Wireshark-dev: [Wireshark-dev] [ANNOUNCE] WinPcap 4.1 has been released
From: "Gianluca Varenni" <[email protected]>
Date: Tue, 20 Oct 2009 09:27:53 -0700
As of today, WinPcap 4.1 is available in the download section of the WinPcap website. This release contains a large series of improvements that were gradually added to WinPcap during the various beta's. First of all, this version includes full support for x64 platforms, both in the driver and in the user level libraries. Also, the long awaited support for Windows 7 (and Windows Server 2008 R2) has been added to the long list of supported flavors of Windows. The installer has been greatly improved and partially rewritten to better handle error conditions and non-standard Windows configurations. Finally, it included the latest version of libpcap (from http://www.tcpdump.org/) in the 1.0 branch. Full details of the changes can be found in the change log below. As always, we profoundly thank all the users that tested the development versions of WinPcap 4.1. Thanks! Gianluca Varenni WinPcap Team Changelog from WinPcap 4.1 beta5 ================================ - Several fixes and updates to the installer: + Added installation support for Windows 7 and Server 2008 R2 + Added a new wizard page to choose if the driver should be started automatically on boot. + Fixed some issues when upgrading WinPcap on Windows Vista and Server 2008 x64. + Better handle errors when Microsoft NetMon 2.x is not available. + Better detection of the target operating system, especially when the installer is run in compatibility mode. - wpcap.dll has been updated to the 1.0 branch of libpcap from http://www.tcpdump.org. - Updated the tools used for the compilation (WDK 6001.18002). - Bug fixing: + Exported pcap_setdirection() + Fixed a bug in the compilation of rpcapd. This bug was causing the daemon not to capture any packets. Changelog between WinPcap 4.1 beta4 and WinPcap 4.1 beta5 ========================================================== - Starting from this build, WinPcap is completely compiled with Visual Studio 2005 SP1 (in order to have a single build environment for x86 and x64) and WDK6000. While the projects for Visual Studio 6 are still available in the source package, they are no longer maintained. - wpcap.dll has been updated to libpcap 1.0.0 from http://www.tcpdump.org. - The new VS2005 project files for wpcap.dll and packet.dll have been simplified a lot (i.e. less configurations!). - Big parts of the installer have been rewritten and cleaned up to account for the x64 binaries installation. - The old WanPacket DLL has been removed. The code has been merged into packet.dll. - The developer's pack includes LIB files for both x86 and x64 (for Visual Studio). At the moment we don't have the LIB files for Cygwin under x64. - The samples have been ported to Visual Studio 2005, and they compile for both x86 and x64 architectures. The old Visual Studio 6 projects are still available but not actively maintained. - Bug fixing: + Fixed the remote code to make it compile properly on Linux. + Fixed a problem with the icon in the windows control panel. + Fixed an installation bug under x64 for rpcapd.exe. When installing rpcapd on an x64 machine, the executable is located in c:\program files (x86), not in c:\program files. + Support an indefinite number of IP (v4 and v6) addresses associated with an adapter. + Check that IPv4 is bound to an adapter before getting the IPv4 addresses from the registry. + Fixed several compilation warnings in the samples. + Exported pcap_hopen_offline. + Added a missing definition of HAVE_UINT64 in the bittypes.h. + Fixed a bug in the filtering code for TurboCap adapters. The snaplen was completely ignored. Changelog between WinPcap 4.1 beta3 and WinPcap 4.1 beta4 ========================================================== - Added support for the CACE TurboCap boards within wpcap.dll. - (from libpcap) Added the new functions pcap_create(), pcap_activate(), pcap_set_XXX() (still not completely documented on Windows). - (from libpcap) Added support for various MAC addresses' syntaxes. Now the following syntaxes are supported: + 00:11:22:33:44:55 + 00-11-22-33-44-55 + 00.11.22.33.44.55 + 001122334455. - Bug fixing: + Use FILE_DEVICE_SECURE_OPEN as a parameter to IoCreateDevice() when creating the I/O device from within the driver on the OSes that support it. + Fixed a bug in pcap_open_live() and pcap_activate(). They were failing if called on a local adapter with the syntax rpcap://\\Device.... + Added a missing input buffer check in the read handler of the driver when working in statistics mode. + Optimized the code in the driver that handles the BIOCGSTATS control code (map only the needed portion of the user buffer into an MDL). + Fixed a possible memory leak in one of the error paths of the driver when enumerating the available adapters. + Cleaned up some global variable names in the driver. Changelog between WinPcap 4.1 beta2 and WinPcap 4.1 beta3 ========================================================== - (from libpcap) Make some arguments of some pcap functions const pointers if