake, as we currently don't
require 2.8.12, where it first appeared.
Don't provide -L/usr/lib for pkg-config --libs in pkg-config.
Fix error message for inadequate Bison/Berkeley YACC.
configure: correctly do some DPDK checks.
Only use pkg-config when checking for DPDK.
Allow the path in which DPDK is installed to be specified.
Use pkg-config first when checking for libibverbs.
CMake: fix check for libibverbs with Sun's C compiler.
Have CMake warn if no capture mechanism can be found.
Don't do stuff requiring 3.19 or later on earlier CMakes.
Squelch some CMake warnings.
Fix diag-control.h to handle compiling with clang-cl (issues
#1101 and #1115).
Cleanup various leftover cruft in the configure script.
Fix building without protochain support. (GH #852)
Check for a usable YACC (or Bison) and {F}lex in CMake, as we do
in autotools.
Only check for a C++ compiler on Haiku, as that's the only
platform with C++ code, and make sure they generate code for
the same instruction set bit-width (both 32-bit or both 64-bit)
(issue #1112).
On Solaris, check the target bit-width and set PKG_CONFIG_PATH
appropriately, to handle the mess that is the D-Bus library
package (issue #1112).
Fix generation of pcap-config and libpcap.pc files (issue #1062).
pcap-config: don't assume the system library directory is /usr/lib.
pcap-config: add a --static-pcap-only flag.
Cirrus CI: Use the same configuration as for the main branch.
Add four libpcap test files.
Update Npcap SDK to 1.13.
Makefile.in: Use TEST_DIST, like for tcpdump.
Remove awk code from mkdep.
Cirrus CI: Add the libssl-dev package in the Linux task.
Cirrus CI: Add the openssl@3 brew package in the macOS task.
Get "make shellcheck" to pass again.
CMake: Build valgrindtest only if Autoconf would.
CMake: use ${CMAKE_INSTALL_SBINDIR} rather than just sbin.
CMake: use NUL: as the null device on Windows.
autoconf: fix typo in test of macOS version.
Makefile.in: Add two missing files in EXTRA_DIST.
autotools, cmake: provide an rpath option if necessary.
configure: get rid of the attempt to auto-run PKG_PROG_PKG_CONFIG.
configure: use PKG_CHECK_MODULES to run pkg-config.
Documentation:
Add README.solaris.md.
Add SCTP to pcap-filter(7).
Note that = and == are the same operator in filters (issue #1044).
Update INSTALL.md, README.md, and README.solaris.md.
Update and clean up CONTRIBUTING.md.
Trim documentation of support for now-dead UN*Xe and older
versions of other UN*Xes.
Move the "how to allocate a LINKTYPE_/DLT_ value" documentation to
the web site.
Clean up man pages.
Move README.capture-module to the web site.
Improve some protocol details in pcap-filter(7).
Refine "relop" notes in pcap-filter(7).
In pcap-filter(7) "domain" is an id.
Discuss backward compatibility in pcap-filter(7).
Other improvements to pcap-filter(7).
Document pcap_breakloop(3PCAP) interaction with threads better.
Document PCAP_ERROR_NOT_ACTIVATED for more routines.
Wednesday, June 9, 2021:
Summary for 1.10.1 libpcap release:
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Tuesday, December 29, 2020
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snapshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a nonexistent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
Sunday, July 22, 2018
Summary for 1.9.1 libpcap release
Mention pcap_get_required_select_timeout() in the main pcap man page
Fix pcap-usb-linux.c build on systems with musl
Fix assorted man page and other documentation issues
Plug assorted memory leaks
Documentation changes to use https:
Changes to how time stamp calculations are done
Lots of tweaks to make newer compilers happier and warning-free and
to fix instances of C undefined behavior
Warn if AC_PROG_CC_C99 can't enable C99 support
Rename pcap_set_protocol() to pcap_set_protocol_linux().
Align pcap_t private data on an 8-byte boundary.
