1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
|
@(#) $Header: /tcpdump/master/libpcap/CHANGES,v 1.59.2.13 2007/09/12 22:40:04 ken Exp $ (LBL)
Mon. September 10, 2007. ken@xelerance.com. Summary for 0.9.8 libpcap release
Change build process to put public libpcap headers into pcap subir
DLT: Add value for IPMI IPMB packets
DLT: Add value for u10 Networks boards
Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
libpcap files on an OS other than where the file was generated
Wed. July 23, 2007. mcr@xelerance.com. Summary for 0.9.7 libpcap release
FIXED version file to be 0.9.7 instead of 0.9.5.
added flags/configuration for cloning bpf device.
added DLT_MTP2_WITH_PHDR support (PPI)
"fix" the "memory leak" in icode_to_fcode() -- documentation bug
Various link-layer types, with a pseudo-header, for SITA http://www.sita.aero/
introduces support for the DAG ERF type TYPE_COLOR_MC_HDLC_POS.
Basic BPF filtering support for DLT_MTP2_WITH_PHDR is also added.
check for IPv4 and IPv6, even for DLT_RAW
add support for DLT_JUNIPER_ISM
Pick up changes from NetBSD: many from tron, christos, drochner
Allocate DLT_ for 802.15.4 without any header munging, for Mikko Saarnivala.
Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header
Wed. April 25, 2007. ken@xelerance.com. Summary for 0.9.6 libpcap release
Put the public libpcap headers into a pcap subdirectory in both the
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for
backwards compatibility.
Add Bluetooth support
Add USB capturing support on Linux
Add support for the binary USB sniffing interface in Linux
Add support for new FreeBSD BIOCSDIRECTION ioctl
Add additional filter operations for 802.11 frame types
Add support for filtering on MTP2 frame types
Propagate some changes from the main branch, so the x.9 branch has
all the DLT_ and LINKTYPE_ values that the main branch does
Reserved a DLT_ and SAVEFILE_ value for PPI (Per Packet Info)
encapsulated packets
Add LINKTYPE_ for IEEE 802.15.4, with address fields padded as done
by Linux drivers
Add LINKTYPE_ value corresponding to DLT_IEEE802_16_MAC_CPS.
Add DLT for IEEE 802.16 (WiMAX) MAC Common Part Sublayer
Add DLT for Bluetooth HCI UART transport layer
When building a shared library, build with "-fPIC" on Linux to support x86_64
Link with "$(CC) -shared" rather than "ld -shared" when building a
".so" shared library
Add support for autoconf 2.60
Fixes to discard unread packets when changing filters
Changes to handle name changes in the DAG library resulting from
switching to libtool.
Add support for new DAG ERF types.
Add an explicit "-ldag" when building the shared library, so the DAG
library dependency is explicit.
Mac OSX fixes for dealing with "wlt" devices
Fixes in add_or_find_if() & pcap_findalldevs() to optimize generating
device lists
Fixed a bug in pcap_open_live(). The return value of PacketSetHwFilter
was not checked.
Tue. September 19, 2006. ken@xelerance.com. Summary for 0.9.5 libpcap release
Support for LAPD frames with vISDN
Support for ERF on channelized T1/E1 cards via DAG API
Fix capitalization that caused issues crossc compiling on Linux
Better failure detection on PacketGetAdapterNames()
Fixes for MPLS packet generation (link layer)
OP_PACKET now matches the beginning of the packet, instead of
beginning+link-layer
Add DLT/LINKTYPE for carrying FRF.16 Multi-link Frame Relay
Fix allocation of buffer for list of link-layer types
Added a new DLT and LINKTYPE value for ARINC 653 Interpartition Communcation Messages
Fixed a typo in a DLT value: it should start with DLT_ and not LINKTYPE_
Redefined DLT_CAN20B and LINKTYPE_CAN20B as #190 (as this is the right value for CAN).
Added definition for DLT_A429 and LINKTYPE_A429 as #184.
