[Snort-users] ANNOUNCE: WinPcap 4.0 alpha1 has been released

Gianluca Varenni gianluca.varenni at ...13809...
Wed May 10 14:45:42 EDT 2006


WinPcap 4.0 alpha1 is available from today in the download section of the
WinPcap website, http://www.winpcap.org/install/.

This release includes major changes to several modules in the Windows NTx
driver. This effort is aimed at improving the reliability of WinPcap when an
adapter is disabled or "repaired" while a WinPcap-based application is
running, and was prompted by a number of system crash reports from our
users. This extensive rewriting is the main reason why we decided to move to
version 4.0.

This new release of WinPcap has been thoroughly tested internally. However,
due to the extensive modifications to the kernel driver code, we feel that a
testing period from the WinPcap community is necessary to guarantee a level
of stability comparable with WinPcap 3.1. We encourage everyone to play with
this new version and report any problems on the various WinPcap mailing
lists.

Other modifications include
- a new flag to pcap_open() to avoid capturing packets transmitted by the
  same WinPcap adapter instance.
- merging of the 64bit code on the main trunk.

The complete change log is attached at the end of this message.
Enjoy!

Gianluca Varenni
WinPcap Team



Changelog
=========

- Various modifications to the Windows NTx driver npf.sys:
  + General rewriting of all the functions dispatching the
    open/close/cleanup/bind/unbind requests from the operating system.
    This should should solve a number of crashes when an adapter is
    disabled, removed or "repaired".
  + Rewrote the IOCTL dispatcher managing the NDIS_REQUESTs to the driver.
    This should solve a number of crashes dispatching an NDIS_REQUEST when
    the adapter has been removed/disabled.
  + Rewrote several parts of the tracing code.
  + Moved from named to unnamed events for the shared read events. This fix
    solves a large number of issues with the closing of handles.
  + Merged the x86-64 modifications into the main trunk.
  + Cleaned up the compilation scripts.

- Added all the new tracing infrastructure into packet.dll NTx version.

- Removed the ODS and ODSEx macros from the packet32.h include files, as
  they are private debugging macros.

- Updated some parts of the documentation related to the compilation of
  WinPcap and related samples under Visual Studio 6.

- Cleaned up the installer:
  + added more error checking and reporting when the driver and remote
    capture capture service are not installed correctly.
  + removed the 'dial-home' page at the beginning of the installation.
  + Cleaned up some error messages in the message boxes.

- Added support for remote capture into pcap_dispatch(). Thanks to Guy
  Harris for the patch.

- Added the PCAP_OPENFLAG_NOCAPTURE_LOCAL to pcap_open(). This flag
  instructs an adapter not to capture the packets sent by itself, and is
  useful to build applications like network bridges.

- Added the UserBridge sample application, that implements a user-level
  bridge between two winpcap interfaces.

- Bug fixing:
  + [From Guy Harris]; PacketSetReadEventTimeout had some bugs in the DAG
    code path (INFINITE vs. IMMEDIATE timeouts were messed up).
  + Added some check to verify the result of MmGetSystemAddressForMdl(Safe).
  + Minor fixes to remove some PREfast warnings in the compilation of the
    npf.sys driver.
  + Minor patches to properly compile packet.dll and wpcap.dll under Cygnus
    and MingW32. Thanks to "deadchicken" for the patches.
  + Added a patch to set the last error to ERROR_INSUFFICIENT_BUFFER if the
    buffer passed to PacketGetAdapterNames is too small.
  + Fixed a couple of buffer overruns while creating the device name to be
    opened with CreateFile.
  + Fixed a couple of buffer overruns while copying the devices within
    AddAdapter(). Added a check to prevent copying truncated names in
    adapter names in ADAPTER_INFO (if the adapter name is too long, we
    simply skip it).
  + Fixed a couple of memory leaks found in AddAdapter() by Real Blanchet.
  + Fixed a bug that prevented WinPcap 3.2a1 to work correctly on Windows
    9x.

=========





More information about the Snort-users mailing list