Fix various error messages
Use 64-bit clean API in dag_findalldevs()
Fix cleaning up after some errors
Work around some ethtool ioctl bugs in newer Linux kernels (GitHub
issue #689)
Add backwards compatibility sections to some man pages (GitHub issue
#745)
Fix autotool configuration on AIX and macOS
Don't export bpf_filter_with_aux_data() or struct bpf_aux_data;
they're internal-only and subject to change
Fix pcapng block size checking
On macOS, don't build rpcapd or test programs any fatter than they
need to be
Fix reading of capture statistics for Linux USB
Fix packet size values for Linux USB packets (GitHub issue #808)
Check only VID in VLAN test in filters (GitHub issue #461)
Fix pcap_list_datalinks on 802.11 devices on macOS
Fix overflows with very large snapshot length in pcap file
Improve parsing of rpcapd configuration file (GitHub issue #767)
Handle systems without strlcpy() or strlcat() better
Fix crashes and other errors with invalid filter expressions
Fix use of uninitialized file descriptor in remote capture
Fix some CMake issues
Fix some divide-by-zero issues with the filter compiler
Work around a GNU libc bug in pcap_nametonetaddr()
Add support for DLT_LINUX_SLL2
Fix handling of the packet-count argument for Myricom SNF devices
Fix --disable-rdma in configure script (GitHub issue #782)
Fix compilation of TurboCap support (GitHub issue #764)
Constify first argument to pcap_findalldevs_ex()
Fix a number of issues when running rpcapd as an inetd-style daemon
Fix CMake issues with D-Bus libraries
In rpcapd, clean up termination of a capture session
Redo remote capture protocol negotiation
In rpcapd, report the same error for "invalid user name" and
"invalid password", to make brute-forcing harder
For remote captures, add an error code for "the server requires TLS"
Fix pcap_dump_fopen() on Windows to avoid clashes between
{Win,N}Pcap and application C runtimes
Fix exporting of functions from Windows DLLs (GitHub issue #810)
Fix building as part of Npcap
Allow rpcapd to rebind more rapidly
Fix building shared libpcap library on midipix (midipix.org)
Fix hack to detect UTF-16LE adapter names on Windows not to go past
the end of the string
Fix handling of "wireless WAN" (mobile phone network modems) on
Windows with WinPcap/Npcap (GitHub issue #824)
Have pcap_dump_open_append() create the dump file if it doesn't
exists (GitHub issue #247)
Fix the maximum snapshot length for DLT_USBPCAP
Use -fPIC when building for 64-bit SPARC on Linux (GitHub issue #837)
Fix CMake 64-bit library installation directory on some Linux
distributions
Boost the TPACKET_V3 timeout to the maximum if a timeout of 0 was
specified
Five CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165
PCAPNG reader applies some sanity checks before doing malloc().
Sunday, June 24, 2018, by [email protected]
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause license
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for https://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by [email protected])
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
Tuesday, Oct. 25, 2016 [email protected]
Summary for 1.8.1 libpcap release
Add a target in Makefile.in for Exuberant Ctags use: 'extags'.
Rename configure.in to configure.ac: autoconf 2.59
Clean up the name-to-DLT mapping table.
Add some newer DLT_ values: IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS
Clarify what the return values are for both success and failure.
Many changes to build on windows
Check for the "break the loop" condition in the inner loop for TPACKET_V3.
Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue #493.
Filter out duplicate looped back CAN frames.
Fix the handling of loopback filters for IPv6 packets.
Add a link-layer header type for RDS (IEC 62106) groups.
Use different intermediate folders for x86 and x64 builds on Windows.
On Linux, handle all CAN captures with pcap-linux.c, in cooked mode.
Removes the need for the "host-endian" link-layer header type.
Compile with '-Wused-but-marked-unused' in devel mode if supported
Have separate DLTs for big-endian and host-endian SocketCAN headers.
Reflect version.h being renamed to pcap_version.h.
Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)!
Properly check for sock_recv() errors.
Re-impose some of Winsock's limitations on sock_recv().
Replace sprintf() with pcap_snprintf().
Fix signature of pcap_stats_ex_remote().
Initial cmake support for remote packet capture.
Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag.
Clean up {DAG, Septel, Myricom SNF}-only builds.
Do UTF-16-to-ASCII conversion into the right place.
pcap_create_interface() needs the interface name on Linux.
Clean up hardware time stamp support: the "any" device does not support any time stamp types.
Add support for capturing on FreeBSD usbusN interfaces.
Add a LINKTYPE/DLT_ value for FreeBSD USB.
Go back to using PCAP_API on Windows.
CMake support
Add TurboCap support from WinPcap.
Recognize 802.1ad nested VLAN tag in vlan filter.
Thursday Sep. 3, 2015 [email protected]
Summary for 1.7.5 libpcap release
Man page cleanups.
Add some allocation failure checks.
Fix a number of Linux/ucLinux configure/build issues.
Fix some memory leaks.
Recognize 802.1ad nested VLAN tag in vlan filter.
Fix building Bluetooth Linux Monitor support with BlueZ 5.1+
Saturday Jun. 27, 2015 [email protected]
Summary for 1.7.4 libpcap release
Include fix for GitHub issue #424 -- out of tree builds.
Friday Apr. 10, 2015 [email protected]
Summary for 1.7.3 libpcap release
Work around a Linux bonding driver bug.
Thursday Feb. 12, 2015 [email protected]/[email protected]
Summary for 1.7.2 libpcap release
Support for filtering Geneve encapsulated packets.
Generalize encapsulation handling, fixing some bugs.
Don't add null addresses to address lists.
Add pcap_dump_open_append() to open for appending.
Fix the swapping of isochronous descriptors in Linux USB.
Attempt to handle TPACKET_V1 with 32-bit userland and 64-bit kernel.
Wednesday Nov. 12, 2014 [email protected]/[email protected]
Summary for 1.7.0 libpcap release
Fix handling of zones for BPF on Solaris
new DLT for ZWAVE
clarifications for read timeouts.
Use BPF extensions in compiled filters, fixing VLAN filters
some fixes to compilation without stdint.h
EBUSY can now be returned by SNFv3 code.
Fix the range checks in BPF loads
Various DAG fixes.
Various Linux fixes.
Monday Aug. 12, 2014 [email protected]
Summary for 1.6.2 libpcap release
Don't crash on filters testing a nonexistent link-layer type
field.
Fix sending in non-blocking mode on Linux with memory-mapped
capture.
Fix timestamps when reading pcap-ng files on big-endian
machines.
Saturday Jul. 19, 2014 [email protected]
Summary for 1.6.1 libpcap release