Added a new DLT and LINKTYPE value for CAN v2.0B frames.
Add support for DLT_JUNIPER_VP.
Don't double-count received packets on Linux systems that
support the PACKET_STATISTICS getsockopt() argument on
PF_PACKET sockets.
Add support for DLT_IEEE802_11 and DLT_IEEE802_11_RADIO link
layers in Windows
Add support to build libpcap.lib and wpcap.dll under Cygnus and
MingW32.
Mon. September 5, 2005. ken@xelerance.com. Summary for 0.9.4 libpcap release
Support for radiotap on Linux (Mike Kershaw)
Fixes for HP-UX
Support for additional Juniper link-layer types
Fixes for filters on MPLS-encapsulated packets
"vlan" filter fixed
"pppoed" and "pppoes" filters added; the latter modifies later
parts of the filter expression to look at the PPP headers and
headers in the PPP payload
Tue. July 5, 2005. ken@xelerance.com. Summary for 0.9.3 libpcap release
Fixes for compiling on nearly every platform,
including improved 64bit support
MSDOS Support
Add support for sending packets
OpenBSD pf format support
IrDA capture (Linux only)
Tue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
Fixed minor problem in gencode.c that would appear on 64-bit
platforms.
Version number is now sane.
Mon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
updates for autoconf 2.5
fixes for ppp interfaces for freebsd 4.1
pcap gencode can generate code for 802.11, IEEE1394, and pflog.
Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 0.8 release
added pcap_findalldevs()
Win32 patches from NetGroup, Politecnico di Torino (Italy)
OpenBSD pf, DLT_PFLOG added
Many changes to ATM support.
lookup pcap_lookupnet()
Added DLT_ARCNET_LINUX, DLT_ENC, DLT_IEEE802_11_RADIO, DLT_SUNATM,
DLT_IP_OVER_FC, DLT_FRELAY, others.
Sigh. More AIX wonderfulness.
Document updates.
Changes to API: pcap_next_ex(), pcap_breakloop(), pcap_dump_flush(),
pcap_list_datalinks(), pcap_set_datalink(),
pcap_lib_version(), pcap_datalink_val_to_name(),
pcap_datalink_name_to_val(), new error returns.
Tuesday, February 25, 2003. fenner@research.att.com. 0.7.2 release
Support link types that use 802.2 always, never, and sometimes.
Don't decrease the size of the BPF buffer from the default.
Support frame relay.
Handle 32-bit timestamps in DLPI, and pass the right buffer size.
Handle Linux systems with modern kernel but without
SOL_PACKET in the userland headers.
Linux support for ARPHRD_RAWHDLC.
Handle 32-bit timestamps in snoop.
Support eg (Octane/O2xxx/O3xxx Gigabit) devices.
Add new reserved DLT types.
Monday October 23, 2001. mcr@sandelman.ottawa.on.ca. Summary for 0.7 release
Added pcap_findalldevs() call to get list of interfaces in a MI way.
pcap_stats() has been documented as to what its counters mean on
each platform.
Tuesday January 9, 2001. guy@alum.mit.edu. Summary for 0.6 release
New Linux libpcap implementation, which, in 2.2 and later
kernels, uses PF_PACKET sockets and supports kernel packet
filtering (if compiled into the kernel), and supports the "any"
device for capturing on all interfaces. Cleans up promiscuous
mode better on pre-2.2 kernels, and has various other fixes
(handles 2.4 ARPHRD_IEEE802_TR, handles ISDN devices better,
doesn't show duplicate packets on loopback interface, etc.).
Fixed HP-UX libpcap implementation to correctly get the PPA for
an interface, to allow interfaces to be opened by interface name.
libpcap savefiles have system-independent link-layer type values
in the header, rather than sometimes platform-dependent DLT_
values, to make it easier to exchange capture files between
different OSes.
Non-standard capture files produced by some Linux tcpdumps, e.g.
the one from Red Hat Linux 6.2 and later, can now be read.
Updated autoconf stock files.