that makes sense. - (from libpcap) Add some additional checks to bpf_validate(), from OpenBSD. - (from libpcap) Use bpf_validate() in install_bpf_program(), so we validate programs even when they're being processed by userland filters. - (from libpcap) Get rid of BPF_MAXINSNS - we don't have a limit on program size in libpcap/WinPcap. - (from libpcap) Support for the "addr1", "addr2", "addr3", and "addr4" link-layer address filtering keywords for 802.11. - (from libpcap) Support for filtering over 802.11 frame types with the keywords "type" and "subtype". - Bug fixing: + Fixed a bug when generating wireless filters in the form "link src host ...". The source address was not retrieved properly. + Added some more logic in the installer to account for errors while installing the Network Monitor component (NetMon). If NetMon is not available, we install a version of packet.dll that doesn't depend on it. + Fixed two bugs in the original OpenBSD filter validation code, one that caused it to reject all filters that used multiply instructions, and another that caused it to reject all filters that used divide instructions. + Fixed a bug in the filter engine in the driver. When the packet to filter is split into two buffers, under some circumstances the engine was not checking the right bytes in the packet. Changelog between WinPcap 4.1 beta and WinPcap 4.1 beta2 ========================================================= - Disabled support for monitor mode (also called TME, Table Management Extensions) in the driver. This module suffers from several security vulnerabilities that could result in BSODs or privilege escalation attacks. This fix addresses a security vulnerability reported by the iDefense Labs at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Added a small script to integrate the libpcap sources into the WinPcap tree automatically. - Moved the definition of all the I/O control codes to ioctls.h. - Cleaned up and removed some build scripts for the developer's pack. - Migrated the driver compilation environment to WDK 6000. - Enabled PreFAST driver compilation for the x64 build. - Added some doxygen directives to group the IOCTL codes and JIT definitions in proper groups. - Integrated the IOCTL codes into one single set shared by packet.dll and driver. - Modified the installer to return the win32 error code instead of -1 in case of failure in the error messages. - Added some #define directives to selectively disable the TME functionality for WAN (i.e. Netmon-assisted) devices. - Added a VS2005 project to easily edit the files of the driver. - Removed some useless #include directives in the driver and packet.dll. - Migrated several conditional directives (#ifdef/#endif) to the defines of the DDK/WDK e.g. _X86_ and _AMD64_. - Added a check to warn users that remote-ext.h should not be included directly. - Removed ntddndis.h from the WinPcap sources. It's included into the Microsoft Platform SDK. - Removed devioctl.h from the WinPcap sources. It's included into the Microsoft DDK/WDK. - Removed ntddpack.h from the WinPcap sources. It's an old header file from the original DDK Packet sample, and it's not used by WinPcap. - Removed several useless files from the WinPcap developer's pack: + all the TME extension header files + devioctl.h + gnuc.h + ntddndis.h + ntddpack.h + pcap-int.h. - Bug fixing: + Fixed a possible buffer overrun on x64 machines with more that 32 CPUs/cores. + Fixed an implicit cast problem compiling the driver on x64. + Fixed a bug in the installer causing a mis-detection of a previous WinPcap installation. + Fixed two bugs related to memory deallocation in packet.dll. We were using free() instead of GlobalFreePtr(), and there was a missing check as to when to deallocate a chunk of memory. + Added a missing NULL pointer check in pcap_open(). + Moved a misplaced #ifdef WIN32 in pcap_open(). + Fixed a bug in the send routine of the driver that could cause a crash under low resources conditions. Changelog between WinPcap 4.0.1 and WinPcap 4.1 beta ===================================================== - Added support for the Per Packet Info (PPI) link type. - wpcap.dll has been updated to the libpcap 0.9.6 branch from http://www.tcpdump.org. - Bug fixing: + Fixed a bug in pcap_open_live() by which we were silently ignoring a failure when switching into promiscuous mode. This fix solves the outstanding issue of wireless cards that fail to go into promiscuous mode and do not capture any packet. + Experimental fixes to the BPF compiler (pcap_compile()) to better support filters over 802.11. + Minor fixes to remove several PFD (PreFAST for Drivers) warnings. + (from libpcap 0.9.6) added additional filter operations for 802.11 frame types + (from libpcap 0.9.6) fixes to discard unread packets when changing filters.
- Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64
- Next by Date: Re: [Wireshark-dev] regarding ethereal among wireshark info pages
- Previous by thread: Re: [Wireshark-dev] Can't build devel 1.3.0 version under Ubuntu Jaunty ...
- Next by thread: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the capture