Filter expressions can filter on VLAN IDs and various OSI
protocols, and work on Token Ring (with non-source-routed
packets).
"pcap_open_dead()" added to allow compiling filter expressions
to pcap code without opening a capture device or capture file.
Header files fixed to allow use in C++ programs.
Removed dependancy on native headers for packet layout.
Removed Linux specific headers that were shipped.
Security fixes: Strcpy replaced with strlcpy, sprintf replaced
with snprintf.
Fixed bug that could cause subsequent "pcap_compile()"s to fail
erroneously after one compile failed.
Assorted other bug fixes.
README.aix and README.linux files added to describe
platform-specific issues.
"getifaddrs()" rather than SIOCGIFCONF used, if available.
v0.5 Sat Jun 10 11:09:15 PDT 2000
itojun@iijlab.net
- Brought in KAME IPv6/IPsec bpf compiler.
- Fixes for NetBSD.
- Support added for OpenBSD DLT_LOOP and BSD/OS DLT_C_HDLC (Cisco HDLC),
and changes to work around different BSDs having different DLT_ types
with the same numeric value.
Assar Westerlund <assar@sics.se>
- Building outside the source code tree fixed.
- Changed to write out time stamps with 32-bit seconds and microseconds
fields, regardless of whether those fields are 32 bits or 64 bits in
the OS's native "struct timeval".
- Changed "pcap_lookupdev()" to dynamically grow the buffer into which
the list of interfaces is read as necessary in order to hold the
entire list.
Greg Troxel <gdt@ir.bbn.com>
- Added a new "pcap_compile_nopcap()", which lets you compile a filter
expression into a BPF program without having an open live capture or
capture file.
v0.4 Sat Jul 25 12:40:09 PDT 1998
- Fix endian problem with DLT_NULL devices. From FreeBSD via Bill
Fenner (fenner@parc.xerox.com)
- Fix alignment problem with FDDI under DLPI. This was causing core
dumps under Solaris.
- Added configure options to disable flex and bison. Resulted from a
bug report by barnett@grymoire.crd.ge.com (Bruce Barnett). Also added
options to disable gcc and to force a particular packet capture type.
- Added support for Fore ATM interfaces (qaa and fa) under IRIX. Thanks
to John Hawkinson (jhawk@mit.edu)
- Change Linux PPP and SLIP to use DLT_RAW since the kernel does not
supply any "link layer" data.
- Change Linux to use SIOCGIFHWADDR ioctl to determine link layer type.
Thanks to Thomas Sailer (sailer@ife.ee.ethz.ch)
- Change IRIX PPP to use DLT_RAW since the kernel does not supply any
"link layer" data.
- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
formats.
- Added some new SGI snoop interface types. Thanks to Steve Alexander
(sca@refugee.engr.sgi.com)
- Fixes for HP-UX 10.20 (which is similar to HP-UX 9). Thanks to
Richard Allen (ra@hp.is) and Steinar Haug (sthaug@nethelp.no)
- Fddi supports broadcast as reported by Jeff Macdonald
(jeff@iacnet.com). Also correct ieee802 and arcnet.
- Determine Linux pcap buffer size at run time or else it might not be
big enough for some interface types (e.g. FDDI). Thanks to Jes
Sorensen (Jes.Sorensen@cern.ch)
- Fix some linux alignment problems.
- Document promisc argument to pcap_open_live(). Reported by Ian Marsh
(ianm@sics.se)
- Support Metricom radio packets under Linux. Thanks to Kevin Lai
(laik@gunpowder.stanford.edu)
- Bind to interface name under Linux to avoid packets from multiple
interfaces on multi-homed hosts. Thanks to Kevin Lai
(laik@gunpowder.stanford.edu)
- Change L_SET to SEEK_SET for HP-UX. Thanks to Roland Roberts
(rroberts@muller.com)
- Fixed an uninitialized memory reference found by Kent Vander Velden
(graphix@iastate.edu)
- Fixed lex pattern for IDs to allow leading digits. As reported by
Theo de Raadt (deraadt@cvs.openbsd.org)
- Fixed Linux include file problems when using GNU libc.
- Ifdef ARPHRD_FDDI since not all versions of the Linux kernel have it.
Reported reported by Eric Jacksch (jacksch@tenebris.ca)
- Fixed bug in pcap_dispatch() that kept it from returning on packet
timeouts.
- Changed ISLOOPBACK() macro when IFF_LOOPBACK isn't available to check
for "lo" followed by an eos or digit (newer versions of Linux
apparently call the loopback "lo" instead of "lo0").
- Fixed Linux networking include files to use ints instead of longs to
avoid problems with 64 bit longs on the alpha. Thanks to Cristian
Gafton (gafton@redhat.com)
v0.3 Sat Nov 30 20:56:27 PST 1996
- Added Linux support.
- Fixed savefile bugs.
- Solaris x86 fix from Tim Rylance (t.rylance@elsevier.nl)
- Add support for bpf kernel port filters.
- Remove duplicate atalk protocol table entry. Thanks to Christian
Hopps (chopps@water.emich.edu)
- Fixed pcap_lookupdev() to ignore nonexistent devices. This was
reported to happen under BSD/OS by David Vincenzetti
(vince@cryptonet.it)
- Avoid solaris compiler warnings. Thanks to Bruce Barnett
(barnett@grymoire.crd.ge.com)
v0.2.1 Sun Jul 14 03:02:26 PDT 1996
- Fixes for HP-UX 10. Thanks in part to to Thomas Wolfram
(wolf@prz.tu-berlin.de) and Rick Jones (raj@hpisrdq.cup.hp.com)
- Added support for SINIX. Thanks to Andrej Borsenkow
(borsenkow.msk@sni.de)
- Fixes for AIX (although this system is not yet supported). Thanks to
John Hawkinson (jhawk@mit.edu)
- Use autoconf's idea of the top level directory in install targets.
Thanks to John Hawkinson.
- Add missing autoconf packet capture result message. Thanks to Bill
Fenner (fenner@parc.xerox.com)
- Fixed padding problems in the pf module.
- Fixed some more alignment problems on the alpha.
- Added explicit netmask support. Thanks to Steve Nuchia
(steve@research.oknet.com)
- Fixed to handle raw ip addresses such as 0.0.0.1 without "left
justifing"
- Add "sca" keyword (for DEC cluster services) as suggested by Terry
Kennedy (terry@spcvxa.spc.edu)
- Add "atalk" keyword as suggested by John Hawkinson.
- Add "igrp" keyword.
- Fixed HID definition in grammar.y to be a string, not a value.
- Use $CC when checking gcc version. Thanks to Carl Lindberg
(carl_lindberg@blacksmith.com)
- Removed obsolete reference to pcap_immediate() from the man page.
Michael Stolarchuk (mts@terminator.rs.itd.umich.edu)
- DLT_NULL has a 4 byte family header. Thanks to Jeffrey Honig
(jch@bsdi.com)
v0.2 Sun Jun 23 02:28:42 PDT 1996
- Add support for HP-UX. Resulted from code contributed by Tom Murray
(tmurray@hpindck.cup.hp.com) and Philippe-Andri Prindeville
(philipp@res.enst.fr)
- Update INSTALL with a reminder to install include files. Thanks to
Mark Andrews (mandrews@aw.sgi.com)
- Fix bpf compiler alignment bug on the alpha.
- Use autoconf to detect architectures that can't handle misaligned
accesses.
- Added loopback support for snoop. Resulted from report Steve
Alexander (sca@engr.sgi.com)
v0.1 Fri Apr 28 18:11:03 PDT 1995
- Fixed compiler and optimizer bugs. The BPF filter engine uses unsigned
comparison operators, while the code generator and optimizer assumed
signed semantics in several places. Thanks to Charlie Slater
(cslater@imatek.com) for pointing this out.
- Removed FDDI ifdef's, they aren't really needed. Resulted from report
by Gary Veum (veum@boa.gsfc.nasa.gov).
- Add pcap-null.c which allows offline use of libpcap on systems that
don't support live package capture. This feature resulting from a
request from Jan van Oorschot (j.p.m.voorschot@et.tudelft.nl).
- Make bpf_compile() reentrant. Fix thanks to Pascal Hennequin
(Pascal.Hennequin@hugo.int-evry.fr).
- Port to GNU autoconf.
- Fix pcap-dlpi.c to work with isdn. Resulted from report by Flemming
Johansen (fsj@csd.cri.dk).
- Handle multi-digit interface unit numbers (aka ppa's) under dlpi.
Resulted from report by Daniel Ehrlich (ehrlich@cse.psu.edu).
- Fix pcap-dlpi.c to work in non-promiscuous mode. Resulted from report
by Jeff Murphy (jcmurphy@acsu.buffalo.edu).
- Add support for "long jumps". Thanks to Jeffrey Mogul
(mogul@pa.dec.com).
- Fix minor problems when compiling with BDEBUG as noticed by Scott
Bertilson (scott@unet.umn.edu).
- Declare sys_errlist "const char *const" to avoid problems under
FreeBSD. Resulted from report by jher@eden.com.
v0.0.6 Fri Apr 28 04:07:13 PDT 1995
- Add missing variable declaration missing from 0.0.6
v0.0.5 Fri Apr 28 00:22:21 PDT 1995
- Workaround for problems when pcap_read() returns 0 due to the timeout
expiring.
v0.0.4 Thu Apr 20 20:41:48 PDT 1995
- Change configuration to not use gcc v2 flags with gcc v1.
- Fixed a bug in pcap_next(); if pcap_dispatch() returns 0, pcap_next()
should also return 0. Thanks to Richard Stevens (rstevens@noao.edu).
- Fixed configure to test for snoop before dlpi to avoid problems under
IRIX 5. Thanks to J. Eric Townsend (jet@abulafia.genmagic.com).
- Hack around deficiency in Ultrix's make.
- Fix two bugs related to the Solaris pre-5.3.2 bufmod bug; handle
savefiles that have more than snapshot bytes of data in them (so we
can read old savefiles) and avoid writing such files.
- Added checkioctl which is used with gcc to check that the
"fixincludes" script has been run.
v0.0.3 Tue Oct 18 18:13:46 PDT 1994
- Fixed configure to test for snoop before dlpi to avoid problems under
IRIX 5. Thanks to J. Eric Townsend (jet@abulafia.genmagic.com).
v0.0.2 Wed Oct 12 20:56:37 PDT 1994
- Implement timeout in the dlpi pcap_open_live(). Thanks to Richard
Stevens.
- Determine pcap link type from dlpi media type. Resulted from report
by Mahesh Jethanandani (mahesh@npix.com).
v0.0.1 Fri Jun 24 14:50:57 PDT 1994
- Fixed bug in nit_setflags() in pcap-snit.c. The streams ioctl timeout
wasn't being initialized sometimes resulting in an "NIOCSFLAGS:
Invalid argument" error under OSF/1. Reported by Matt Day
(mday@artisoft.com) and Danny Mitzel (dmitzel@whitney.hitc.com).
- Turn on FDDI support by default.
v0.0 Mon Jun 20 19:20:16 PDT 1994
- Initial release.
- Fixed bug with greater/less keywords, reported by Mark Andrews
(mandrews@alias.com).
- Fix bug where '|' was defined as BPF_AND instead of BPF_OR, reported
by Elan Amir (elan@leeb.cs.berkeley.edu).
- Machines with little-endian byte ordering are supported thanks to
Jeff Mogul.
- Add hack for version 2.3 savefiles which don't have caplen and len
swapped thanks to Vern Paxson.
- Added "&&" and "||" aliases for "and" and "or" thanks to Vern Paxson.
- Added length, inbound and outbound keywords.
|